The Consensus Security Vulnerability Alert

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

SRUM-DUMP Version 3: Uncovering Malware Activity in Forensics

Published: 2025-04-27 

Last Updated: 2025-04-28 00:21:25 UTC

by Mark Baggett (Version: 2)

For digital forensics and incident response professionals, extracting precise evidence from Windows systems is critical to understanding and mitigating threats. I'm excited to introduce SRUM-DUMP Version 3, a powerful forensic tool I've developed to analyze the Windows System Resource Usage Monitor (SRUM) database. Available on GitHub at SRUM-DUMP Repository, this version offers significant improvements, including a user-friendly GUI and customizable output. In this post, I'll guide you through using SRUM-DUMP v3Õs GUI to investigate a scenario where malware (malware<.>exe) exfiltrates intellectual property over a wireless network. We'll explore the 3-step wizard, customize the analysis to highlight malware<.>exe, and examine where it appears in the output spreadsheet and what each tab reveals about the incident ...

Read the full entry:

https://isc.sans.edu/diary/SRUMDUMP+Version+3+Uncovering+Malware+Activity+in+Forensics/31896/

Steganography Analysis With pngdump.py

Published: 2025-04-26

Last Updated: 2025-04-26 06:45:13 UTC

by Didier Stevens (Version: 1)

I like it when a diary entry like "Example of a Payload Delivered Through Steganography" (https://isc.sans.edu/diary/Example+of+a+Payload+Delivered+Through+Steganography/31892/) is published: it gives me an opportunity to test my tools, in particular pngdump.py, a tool to analyze PNG files.

A PNG file consists of a header followed by chunks. pngdump.py shows this ...

Read the full entry:

https://isc.sans.edu/diary/Steganography+Analysis+With+pngdumppy/31894/

More Scans for SMS Gateways and APIs

Published: 2025-04-29

Last Updated: 2025-04-29 15:25:05 UTC

by Johannes Ullrich (Version: 1)

Last week, I wrote about scans for Teltonika Networks SMS Gateways. Attackers are always looking for cheap (free) ways to send SMS messages and gain access to not-blocklisted numbers. So, I took a closer look at similar scans we have seen. 

There are numerous ways to send SMS messages; using a hardware SMS gateway is probably one of the more fancy ways to do so. Most websites use messaging services. For example, we do see scans for SMS plugins for WordPress:

These scans look for style sheet files (.css) that are part of the respective plugins. It is fair to assume that if the respective style sheet is present, the attacker will attempt to obtain access to the site ...

Read the full entry: https://isc.sans.edu/diary/More+Scans+for+SMS+Gateways+and+APIs/31902/

Web Scanning SonicWall for CVE-2021-20016 (2025.04.29)

https://isc.sans.edu/diary/Web+Scanning+Sonicwall+for+CVE202120016/31906/

Example of a Payload Delivered Through Steganography (2025.04.25)

https://isc.sans.edu/diary/Example+of+a+Payload+Delivered+Through+Steganography/31892/

Attacks against Teltonika Networks SMS Gateways (2025.04.24)

https://isc.sans.edu/diary/Attacks+against+Teltonika+Networks+SMS+Gateways/31888/

The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

CVE-2025-31324 - SAP NetWeaver Visual Composer Metadata Uploader lacks proper authorization, enabling unauthenticated agents to upload harmful executables, compromising system security.

Product: SAP NetWeaver Visual Composer

CVSS Score: 10.0

** KEV since 2025-04-29 **

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-31324

ISC Podcast:

https://isc.sans.edu/podcastdetail/9426

NVD References: 

-

https://me.sap.com/notes/3594142

-

https://url.sap/sapsecuritypatchday

-

https://www.bleepingcomputer.com/news/security/sap-fixes-suspected-netweaver-zero-day-exploited-in-attacks/

-

https://www.theregister.com/2025/04/25/sap_netweaver_patch/

CVE-2025-34028 - Commvault Command Center Innovation Release 11.38 allows an unauthenticated actor to upload malicious ZIP files, leading to Remote Code Execution.

