SEC536: Adversarial AI - Penetration Testing AI Systems
SEC536Offensive Operations
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
VOLUME 25ISSUE 19
The Consensus Security Vulnerability Alert
Internet Storm Center Spotlight
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
Microsoft Patch Tuesday: May 2025
Published: 2025-05-13
Last Updated: 2025-05-13 17:57:17 UTC
by Johannes Ullrich (Version: 1)
Today, Microsoft released its expected update for the May patch on Tuesday. This update fixes 78 vulnerabilities. 11 are rated as critical, and 66 as important. Five of the vulnerabilities have already been exploited and two were publicly known but not yet exploited. 70 of the vulnerabilities were patched today, 8 had patches delivered earlier this month.
Notable Vulnerabilities:
CVE-2025-30397: This vulnerability is already exploited. It could lead to remote code execution if a user visits a malicious web page, but only if Edge is running in Internet Explorer mode.
https://nvd.nist.gov/vuln/detail/CVE-2025-30397
The other four already exploited vulnerabilities are all privilege escalation vulnerabilities. The two already known vulnerabilities include a remote code execution vulnerability in Visual Studio and a spoofing vulnerability in Microsoft Defender.
Most of the critical vulnerabilities affect Microsoft Office and the Remote Desktop Client.
CVE-2025-29831 could be interesting: It is only rated "important", but it is described as a remote code execution issue in Windows Remote Desktop. No authorization is required to exploit the vulnerability. Exploitation relies on a race collation which is often not reliably exploitable (but exploitable). The attack has to be triggered while the server is being restarted. This may be exploitable if a denial of service vulnerability can be used to restart the system ...
https://nvd.nist.gov/vuln/detail/CVE-2025-29831
Read the full entry:
https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+May+2025/31946/
Apple Updates Everything: May 2025 Edition
Published: 2025-05-12
Last Updated: 2025-05-12 20:30:06 UTC
by Johannes Ullrich (Version: 1)
Apple released its expected update for all its operating systems. The update, in addition to providing new features, patches 65 different vulnerabilities. Many of these vulnerabilities affect multiple operating systems within the Apple ecosystem.
Of note is CVE-2025-31200. This vulnerability is already exploited in "targeted attacks". Apple released patches for this vulnerability in mid-April for its current operating Systems (iOS 18, macOS 15, tvOS 18, and visionOS 2). This update includes patches for older versions of macOS and iPadOS/iOS ...
https://nvd.nist.gov/vuln/detail/CVE-2025-31200
Read the full entry:
https://isc.sans.edu/diary/Apple+Updates+Everything+May+2025+Edition/31942/
It Is 2025, And We Are Still Dealing With Default IoT Passwords And Stupid 2013 Router Vulnerabilities
Published: 2025-05-12
Last Updated: 2025-05-12 13:49:21 UTC
by Johannes Ullrich (Version: 1)
Unipi Technologies is a company developing programmable logic controllers for a number of different applications like home automation, building management, and industrial controls. The modules produced by Unipi are likely to appeal to a more professional audience. All modules are based on the "Marvis" platform, a customized Linux distribution maintained by Unipi.
In the last couple of days, we did observe scans for the unipi default username and password ("unipi" and "unipi.technology") in our honeypot logs. The scans originate from ... an IP address that is well-known to our database.
In addition to SSH, the IP address also scans for an ancient Netgear vulnerability from 2013, which only got a CVE number last year (CVE-2024-12847).
https://nvd.nist.gov/vuln/detail/CVE-2024-12847
Both, the SSH as well as the "Netgear" exploit attempts are executing the same commands ...
Read the full entry:
Internet Storm Center Entries
Another day, another phishing campaign abusing google.com open redirects (2025.05.14)
Steganography Challenge: My Solution (2025.05.10)
https://isc.sans.edu/diary/Steganography+Challenge+My+Solution/31912/
No Internet Access? SSH to the Rescue! (2025.05.08)
https://isc.sans.edu/diary/No+Internet+Access+SSH+to+the+Rescue/31932/
Recent CVEs
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.
CVE-2025-30397 - Microsoft Scripting Engine is vulnerable to type confusion, enabling unauthorized attackers to execute code over a network.
Product: Microsoft Scripting Engine
CVSS Score: 7.5
** KEV since 2025-05-13 **
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-30397
ISC Diary:
https://isc.sans.edu/diary/31946
NVD References:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30397
CVE-2025-30400 - Use after free in Windows DWM allows an authorized attacker to elevate privileges locally.
Product: Microsoft Windows DWM
CVSS Score: 7.8
** KEV since 2025-05-13 **
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-30400
ISC Diary:
https://isc.sans.edu/diary/31946
NVD References:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30400
CVE-2025-32701 - Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
Product: Microsoft Windows Common Log File System Driver
CVSS Score: 7.8
** KEV since 2025-05-13 **
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-32701
ISC Diary:
https://isc.sans.edu/diary/31946
NVD References:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32701
CVE-2025-32706 - Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
Product: Microsoft Windows Common Log File System Driver
CVSS Score: 7.8
** KEV since 2025-05-13 **
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-32706
ISC Diary:
https://isc.sans.edu/diary/31946
NVD References:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32706
CVE-2025-32709 - Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Product: Microsoft Windows Ancillary Function Driver for WinSock
CVSS Score: 7.8
** KEV since 2025-05-13 **
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-32709
ISC Diary:
https://isc.sans.edu/diary/31946
NVD References:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32709
CVE-2025-31200 - Apple iOS, iPadOS, macOS, and other Apple products contain a memory corruption vulnerability that allows for code execution when processing an audio stream in a maliciously crafted media file. The issue was addressed with improved bounds checking. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.
Product: Multiple Apple products
CVSS Score: N/A
** KEV since 2025-04-17 **
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-31200
ISC Diary:
https://isc.sans.edu/diary/31942
ISC Podcast:
https://isc.sans.edu/podcastdetail/9448
NVD References:
-
https://support.apple.com/en-us/122282
-
https://support.apple.com/en-us/122400
-
https://support.apple.com/en-us/122401
-
CVE-2025-47729 - The TeleMessage archiving backend stores clear copies of messages from TM SGNL app users beyond its documented end-to-end encryption capabilities, allowing exploitation.