Product: Commvault Command Center Innovation Release

CVSS Score: 10.0

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-34028

ISC Podcast:

https://isc.sans.edu/podcastdetail/9424

NVD References:

https://documentation.commvault.com/securityadvisories/CV_2025_04_1.html

CVE-2025-3928 - Commvault Web Server allows remote, authenticated attackers to exploit unspecified vulnerabilities leading to the creation and execution of webshells, fixed in versions 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms.

Product: Commvault 

CVSS Score: 8.8

** KEV since 2025-04-28 **

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-3928

NVD References:

https://documentation.commvault.com/securityadvisories/CV_2025_03_1.html

CVE-2021-20016 - SonicWall SSLVPN SMA100 SQL Injection Vulnerability

Product: Sonicwall Sma_500V -

CVSS Score: 0

** KEV since 2021-11-03 **

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2021-20016

ISC Diary:

https://isc.sans.edu/diary/31906

CVE-2025-1976 - Brocade Fabric OS versions starting with 9.1.0 may allow a local user with admin privilege to execute arbitrary code with full root privileges.

Product: Broadcom Fabric Operating System

CVSS Score: 6.7

** KEV since 2025-04-28 **

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-1976

NVD References:

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25602

CVE-2024-58250 - The passprompt plugin in pppd in ppp before 2.5.2 mishandles privileges.

Product: ppp pppd

CVSS Score: 9.3

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2024-58250

NVD References: 

-

https://github.com/ppp-project/ppp/commit/0a66ad22e54c72690ec2a29a019767c55c5281fc

-

https://github.com/ppp-project/ppp/compare/v2.5.1...v2.5.2

-

https://ppp.samba.org

CVE-2024-40446 - An issue in forkosh Mime Tex before v.1.77 allows an attacker to execute arbitrary code via a crafted script

Product: forkosh Mime Tex

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2024-40446

NVD References: 

-

https://github.com/TaiYou-TW/CVE-2024-40445_CVE-2024-40446/

-

https://youtu.be/S3cmZkWIi6o

CVE-2025-28034 - TOTOLINK A800R, A810R, A830R, A950RG, A3000RU, and A3100R routers were found to have a pre-auth remote command execution vulnerability in the NTPSyncWithHost function.

Product: TOTOLINK A800R

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-28034

NVD References:

https://locrian-lightning-dc7.notion.site/CVE-2025-28034-RCE2-1a98e5e2b1a280bebf53d868f1b1a711

CVE-2025-28024 - TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in the cstecgi.cgi

Product: TOTOLINK A810R

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-28024

NVD References:

https://locrian-lightning-dc7.notion.site/BufferOverflow5-1978e5e2b1a2800caaced7ae3fb4783c

CVE-2025-28037 - TOTOLINK A810R V4.1.2cu.5182_B20201026 and A950RG V4.1.2cu.5161_B20200903 have a pre-auth remote command execution vulnerability via the ipDomain parameter in the setDiagnosisCfg function.

Product: TOTOLINK A810R

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-28037

NVD References:

https://locrian-lightning-dc7.notion.site/RCE3-1ad8e5e2b1a280e192e8cff9fef896cc

CVE-2025-28035 - TOTOLINK A830R V4.1.2cu.5182_B20201102 is susceptible to a pre-auth remote command execution vulnerability via the NoticeUrl parameter in the setNoticeCfg function.

Product: TOTOLINK A830R

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-28035

NVD References:

https://locrian-lightning-dc7.notion.site/CVE-2025-28035-CVE-2025-28036-RCE1-1a98e5e2b1a28081880dd817104b3af4

CVE-2025-28036 - TOTOLINK A950RG V4.1.2cu.5161_B20200903 is vulnerable to remote command execution via the NoticeUrl parameter in the setNoticeCfg function.

Product: TOTOLINK A950Rg

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-28036

NVD References:

https://locrian-lightning-dc7.notion.site/CVE-2025-28035-CVE-2025-28036-RCE1-1a98e5e2b1a28081880dd817104b3af4

CVE-2025-28038 - TOTOLINK EX1200T V4.1.2cu.5232_B20210713 is vulnerable to a pre-auth remote command execution due to a flaw in the setWebWlanIdx function.