Product: Telemessage Text Message Archiver
CVSS Score: 1.9
** KEV since 2025-05-12 **
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-47729
NVD References:
-
-
https://news.ycombinator.com/item?id=43909220
-
https://www.theregister.com/2025/05/05/telemessage_investigating/
CVE-2024-6047 - GeoVision devices have a vulnerability where unauthenticated remote attackers can inject and execute arbitrary system commands.
Product: GeoVision EOL GeoVision devices
CVSS Score: 0
** KEV since 2025-05-07 **
NVD:
CVE-2025-32756 - Fortinet FortiVoice, FortiRecorder, FortiMail, FortiNDR, and FortiCamera are vulnerable to a stack-based buffer overflow allowing remote attackers to execute arbitrary code via specially crafted HTTP requests.
Product: Multiple Fortinet products
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-32756
ISC Podcast:
https://isc.sans.edu/podcastdetail/9450
NVD References:
CVE-2025-29813 - Visual Studio is vulnerable to an elevation of privilege issue due to mishandling pipeline job tokens, allowing an attacker to extend their access to a project by swapping short-term tokens for long-term ones.
Product: Microsoft Visual Studio
CVSS Score: 10.0
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-29813
ISC Diary:
https://isc.sans.edu/diary/31946
NVD References:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29813
CVE-2025-29827 - Improper Authorization in Azure Automation allows an authorized attacker to elevate privileges over a network.
Product: Microsoft Azure Automation
CVSS Score: 9.9
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-29827
ISC Diary:
https://isc.sans.edu/diary/31946
NVD References:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29827
CVE-2025-29972 - Server-Side Request Forgery (SSRF) in Azure allows an authorized attacker to perform spoofing over a network.
Product: Microsoft Azure
CVSS Score: 9.9
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-29972
ISC Diary:
https://isc.sans.edu/diary/31946
NVD References:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29972
CVE-2025-47733 - Server-Side Request Forgery (SSRF) in Microsoft Power Apps allows an unauthorized attacker to disclose information over a network
Product: Microsoft Power Apps
CVSS Score: 9.1
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-47733
ISC Diary:
https://isc.sans.edu/diary/31946
NVD References:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47733
CVE-2025-30387 - Azure vulnerability allows unauthorized attackers to elevate privileges through improper limitation of pathnames.
Product: Azure
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-30387
ISC Diary:
https://isc.sans.edu/diary/31946
NVD References:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30387
CVE-2025-46762 - Apache Parquet 1.15.0 and previous versions allow bad actors to execute arbitrary code through schema parsing in the parquet-avro module.
Product: Apache Parquet
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-46762
NVD References:
-
https://lists.apache.org/thread/t7724lpvl110xsbgqwsmrdsns0rhycdp
-
CVE-2025-40620 through CVE-2025-40624 - TCMAN's GIM v11 has multiple SQL injection vulnerabilities.
Product: TCMAN GIM
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-40620
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-40621
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-40622
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-40623
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-40624
NVD References:
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-tcmans-gim
CVE-2025-40625 - TCMAN's GIM v11 allows unauthenticated attackers to upload any file to the server, leading to Remote Code Execution (RCE).
Product: TCMAN GIM
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-40625
NVD References:
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-tcmans-gim
CVE-2025-45487 through CVE-2025-45491 - Linksys E5600 v1.1.0.26 was discovered to contain multiple command injection vulnerabilities.
Product: Linksys E5600
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-45487
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-45488
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-45489
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-45490
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-45491
NVD References:
-
-
CVE-2025-45492 - Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the Iface parameter in the action_wireless function.
Product: Netgear EX8000
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-45492
NVD References:
-
https://github.com/JZP018/vuln03/blob/main/netgear/EX8000/cve-netgear_EX8000_CI_action_wireless.pdf
-
https://github.com/JZP018/vuln03/blob/main/netgear/EX8000/netgear_EX8000_CI_action_wireless.mp4
CVE-2025-25014 - Kibana is vulnerable to prototype pollution, allowing arbitrary code execution through crafted HTTP requests to machine learning and reporting endpoints.
Product: Kibana
CVSS Score: 9.1
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-25014
NVD References:
https://discuss.elastic.co/t/kibana-8-17-6-8-18-1-or-9-0-1-security-update-esa-2025-07/377868
CVE-2024-12225 - Quarkus is vulnerable to unauthorized access due to default REST endpoints remaining accessible when developers provide custom REST endpoints.
Product: Quarkus quarkus-security-webauthnCVSS Score: 9.1NVD:https://nvd.nist.gov/vuln/detail/CVE-2024-12225NVD References:-https://access.redhat.com/security/cve/CVE-2024-12225-https://bugzilla.redhat.com/show_bug.cgi?id=2330484CVE-2025-44073 - SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_comment_news.php.Product: SeaCMS v13.3CVSS Score: 9.8NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-44073NVD References:https://github.com/202110420106/CVE/blob/master/seacms/seacms_comment_news_sql.mdCVE-2025-44899 - Tenda RX3 V1.0br_V16.03.13.11 is vulnerable to a stack overflow via parameter manipulation in the fromSetWifiGuestBasic function of the /goform/WifiGuestSet web url.Product: Tenda RX3 V1.0br_V16.03.13.11CVSS Score: 9.8NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-44899NVD References:https://github.com/faqiadegege/IoTVuln/blob/main/tenda_RX3_fromSetWifiGusetBasic_shareSpeed_overflow/detail.mdCVE-2025-45513 - Tenda FH451 V1.0.0.9 has a stack overflow vulnerability in the function.P2pListFilter.Product: Tenda FH451 V1.0.0.9CVSS Score: 9.8NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-45513NVD References:https://github.com/Eu21ka/cve_report/blob/master/The%20router%20Tenda%20FH451%20V1.0.0.9%20of%20Shenzhen%20Jixiang%20Tenda%20Technology%20Co.%2C%20Ltd.%20has%20a%20stack%20overflow%20vulnerability.mdCVE-2025-45779 - Tenda AC10 V1.0re_V15.03.06.46 is vulnerable to Buffer Overflow in the formSetPPTPUserList handler via the list POST parameter.Product: Tenda AC10CVSS Score: 9.8NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-45779NVD References:-https://github.com/sunyou-iot/iot-vul/blob/main/TendaAC10/CVE-2025-45779/README.md-https://www.tendacn.com/us/download/detail-3782.html-https://github.com/sunyou-iot/iot-vul/blob/main/TendaAC10/CVE-2025-45779/README.mdCVE-2025-2775, CVE-2025-2776, CVE-2025-2776 - SysAid On-Prem versions <= 23.3.40 suffers from multiple unauthenticated XXE vulnerabilitiesProduct: SysAid On-PremCVSS Score: 9.3NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-2775NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-2776NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-2777NVD References:-https://documentation.sysaid.com/docs/24-40-60-https://labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/CVE-2025-20188 - Cisco IOS XE Software for Wireless LAN Controllers (WLCs) is vulnerable to an unauthenticated attacker uploading arbitrary files through the Out-of-Band Access Point (AP) Image Download feature.Product: Cisco Wireless LAN Controllers (WLCs)CVSS Score: 10.0NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-20188NVD References:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-file-uplpd-rHZG9UfCCVE-2025-26844 - An issue was discovered in Znuny through 7.1.3. A cookie is set without the HttpOnly flag.Product: ZnunyCVSS Score: 9.8NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-26844NVD References:-https://www.znuny.com-https://www.znuny.org/en/advisories/zsa-2025-05CVE-2025-26845 - Znuny through 7.1.3 is vulnerable to an Eval Injection issue, allowing a user with write access to the configuration file to execute commands through the backup.pl script.Product: ZnunyCVSS Score: 9.8NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-26845NVD References:-https://www.znuny.com-https://www.znuny.org/en/advisories/zsa-2025-03CVE-2025-26846 - Znuny before 7.1.4 is vulnerable to improper permissions checks in the Generic Interface for updating ticket metadata.Product: Znuny Generic InterfaceCVSS Score: 9.8NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-26846NVD References:-https://www.znuny.com-https://www.znuny.org/en/advisories/zsa-2025-02CVE-2025-26847 - An issue was discovered in Znuny before 7.1.5. When generating a support bundle, not all passwords are masked.Product: ZnunyCVSS Score: 9.1NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-26847NVD References:-https://www.znuny.com-https://www.znuny.org/en/advisories/zsa-2025-06CVE-2024-11186 - Arista CloudVision Portal allows malicious authenticated users to improperly access and control managed EOS devices, impacting on-premise installations only.Product: Arista CloudVision PortalCVSS Score: 10.0NVD:https://nvd.nist.gov/vuln/detail/CVE-2024-11186NVD References:https://www.arista.com/en/support/advisories-notices/security-advisory/21314-security-advisory-0114CVE-2024-12378 - Arista EOS with secure Vxlan configured may send packets in the clear when the Tunnelsec agent is restarted.Product: Arista Networks Arista EOSCVSS Score: 9.1NVD:https://nvd.nist.gov/vuln/detail/CVE-2024-12378NVD References:https://www.arista.com/en/support/advisories-notices/security-advisory/21289-security-advisory-0113CVE-2025-0505 - Arista CloudVision systems are vulnerable to gaining admin privileges through Zero Touch Provisioning, allowing unauthorized query and manipulation of system state for managed devices.Product: Arista CloudVisionCVSS Score: 10.0NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-0505NVD Referen…
CVE-2025-44073 - SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_comment_news.php.
Product: SeaCMS v13.3
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-44073
NVD References:
https://github.com/202110420106/CVE/blob/master/seacms/seacms_comment_news_sql.md
CVE-2025-44899 - Tenda RX3 V1.0br_V16.03.13.11 is vulnerable to a stack overflow via parameter manipulation in the fromSetWifiGuestBasic function of the /goform/WifiGuestSet web url.
Product: Tenda RX3 V1.0br_V16.03.13.11
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-44899
NVD References:
CVE-2025-45513 - Tenda FH451 V1.0.0.9 has a stack overflow vulnerability in the function.P2pListFilter.
Product: Tenda FH451 V1.0.0.9
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-45513
NVD References:
CVE-2025-45779 - Tenda AC10 V1.0re_V15.03.06.46 is vulnerable to Buffer Overflow in the formSetPPTPUserList handler via the list POST parameter.
Product: Tenda AC10
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-45779
NVD References:
-
https://github.com/sunyou-iot/iot-vul/blob/main/TendaAC10/CVE-2025-45779/README.md
-
https://www.tendacn.com/us/download/detail-3782.html
-
https://github.com/sunyou-iot/iot-vul/blob/main/TendaAC10/CVE-2025-45779/README.md
CVE-2025-2775, CVE-2025-2776, CVE-2025-2776 - SysAid On-Prem versions <= 23.3.40 suffers from multiple unauthenticated XXE vulnerabilities
Product: SysAid On-Prem
CVSS Score: 9.3
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-2775
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-2776
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-2777
NVD References:
-
https://documentation.sysaid.com/docs/24-40-60
-
https://labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/
CVE-2025-20188 - Cisco IOS XE Software for Wireless LAN Controllers (WLCs) is vulnerable to an unauthenticated attacker uploading arbitrary files through the Out-of-Band Access Point (AP) Image Download feature.
Product: Cisco Wireless LAN Controllers (WLCs)
CVSS Score: 10.0
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-20188
NVD References:
CVE-2025-26844 - An issue was discovered in Znuny through 7.1.3. A cookie is set without the HttpOnly flag.
CVE-2025-26845 - Znuny through 7.1.3 is vulnerable to an Eval Injection issue, allowing a user with write access to the configuration file to execute commands through the backup.pl script.
CVE-2025-26846 - Znuny before 7.1.4 is vulnerable to improper permissions checks in the Generic Interface for updating ticket metadata.