Product: TOTOLINK EX1200T

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-28038

NVD References:

https://locrian-lightning-dc7.notion.site/RCE1-1ad8e5e2b1a28030a1c8febac89935a0

CVE-2025-28039 - The TOTOLINK EX1200T V4.1.2cu.5232_B20210713 router has a pre-auth remote command execution vulnerability in the setUpgradeFW function.

Product: TOTOLINK EX1200T

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-28039

NVD References:

https://locrian-lightning-dc7.notion.site/RCE2-1ad8e5e2b1a280fbb0cacc7e758e7299

CVE-2025-1950 - IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands due to improper library validation.

Product: IBM Hardware Management Console - Power Systems

CVSS Score: 9.3

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-1950

NVD References:

https://www.ibm.com/support/pages/node/7231507

CVE-2023-43958 - Hospital Management System v4.0 is susceptible to an arbitrary file upload vulnerability in /jquery-file-upload/server/php/index.php that enables unauthenticated attackers to execute arbitrary code.

Product: Hospital Management System v4.0

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2023-43958

NVD References:

https://flashy-lemonade-192.notion.site/Unauthenticated-arbitrary-file-upload-via-jQuery-File-Upload-in-Hospital-Management-System-3c02c1e8ef65432686321fcbad78bb1e

CVE-2023-44752 - Student Study Center Desk Management System v1.0 allows attackers to bypass authentication by sending a crafted GET request to /php-sscdms/admin/login.php.

Product: Oretnom23 Student Study Center Desk Management System

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2023-44752

NVD References:

https://flashy-lemonade-192.notion.site/Login-Bypass-in-Student-Study-Center-Desk-Management-System-v1-0-fe410cff4fc3441ea4c5aa663225e445

CVE-2023-44755 - Sacco Management system v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /sacco/ajax.php.

Product: Sacco Management system v1.0

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2023-44755

NVD References:

https://flashy-lemonade-192.notion.site/SQL-injection-in-Sacco-Management-system-via-password-and-id-parameter-1d85fc432de24db896446002f91acfd1

CVE-2025-43946 - TCPWave DDI 11.34P1C2 allows Remote Code Execution via Unrestricted File Upload (combined with Path Traversal).

Product: TCPWave DDI 11.34P1C2

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-43946

NVD References: 

-

https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2025-43946

-

https://tcpwave.com/ddi-dns-dhcp-ipam

CVE-2025-43949 - MuM MapEdit 24.2.3 is vulnerable to SQL Injection, enabling attackers to manipulate the web application's database server through malicious SQL statements.

Product: MuM (Mensch und Maschine) MapEdit

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-43949

NVD References: 

-

https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2025-43949

-

https://www.mum.de/produkte/mum-mapedit

CVE-2025-43951 - LabVantage allows authenticated users to retrieve arbitrary files from the environment via local file inclusion using the objectname request parameter.

Product: LabVantage LV

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-43951

NVD References: 

-

https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2025-43951

-

https://www.labvantage.com/informatics/lims/

CVE-2025-37087 - HPE Performance Cluster Manager (HPCM) is vulnerable to an attack that could allow unauthorized access to server files.

Product: Hewlett Packard Enterprise HPE Performance Cluster Manager

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-37087

NVD References:

https://support.hpe.com/hpesc/docDisplay?docLocale=en_US&docId=a00146087en_us

CVE-2025-45427, CVE-2025-45428, CVE-2025-45429 - Tenda AC9 v1.0 with firmware V15.03.05.14_multi is vulnerable to a stack overflows

Product: Tenda AC9 v1.0

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-45427

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-45428

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-45429

NVD References: 

-

https://github.com/shuqi233/loophole/blob/main/Tenda%20AC9/WifiBasicSet-security.md

-

https://github.com/shuqi233/loophole/blob/main/Tenda%20AC9/SetSysAutoRebbotCfg-rebootTime.md

-

https://github.com/shuqi233/loophole/blob/main/Tenda%20AC9/WifiWpsStart-index.md

CVE-2025-43858 - YoutubeDLSharp is vulnerable to command injection through unsafe argument conversions when starting `yt-dlp` on Windows OS with `UseWindowsEncodingWorkaround` set to true.