Product: Znuny Generic Interface
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-26846
NVD References:
-
-
CVE-2025-26847 - An issue was discovered in Znuny before 7.1.5. When generating a support bundle, not all passwords are masked.
CVE-2024-11186 - Arista CloudVision Portal allows malicious authenticated users to improperly access and control managed EOS devices, impacting on-premise installations only.
Product: Arista CloudVision Portal
CVSS Score: 10.0
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2024-11186
NVD References:
https://www.arista.com/en/support/advisories-notices/security-advisory/21314-security-advisory-0114
CVE-2024-12378 - Arista EOS with secure Vxlan configured may send packets in the clear when the Tunnelsec agent is restarted.
Product: Arista Networks Arista EOS
CVSS Score: 9.1
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2024-12378
NVD References:
https://www.arista.com/en/support/advisories-notices/security-advisory/21289-security-advisory-0113
CVE-2025-0505 - Arista CloudVision systems are vulnerable to gaining admin privileges through Zero Touch Provisioning, allowing unauthorized query and manipulation of system state for managed devices.
Product: Arista CloudVision
CVSS Score: 10.0
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-0505
NVD References:
https://www.arista.com/en/support/advisories-notices/security-advisory/21315-security-advisory-0115
CVE-2023-31585 - Grocery-CMS-PHP-Restful-API v1.3 is vulnerable to File Upload via /admin/add-category.php.
Product: Grocery-CMS PHP-Restful-API
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2023-31585
NVD References:
-
https://gist.github.com/f1rstb100d/487f27964a28b100bd57f38e144f2d35
-
https://github.com/ajayrandhawa/Grocery-CMS-PHP-Restful-API/issues/5
CVE-2025-3710, CVE-2025-3711, CVE-2025-3714 - The LCD KVM over IP Switch CL5708IM has multiple a Stack-based Buffer Overflow vulnerabilities
Product: LCD KVM CL5708IM
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-3710
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-3711
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-3714
NVD References:
-
https://www.twcert.org.tw/en/cp-139-10103-32121-2.html
-
https://www.twcert.org.tw/tw/cp-132-10095-a0f57-1.html
-
https://wwwtwcert.org.tw/en/cp-139-10104-63bf4-2.html
-
https://www.twcert.org.tw/tw/cp-132-10096-60a81-1.html
-
https://www.twcert.org.tw/en/cp-139-10107-26b24-2.html
-
CVE-2024-11861 - EnerSys AMPA 22.09 and prior versions are vulnerable to command injection leading to privileged remote shell access.
Product: EnerSys AMPA
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2024-11861
NVD References:
-
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2025/MNDT-2025-0001.md
-
cve-2024-11861 - final.pdf
CVE-2024-12442 - EnerSys AMPA versions 24.04 through 24.16, inclusive, are vulnerable to command injection leading to privileged remote shell access.
Product: EnerSys AMPA
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2024-12442
NVD References:
-
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2025/MNDT-2025-0002.md
-
cve-2024-12442 - final.pdf
CVE-2025-45885 - PHPGURUKUL Vehicle Parking Management System v1.13 is vulnerable to SQL injection in the /vpms/users/login.php file, allowing attackers to inject malicious code through the 'emailcont' parameter for use in SQL queries.
Product: PHPGURUKUL Vehicle Parking Management System
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-45885
NVD References:
-
https://github.com/lintian31/vpm-system/blob/main/Vehicle%20parking%20Management%20System.md
-
https://github.com/lintian31/vpm-system/blob/main/Vehicle%20parking%20Management%20System.md
CVE-2025-45887 - Yifang CMS v2.0.2 is vulnerable to Server-Side Request Forgery (SSRF) in /api/file/getRemoteContent.
Product: Yifang CMS v2.0.2
CVSS Score: 9.1
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-45887
NVD References:
CVE-2025-28200 - Victure RX1800 EN_V1.0.0_r12_110933 has a vulnerability due to a weak default password based on the last 8 digits of the Mac address.
Product: Victure RX1800 EN_V1.0.0_r12_110933CVSS Score: 9.8NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-28200NVD References:-http://rx1800.com-http://victure.com-https://pwnit.io/2025/02/13/finding-vulnerabilities-in-wi-fi-router/-https://pwnit.io/2025/02/13/finding-vulnerabilities-in-wi-fi-router/CVE-2025-46188, CVE-2025-46189, CVE-2025-46190, CVE-2025-46192 - SourceCodester Client Database Management System 1.0 has multiple SQL Injection vulnerabilitiesCVSS Score: 9.8NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-46188NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-46189NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-46190NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-46192NVD References:-https://github.com/x6vrn/mitre/blob/main/CVE-2025-46188.md-https://medium.com/@bijay.kumar1857/sql-injection-to-rce-exploitation-0a5048e592be-https://github.com/x6vrn/mitre/blob/main/CVE-2025-46189.md-https://medium.com/@YousefAlotaibi/disclaimer-1699f46cb1a0-https://github.com/x6vrn/mitre/blob/main/CVE-2025-46190.md-https://github.com/x6vrn/mitre/blob/main/CVE-2025-46192.md-https://www.invicti.com/learn/blind-sql-injection/CVE-2025-46193 - SourceCodester Client Database Management System 1.0 is vulnerable to Remote code execution via Arbitrary file upload in user_proposal_update_order.php.Product: SourceCodester Client Database Management System 1.0CVSS Score: 9.8NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-46193NVD References:-https://github.com/x6vrn/mitre/blob/main/CVE-2025-46193.md-https://portswigger.net/web-security/file-uploadCVE-2025-46191 - SourceCodester Client Database Management System 1.0 is vulnerable to arbitrary file upload, allowing unauthenticated users to upload PHP files and execute remote commands.Product: SourceCodester Client Database Management System 1.0CVSS Score: 9.8NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-46191NVD References:-https://github.com/x6vrn/mitre/blob/main/CVE-2025-46191.md-https://portswigger.net/web-security/file-uploadCVE-2025-4555 - Okcat Parking Management Platform from ZONG YU is vulnerable to Missing Authentication, enabling unauthenticated remote attackers to access system functions such as gate opening and license plate viewing.Product: ZONG YU Okcat Parking Management PlatformCVSS Score: 9.8NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-4555NVD References:-https://www.twcert.org.tw/en/cp-139-10109-25719-2.html-https://www.twcert.org.tw/tw/cp-132-10108-f77f5-1.htmlCVE-2025-4556 - Okcat Parking Management Platform from ZONG YU has an Arbitrary File Upload vulnerability, enabling remote attackers to upload web shell backdoors for arbitrary code execution.Product: ZONG YU Okcat Parking Management PlatformCVSS Score: 9.8NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-4556NVD References:-https://www.twcert.org.tw/en/cp-139-10111-b78e6-2.html-https://www.twcert.org.tw/tw/cp-132-10110-114f0-1.htmlCVE-2025-4557 - ZONG YU's Parking Management System APIs have a Missing Authentication vulnerability, enabling unauthorized remote attackers to control system functions such as gate opening and system restart.Product: ZONG YU Parking Management SystemCVSS Score: 9.1NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-4557NVD References:-https://www.twcert.org.tw/en/cp-139-10113-58c29-2.html-https://www.twcert.org.tw/tw/cp-132-10112-5de7e-1.htmlCVE-2025-4558 - WormHole Tech's GPM is vulnerable to unauthenticated remote attackers changing any user's password and using it to log in due to an Unverified Password Change vulnerability.Product: WormHole Tech GPMCVSS Score: 9.8NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-4558NVD References:-https://www.twcert.org.tw/en/cp-139-10115-f5f14-2.html-https://www.twcert.org.tw/tw/cp-132-10114-10b4b-1.htmlCVE-2025-4559 - The ISOinsight from Netvision is vulnerable to SQL Injection, enabling remote attackers to access and manipulate database contents.Product: Netvision ISOinsightCVSS Score: 9.8NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-4559NVD References:-https://www.twcert.org.tw/en/cp-139-10117-57344-2.html-https://www.twcert.org.tw/tw/cp-132-10116-784e0-1.htmlCVE-2024-56523 & CVE-2024-56524 - Radware Cloud Web Application Firewall (WAF) allows remote attackers to bypass firewall filtersProduct: Radware Cloud Web Application Firewall (WAF)CVSS Score: 9.1NVD:https://nvd.nist.gov/vuln/detail/CVE-2024-56523NVD:https://nvd.nist.gov/vuln/detail/CVE-2024-56524NVD References:-https://radware.com/solutions/cloud-security/-https://www.kb.cert.org/vuls/id/722229CVE-2025-44022 - An issue in vvveb CMS v.1.0.6 allows a remote attacker to execute arbitrary code via the Plugin mechanism.Product: vvveb CMSCVSS Score: 9.8NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-44022NVD References:-https://github.com/chimmeee/vulnerability-research/blob/main/CVE-2025-44022-https://github.com/givanz/Vvveb/commit/dd74abcae88f658779f61338b9f4c123884eef0d-https://github.com/givanz/Vvveb/issues/289-https://github.com/chimmeee/vulnerability-research/blob/main/CVE-2025-44022-https://github.com…
CVE-2025-46193 - SourceCodester Client Database Management System 1.0 is vulnerable to Remote code execution via Arbitrary file upload in user_proposal_update_order.php.
Product: SourceCodester Client Database Management System 1.0
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-46193
NVD References:
-
https://github.com/x6vrn/mitre/blob/main/CVE-2025-46193.md
-
CVE-2025-46191 - SourceCodester Client Database Management System 1.0 is vulnerable to arbitrary file upload, allowing unauthenticated users to upload PHP files and execute remote commands.
Product: SourceCodester Client Database Management System 1.0
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-46191
NVD References:
-
https://github.com/x6vrn/mitre/blob/main/CVE-2025-46191.md
-
CVE-2025-4555 - Okcat Parking Management Platform from ZONG YU is vulnerable to Missing Authentication, enabling unauthenticated remote attackers to access system functions such as gate opening and license plate viewing.
Product: ZONG YU Okcat Parking Management Platform
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-4555
NVD References:
-
https://www.twcert.org.tw/en/cp-139-10109-25719-2.html
-
CVE-2025-4556 - Okcat Parking Management Platform from ZONG YU has an Arbitrary File Upload vulnerability, enabling remote attackers to upload web shell backdoors for arbitrary code execution.
Product: ZONG YU Okcat Parking Management Platform
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-4556
NVD References:
-
https://www.twcert.org.tw/en/cp-139-10111-b78e6-2.html
-
CVE-2025-4557 - ZONG YU's Parking Management System APIs have a Missing Authentication vulnerability, enabling unauthorized remote attackers to control system functions such as gate opening and system restart.
Product: ZONG YU Parking Management System
CVSS Score: 9.1
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-4557
NVD References:
-
https://www.twcert.org.tw/en/cp-139-10113-58c29-2.html
-
CVE-2025-4558 - WormHole Tech's GPM is vulnerable to unauthenticated remote attackers changing any user's password and using it to log in due to an Unverified Password Change vulnerability.
Product: WormHole Tech GPM
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-4558
NVD References:
-
https://www.twcert.org.tw/en/cp-139-10115-f5f14-2.html
-
CVE-2025-4559 - The ISOinsight from Netvision is vulnerable to SQL Injection, enabling remote attackers to access and manipulate database contents.
Product: Netvision ISOinsight
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-4559
NVD References:
-
https://www.twcert.org.tw/en/cp-139-10117-57344-2.html
-
CVE-2024-56523 & CVE-2024-56524 - Radware Cloud Web Application Firewall (WAF) allows remote attackers to bypass firewall filters
Product: Radware Cloud Web Application Firewall (WAF)
CVSS Score: 9.1
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2024-56523
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2024-56524
NVD References:
-
https://radware.com/solutions/cloud-security/
-
CVE-2025-44022 - An issue in vvveb CMS v.1.0.6 allows a remote attacker to execute arbitrary code via the Plugin mechanism.