Product: YoutubeDLSharp yt-dlp

CVSS Score: 9.2

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-43858

NVD References: 

-

https://github.com/Bluegrams/YoutubeDLSharp/commit/b6051372bd5af30f95f73de47d9bc71c3a07de0f

-

https://github.com/Bluegrams/YoutubeDLSharp/commit/fdf3256da18d0e2da4a2f33ad4a1b72ff8273a50

-

https://github.com/Bluegrams/YoutubeDLSharp/security/advisories/GHSA-2jh5-g5ch-43q5

CVE-2025-43859 - h11's parsing leniency in HTTP/1.1 versions prior to 0.16.0 can lead to request smuggling vulnerabilities.

Product: h11 Python implementation of HTTP/1.1

CVSS Score: 9.1

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-43859

NVD References: 

-

https://github.com/python-hyper/h11/commit/114803a29ce50116dc47951c690ad4892b1a36ed

-

https://github.com/python-hyper/h11/security/advisories/GHSA-vqfr-h8mv-ghfj

CVE-2025-46271 - UNI-NMS-Lite is vulnerable to a command injection attack that could 

allow an unauthenticated attacker to read or manipulate device data.

Product: UNI-NMS Lite

CVSS Score: 9.1

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-46271

NVD References:

https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-06

CVE-2025-46273 - UNI-NMS-Lite uses hard-coded credentials that could allow an 

unauthenticated attacker to gain administrative privileges to all 

UNI-NMS managed devices.

Product: UNI-NMS-Lite

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-46273

NVD References:

https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-06

CVE-2025-46274 - UNI-NMS-Lite uses hard-coded credentials that could allow an 

unauthenticated attacker to read, manipulate and create entries in the 

managed database.

Product: UNI-NMS-Lite

UNI-NMS-Lite, product name

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-46274

NVD References:

https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-06

CVE-2025-46272 - WGS-80HPT-V2 and WGS-4215-8T2S are vulnerable to command injection attacks, allowing unauthenticated attackers to execute OS commands on the host system.

Product: Winstar WGS-80HPT-V2

CVSS Score: 9.1

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-46272

NVD References:

https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-06

CVE-2025-46275 - WGS-80HPT-V2 and WGS-4215-8T2S have a vulnerability that allows attackers to create an admin account without credentials.

Product: Winstar WGS-80HPT-V2

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-46275

NVD References:

https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-06

CVE-2025-46616 - StorNext Web GUI API before 7.2.4 allows Arbitrary Remote Code Execution through file uploads, impacting various StorNext products.

Product: Quantum StorNext Web GUI API

CVSS Score: 9.9

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-46616

NVD References:

https://www.quantum.com/en/service-support/security-bulletins/stornext-gui-multiple-security-vulnerabilities-stornext-gui-multiple-security-vulnerabilities/

CVE-2025-32432 - Craft CMS versions 3.0.0-RC1 to 3.9.15, 4.0.0-RC1 to 4.14.15, and 5.0.0-RC1 to 5.6.17 are vulnerable to remote code execution, patched in versions 3.9.15, 4.14.15, and 5.6.17 as an additional fix for CVE-2023-41892.

Product: Craft CMS

CVSS Score: 10.0

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-32432

NVD References: 

-

https://github.com/craftcms/cms/security/advisories/GHSA-f3gw-9ww9-jmc3

-

https://sensepost.com/blog/2025/investigating-an-in-the-wild-campaign-using-rce-in-craftcms/

CVE-2025-25775 - Codeastro Bus Ticket Booking System v1.0 is vulnerable to SQL injection via the kodetiket parameter in /BusTicket-CI/tiket/cekorder.

Product: Codeastro Bus Ticket Booking System

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-25775

NVD References: 

-

https://codeastro.com/bus-ticket-booking-system-in-php-codeigniter-with-source-code/

-

https://github.com/arunmodi/Vulnerability-Research/tree/main/CVE-2025-25775

CVE-2025-32980 - NETSCOUT nGeniusONE before 6.4.0 b2350 has a Weak Sudo Configuration.

Product: NETSCOUT nGeniusONE

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-32980

NVD References:

https://www.netscout.com/securityadvisories

CVE-2025-32985 - NETSCOUT nGeniusONE before 6.4.0 b2350 has Hardcoded Credentials that can be obtained from JAR files.