Product: vvveb CMSCVSS Score: 9.8NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-44022NVD References:-https://github.com/chimmeee/vulnerability-research/blob/main/CVE-2025-44022-https://github.com/givanz/Vvveb/commit/dd74abcae88f658779f61338b9f4c123884eef0d-https://github.com/givanz/Vvveb/issues/289-https://github.com/chimmeee/vulnerability-research/blob/main/CVE-2025-44022-https://github.com/givanz/Vvveb/issues/289CVE-2025-44830 - EngineerCMS v1.02 through v.2.0.5 has a SQL injection vulnerability in the /project/addprojtemplet interface.Product: EngineerCMSCVSS Score: 9.8NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-44830NVD References:-https://gist.github.com/LTLTLXEY/e00ec21b730742ef432a7a560cd9b70a-https://github.com/3xxx/engineercms/issues/90CVE-2023-49641 - Billing Software v1.0 has multiple Unauthenticated SQL Injection vulnerabilities due to lack of filtering in the 'username' parameter of loginCheck.php.Product: Billing Software v1.0CVSS Score: 9.8NVD:https://nvd.nist.gov/vuln/detail/CVE-2023-49641NVD References:-https://fluidattacks.com/advisories/zimerman/-https://www.kashipara.com/CVE-2025-42999 - SAP NetWeaver Visual Composer Metadata Uploader is vulnerable to upload of untrusted content that could compromise system confidentiality, integrity, and availability.Product: SAP NetWeaver Visual ComposerCVSS Score: 9.1NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-42999NVD References:-https://me.sap.com/notes/3604119-https://url.sap/sapsecuritypatchday-https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/CVE-2025-4632 - Samsung MagicINFO 9 Server before version 21.1052 allows attackers to write arbitrary files with system authority by improperly limiting pathnames to restricted directories.Product: Samsung MagicINFO 9 ServerCVSS Score: 9.8NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-4632NVD References:https://security.samsungtv.com/securityUpdates#SVP-MAY-2025CVE-2025-26389 - Siemens OZW672 and OZW772 are vulnerable to a remote code execution attack due to unsanitized input parameters in the `exportDiagramPage` endpoint, potentially granting unauthorized root access.Product: Siemens OZWCVSS Score: 10.0NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-26389NVD References:https://cert-portal.siemens.com/productcert/html/ssa-047424.htmlCVE-2025-26390 - Siemens OZW672 and OZW772 are vulnerable to SQL injection, allowing an unauthenticated remote attacker to bypass authentication and authenticate as Administrator user.Product: Siemens OZWCVSS Score: 9.8NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-26390NVD References:https://cert-portal.siemens.com/productcert/html/ssa-047424.htmlCVE-2025-32469, CVE-2025-33024, & CVE-2025-33025 - RUGGEDCOM ROX series devices have multiple command injection vulnerabilities.Product: Siemens RUGGEDCOMCVSS Score: 9.9NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-32469NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-33024NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-33025NVD References:https://cert-portal.siemens.com/productcert/html/ssa-301229.htmlCVE-2024-46506 - NetAlertX 23.01.14 through 24.x before 24.10.12 is susceptible to unauthenticated command injection via settings update due to a missing authentication requirement, seen in a real exploitation in May 2025.Product: NetAlertX 23.01.14 through 24.x before 24.10.12CVSS Score: 10.0NVD:https://nvd.nist.gov/vuln/detail/CVE-2024-46506NVD References:https://rhinosecuritylabs.com/research/cve-2024-46506-rce-in-netalertx/CVE-2025-22462 - Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2, and 2024.3 with the May 2025 Security Patch allows a remote unauthenticated attacker to gain administrative access to the system through an authentication bypass.Product: Ivanti Neurons for ITSMCVSS Score: 9.8NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-22462NVD References:https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-on-premises-only-CVE-2025-22462CVE-2025-4428 - Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows authenticated attackers to execute arbitrary code through crafted API requests.Product: Ivanti Endpoint Manager MobileCVSS Score: 7.2NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-4428ISC Podcast:https://isc.sans.edu/podcastdetail/9450NVD References:https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMMCVE-2025-4427 - Ivanti Endpoint Manager Mobile 12.5.0.0 and prior is vulnerable to an authentication bypass in its API component, allowing attackers to access protected resources without proper credentials.Product: Ivanti Endpoint Manager MobileCVSS Score: 5.3NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-4427ISC Podcast:https://isc.sans.edu/podcastdetail/9450NVD References:https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMMCVE-2025-45858 - TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability via the FUN_00459fdc function.Product: TOTOLINK A3002RCVSS Sco…
CVE-2025-44830 - EngineerCMS v1.02 through v.2.0.5 has a SQL injection vulnerability in the /project/addprojtemplet interface.
Product: EngineerCMS
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-44830
NVD References:
-
https://gist.github.com/LTLTLXEY/e00ec21b730742ef432a7a560cd9b70a
-
CVE-2023-49641 - Billing Software v1.0 has multiple Unauthenticated SQL Injection vulnerabilities due to lack of filtering in the 'username' parameter of loginCheck.php.
Product: Billing Software v1.0
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2023-49641
NVD References:
-
https://fluidattacks.com/advisories/zimerman/
-
CVE-2025-42999 - SAP NetWeaver Visual Composer Metadata Uploader is vulnerable to upload of untrusted content that could compromise system confidentiality, integrity, and availability.
Product: SAP NetWeaver Visual Composer
CVSS Score: 9.1
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-42999
NVD References:
-
https://me.sap.com/notes/3604119
-
https://url.sap/sapsecuritypatchday
-
https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/
CVE-2025-4632 - Samsung MagicINFO 9 Server before version 21.1052 allows attackers to write arbitrary files with system authority by improperly limiting pathnames to restricted directories.
Product: Samsung MagicINFO 9 Server
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-4632
NVD References:
CVE-2025-26389 - Siemens OZW672 and OZW772 are vulnerable to a remote code execution attack due to unsanitized input parameters in the `exportDiagramPage` endpoint, potentially granting unauthorized root access.
Product: Siemens OZW
CVSS Score: 10.0
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-26389
NVD References:
https://cert-portal.siemens.com/productcert/html/ssa-047424.html
CVE-2025-26390 - Siemens OZW672 and OZW772 are vulnerable to SQL injection, allowing an unauthenticated remote attacker to bypass authentication and authenticate as Administrator user.
Product: Siemens OZW
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-26390
NVD References:
https://cert-portal.siemens.com/productcert/html/ssa-047424.html
CVE-2025-32469, CVE-2025-33024, & CVE-2025-33025 - RUGGEDCOM ROX series devices have multiple command injection vulnerabilities.
Product: Siemens RUGGEDCOM
CVSS Score: 9.9
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-32469
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-33024
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-33025
NVD References:
https://cert-portal.siemens.com/productcert/html/ssa-301229.html
CVE-2024-46506 - NetAlertX 23.01.14 through 24.x before 24.10.12 is susceptible to unauthenticated command injection via settings update due to a missing authentication requirement, seen in a real exploitation in May 2025.
Product: NetAlertX 23.01.14 through 24.x before 24.10.12
CVSS Score: 10.0
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2024-46506
NVD References:
cve-2024-46506 - rce-in-netalertx/
CVE-2025-22462 - Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2, and 2024.3 with the May 2025 Security Patch allows a remote unauthenticated attacker to gain administrative access to the system through an authentication bypass.
Product: Ivanti Neurons for ITSM
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-22462
NVD References:
CVE-2025-4428 - Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows authenticated attackers to execute arbitrary code through crafted API requests.
Product: Ivanti Endpoint Manager Mobile
CVSS Score: 7.2
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-4428
ISC Podcast:
https://isc.sans.edu/podcastdetail/9450
NVD References:
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM
CVE-2025-4427 - Ivanti Endpoint Manager Mobile 12.5.0.0 and prior is vulnerable to an authentication bypass in its API component, allowing attackers to access protected resources without proper credentials.
Product: Ivanti Endpoint Manager Mobile
CVSS Score: 5.3
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-4427
ISC Podcast:
https://isc.sans.edu/podcastdetail/9450
NVD References:
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM
CVE-2025-45858 - TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability via the FUN_00459fdc function.
Product: TOTOLINK A3002R
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-45858
NVD References:
-
https://github.com/Jiangxiazhe/IOT_hack/blob/main/TOTOLINK/A3002R/injection1.md
-
https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/258/ids/36.html
CVE-2025-29831 - Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.
Product: Microsoft Remote Desktop Gateway Service
CVSS Score: 7.5
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-29831
ISC Diary:
https://isc.sans.edu/diary/31946
NVD References:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29831
CVE-2025-43559 through CVE-2025-43564 - Multiple vulnerabilities in Adobe ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier include improper input validation, incorrect authorization, OS command injection, and improper access control.
Product: Adobe ColdFusion
CVSS Score: 9.1
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-43559
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-43560
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-43561
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-43562
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-43563
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-43564
NVD References:
https://helpx.adobe.com/security/products/coldfusion/apsb25-52.html
CVE-2025-43567 - Adobe Connect versions 12.8 and earlier are vulnerable to a reflected Cross-Site Scripting (XSS) attack, allowing an attacker to inject malicious scripts into form fields and potentially execute malicious JavaScript on a victim's browser.
Product: Adobe Connect
CVSS Score: 9.3
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-43567
NVD References:
https://helpx.adobe.com/security/products/connect/apsb25-36.html
CVE-2025-0855 - The PGS Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to 5.8.0, allowing unauthenticated attackers to inject a PHP Object and potentially execute harmful actions.
Product: WordPress PGS Core plugin
Active Installations: Update to version 5.9.0, or a newer patched version
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-0855
NVD References:
-
https://docs.potenzaglobalsolutions.com/docs/ciyashop-wp/changelog/
-
CVE-2025-3844 - The PeproDev Ultimate Profile Solutions plugin for WordPress allows unauthenticated attackers to login as other users, including administrators, due to an Authentication Bypass vulnerability in versions 1.9.1 to 7.5.2.
Product: PeproDev Ultimate Profile Solutions plugin for WordPress
Active Installations: This plugin has been closed as of May 5, 2025 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-3844
NVD References:
-
https://plugins.trac.wordpress.org/browser/peprodev-ups/tags/7.5.2/login/login.php#L1483
-
https://plugins.trac.wordpress.org/browser/peprodev-ups/tags/7.5.2/login/login.php#L2836
-
CVE-2025-4104 - The Frontend Dashboard plugin for WordPress allows unauthenticated attackers to reset the administrator's email and password, escalating their privileges to that of an administrator.
Product: WordPress Frontend Dashboard plugin
Active Installations: 700+
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-4104
NVD References:
-
-
-
-
https://plugins.trac.wordpress.org/changeset/3288562/
-
https://wordpress.org/plugins/frontend-dashboard/#developers
-
CVE-2025-47549 - Themefic BEAF allows remote attackers to upload dangerous files, including web shells, to a web server, impacting versions from n/a through 4.6.10.
Product: Themefic Ultimate Before After Image Slider \\& Gallery
Active Installations: 20,000+
CVSS Score: 9.1
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-47549
NVD References:
-
https://github.com/d0n601/CVE-2025-47549
-
CVE-2025-47657 - Productive Commerce allows SQL Injection through version 1.1.22.
Product: Productive Minds Productive Commerce
Active Installations: 50+
CVSS Score: 9.3
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-47657
NVD References:
CVE-2025-3810 - The WPBookit plugin for WordPress is vulnerable to privilege escalation through account takeover in versions up to 1.0.2.
Product: WPBookit WordPress plugin
Active Installations: 50+
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-3810
NVD References:
-
-
CVE-2025-3811 - The WPBookit plugin for WordPress allows unauthenticated attackers to change user email addresses and reset passwords, enabling privilege escalation through account takeover.
Product: WordPress WPBookit plugin
Active Installations: 50+
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-3811
NVD References:
-
-
CVE-2024-11617 - The Envolve Plugin for WordPress is vulnerable to arbitrary file uploads, enabling unauthenticated attackers to potentially achieve remote code execution.