Product: NETSCOUT nGeniusONE

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-32985

NVD References:

https://www.netscout.com/securityadvisories

CVE-2025-3200 - Com-Server is vulnerable to interception and manipulation of encrypted communications by an unauthenticated remote attacker due to using insecure TLS 1.0 and TLS 1.1 protocols.

Product: Comtrol Com-Server

CVSS Score: 9.1

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-3200

NVD References:

https://certvde.com/en/advisories/VDE-2025-031/

CVE-2025-46661 - IPW Systems Metazo through 8.1.3 allows unauthenticated Remote Code Execution due to Server-Side Template-Injection, but all instances have been patched by the Supplier.

Product: IPW Systems Metazo

CVSS Score: 10.0

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-46661

NVD References: 

-

https://code-white.com/public-vulnerability-list/

-

https://www.ipwsystems.com/

CVE-2015-2079 - Usermin 0.980 through 1.x before 1.660 is vulnerable to remote code execution via uconfig_save.cgi due to its use of the two argument form of Perl open.

Product: Usermin 0.980 through 1.x before 1.660

CVSS Score: 9.9

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2015-2079

NVD References: 

-

https://code-white.com/blog/2015-05-cve-2015-2079-rce-usermin/

-

https://code-white.com/public-vulnerability-list/

CVE-2025-45947 - PHPGurukul Online Banquet Booking System V1.2 is vulnerable to arbitrary code execution through the /obbs/change-password.php file in the My Account - Change Password component.

Product: PHPGurukul Online Banquet Booking System V1.2

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-45947

NVD References: 

-

http://phpgurukul.com

-

https://github.com/VasilVK/CVE/blob/main/CVE-2025-45947/README.MD

CVE-2025-45949 - PHPGurukul User Registration & Login and User Management System V3.3 is vulnerable to a Session Hijacking attack due to improper handling of session data in the Change Password component.

Product: PHPGurukul User Registration & Login and User Management System V3.3

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-45949

NVD References: 

-

http://phpgurukul.com

-

https://github.com/VasilVK/CVE/blob/main/CVE-2025-45949/README.MD

CVE-2025-45953 - PHPGurukul Hostel Management System 2.1 is vulnerable to a Session Hijacking attack in the user panel's Change Password component due to improper handling of session data in the /hostel/change-password.php file.

Product: PHPGurukul Hostel Management System 2.1

CVSS Score: 9.1

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-45953

NVD References: 

-

http://phpgurukul.com

-

https://github.com/VasilVK/CVE/blob/main/CVE-2025-45953/README.MD

CVE-2025-24252 - macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4, iPadOS 18.4, and visionOS 2.4 prior to the update suffered from a use-after-free vulnerability that could allow a local network attacker to corrupt process memory.

Product: Multiple Apple products

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-24252

NVD References: 

-

https://support.apple.com/en-us/122371

-

https://support.apple.com/en-us/122372

-

https://support.apple.com/en-us/122373

-

https://support.apple.com/en-us/122374

-

https://support.apple.com/en-us/122375

-

https://support.apple.com/en-us/122377

-

https://support.apple.com/en-us/122378

CVE-2025-46348 - YesWiki allows for unauthorized site backups to be created and downloaded, potentially leading to file system overload or exposure of sensitive information.

Product: YesWiki

CVSS Score: 10.0

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-46348

NVD References: 

-

https://github.com/YesWiki/yeswiki/commit/0d4efc880a727599fa4f6d7a64cc967afe475530

-

https://github.com/YesWiki/yeswiki/security/advisories/GHSA-wc9g-6j9w-hr95

CVE-2025-32444 - vLLM is vulnerable to remote code execution due to insecure ZeroMQ sockets when integrated with mooncake versions prior to 0.8.5.