Product: Envolve Plugin WordPress
Active Installations: Update to version 1.1.0, or a newer patched version
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2024-11617
NVD References:
-
https://themeforest.net/item/envolve-consulting-business-wordpress-theme/28748459
-
CVE-2025-2253 - The IMITHEMES Listing plugin is vulnerable to privilege escalation via account takeover due to improper validation of verification codes, allowing unauthenticated attackers to change any user's password.
Product: IMITHEMES Listing plugin
Active Installations: Update to version 3.4, or a newer patched version
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-2253
NVD References:
-
https://themeforest.net/item/auto-stars-car-dealership-listings-wp-theme/11560490
-
CVE-2025-3605 - The Frontend Login and Registration Blocks plugin for WordPress allows unauthenticated attackers to escalate privileges and take over accounts by changing email addresses due to improper user identity validation.
Product: WordPress Frontend Login and Registration Blocks plugin
Active Installations: This plugin has been closed as of April 22, 2025 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-3605
NVD References:
-
-
CVE-2025-4403 - The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress allows unauthenticated attackers to upload arbitrary files and potentially execute remote code due to a lack of proper file type validation.
Product: WordPress Drag and Drop Multiple File Upload for WooCommerce plugin
Active Installations: 6,000+
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-4403
NVD References:
-
-
-
https://plugins.trac.wordpress.org/changeset/3289478/
-
https://wordpress.org/plugins/drag-and-drop-multiple-file-upload-for-woocommerce/#developers
-
CVE-2025-47682 - SMS Alert Order Notifications Ð WooCommerce is vulnerable to SQL Injection from version n/a through 3.8.2.
Product: Cozy Vision Technologies Pvt. Ltd. SMS Alert Order Notifications Ð WooCommerce
Active Installations: 5,000+
CVSS Score: 9.3
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-47682
NVD References:
CVE-2025-47657 - Productive Commerce allows SQL Injection through version 1.1.22.
Product: Productive Minds Productive Commerce
Active Installations: 50+
CVSS Score: 9.3
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-47657
NVD References:
CVE-2025-3810 - The WPBookit plugin for WordPress is vulnerable to privilege escalation through account takeover in versions up to 1.0.2.
Product: WPBookit WordPress plugin
Active Installations: 50+
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-3810
NVD References:
-
-
CVE-2025-3811 - The WPBookit plugin for WordPress allows unauthenticated attackers to change user email addresses and reset passwords, enabling privilege escalation through account takeover.
Product: WordPress WPBookit plugin
Active Installations: 50+
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-3811
NVD References:
-
-
CVE-2024-11617 - The Envolve Plugin for WordPress is vulnerable to arbitrary file uploads, enabling unauthenticated attackers to potentially achieve remote code execution.
Product: Envolve Plugin WordPress
Active Installations: Update to version 1.1.0, or a newer patched version
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2024-11617
NVD References:
-
https://themeforest.net/item/envolve-consulting-business-wordpress-theme/28748459
-
CVE-2025-2253 - The IMITHEMES Listing plugin is vulnerable to privilege escalation via account takeover due to improper validation of verification codes, allowing unauthenticated attackers to change any user's password.
Product: IMITHEMES Listing plugin
Active Installations: Update to version 3.4, or a newer patched version
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-2253
NVD References:
-
https://themeforest.net/item/auto-stars-car-dealership-listings-wp-theme/11560490
-
CVE-2025-3605 - The Frontend Login and Registration Blocks plugin for WordPress allows unauthenticated attackers to escalate privileges and take over accounts by changing email addresses due to improper user identity validation.
Product: WordPress Frontend Login and Registration Blocks plugin
Active Installations: This plugin has been closed as of April 22, 2025 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-3605
NVD References:
-
-
CVE-2025-4403 - The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress allows unauthenticated attackers to upload arbitrary files and potentially execute remote code due to a lack of proper file type validation.
Product: WordPress Drag and Drop Multiple File Upload for WooCommerce plugin
Active Installations: 6,000+
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-4403
NVD References:
-
-
-
https://plugins.trac.wordpress.org/changeset/3289478/
-
https://wordpress.org/plugins/drag-and-drop-multiple-file-upload-for-woocommerce/#developers
-
CVE-2025-47682 - SMS Alert Order Notifications Ð WooCommerce is vulnerable to SQL Injection from version n/a through 3.8.2.
Product: Cozy Vision Technologies Pvt. Ltd. SMS Alert Order Notifications Ð WooCommerce
Active Installations: 5,000+
CVSS Score: 9.3
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-47682
NVD References:
Sponsors
Vanta
Free AI Security Assessment from Vanta Whether your company is using, building with, or developing AI, Vanta's AI Security Assessment outlines the most critical and common considerations across any AI program-from governance to risk, to data privacy, incident management, and more. Download it for free here.
Broadcom Inc.
Webcast | Resiliency and Business Continuity in the Cloud Era | May 22, 1:00 pm ET Join Dave Shackleford and Chris Newman as they discuss: - How cloud use is growing and changing, with some emphasis on zero trust and user access strategies - The types of security controls most organizations have implemented in the cloud - Changing compliance and regulatory requirements - Why-and how-we need to rethink business continuity to ensure consistent coverage, even when outages occur Save your seat today.
ARMO
Webcast | The Future of Cloud Security Starts with Runtime | May 29, 1:00 ET Modern cloud attacks are fast, stealthy, and constantly evolving-can your security strategy keep up? Join us for an eye-opening session that explores why traditional security tools are falling short and how runtime visibility is becoming a critical pillar of modern cloud defense. Save your seat today.
Knostic
Webcast | Rethinking Oversharing Risk and Knowledge Segmentation in the Age of AI, June 3 at noon ET Join this webcast to explore how Knostic is redefining access and identity management for the AI era with a knowledge-centric approach that emphasizes not just who has access, but who needs access. Discover how their innovative methodology-grounded in need-to-know principles, role-based knowledge segmentation, and intent-aware access policies-creates an intelligent, scalable framework for controlling AI-generated knowledge sharing. Save your seat today.