Product: mooncake, Google LLC

CVSS Score: 10.0

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-32444

NVD References: 

-

https://github.com/vllm-project/vllm/blob/32b14baf8a1f7195ca09484de3008063569b43c5/vllm/distributed/kv_transfer/kv_pipe/mooncake_pipe.py#L179

-

https://github.com/vllm-project/vllm/commit/a5450f11c95847cf51a17207af9a3ca5ab569b2c

-

https://github.com/vllm-project/vllm/security/advisories/GHSA-hj4w-hm2g-p6w5

-

https://github.com/vllm-project/vllm/security/advisories/GHSA-x3m8-f7g5-qhm7

CVE-2025-21204 - Improper link resolution before file access ('link following') in Windows Update Stack allows an authorized attacker to elevate privileges locally.

Product: Microsoft Windows Update Stack

CVSS Score: 0

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-21204

ISC Podcast:

https://isc.sans.edu/podcastdetail/9424

CVE-2025-3065 - The Database Toolset plugin is vulnerable to arbitrary file deletion leading to potential remote code execution in versions up to 1.8.4.

Product: Database Toolset plugin

Active Installations: This plugin has been closed as of April 22, 2025 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.1

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-3065

NVD References: 

-

https://plugins.trac.wordpress.org/browser/database-toolset/trunk/admin/class-database-toolset-admin.php#L109

-

https://wordpress.org/plugins/database-toolset/

-

https://www.wordfence.com/threat-intel/vulnerabilities/id/0e656123-cae4-4e0c-a80a-98526be293a8?source=cve

CVE-2025-3603 - The Flynax Bridge plugin for WordPress is vulnerable to privilege escalation via account takeover due to lack of proper user identity validation, allowing unauthenticated attackers to change passwords and gain unauthorized access.

Product: Flynax Bridge plugin for WordPress

Active Installations: This plugin has been closed as of April 22, 2025 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-3603

NVD References: 

-

https://plugins.trac.wordpress.org/browser/flynax-bridge/trunk/request.php

-

https://www.wordfence.com/threat-intel/vulnerabilities/id/fa8124db-ee6a-481d-88c6-4cc84fefcf1c?source=cve

CVE-2025-3604 - The Flynax Bridge plugin for WordPress up to version 2.2.0 allows unauthenticated attackers to change email addresses and escalate privileges through account takeover.

Product: Flynax Bridge plugin for WordPress

Active Installations: This plugin has been closed as of April 22, 2025 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-3604

NVD References: 

-

https://plugins.trac.wordpress.org/browser/flynax-bridge/trunk/request.php

-

https://www.wordfence.com/threat-intel/vulnerabilities/id/935caa43-4c75-47ad-a631-63988e21f834?source=cve

CVE-2025-46248 - Frontend Dashboard is vulnerable to SQL Injection due to improper neutralization of special elements, affecting versions from n/a through 2.2.5.

Product: M A Vinoth Kumar Frontend Dashboard

Active Installations: 700+

CVSS Score: 9.3

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-46248

NVD References:

https://patchstack.com/database/wordpress/plugin/frontend-dashboard/vulnerability/wordpress-frontend-dashboard-2-2-5-sql-injection-vulnerability?_s_id=cve

CVE-2025-46264 - Angelo Mandato PowerPress Podcasting allows unrestricted upload of file types, enabling a web shell to be uploaded to a web server.

Product: Angelo Mandato PowerPress Podcasting

Active Installations: 30,000+

CVSS Score: 9.9

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-46264

NVD References:

https://patchstack.com/database/wordpress/plugin/powerpress/vulnerability/wordpress-powerpress-podcasting-11-12-7-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2025-2470 - The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation up to version 5.1, allowing unauthenticated attackers to register an account with Administrator privileges through the 'nsl_registration_store_extra_input' function when using the Nextend Social Login plugin.

Product: Service Finder Service Finder Bookings plugin

Active Installations: Unknown. Update to version 6.0, or a newer patched version

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-2470

NVD References: 

-

https://themeforest.net/item/service-finder-service-and-business-listing-wordpress-theme/15208793

-

https://www.wordfence.com/threat-intel/vulnerabilities/id/a1f62cda-262b-46d9-a839-0a573813cfa1?source=cve

CVE-2025-2907 - The Order Delivery Date WordPress plugin before 12.3.1 is vulnerable to authorization bypass and CSRF attacks, allowing attackers to manipulate user roles and gain administrative access to the site.

Product: WordPress Order Delivery Date WordPress plugin

Active Installations: 10,000+

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-2907