Internet Storm Center Spotlight


INTERNET STORM CENTER SPOTLIGHT

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

Microsoft January 2025 Patch Tuesday

Published: 2025-01-14.

Last Updated: 2025-01-14 18:40:40 UTC

by Renato Marinho (Version: 1)

This month's Microsoft patch update addresses a total of 209 vulnerabilities, including 12 classified as critical. Among these, 3 vulnerabilities have been actively exploited in the wild, and 5 have been disclosed prior to the patch release, marking them as zero-days. The updates span various components, with significant attention required for vulnerabilities that could lead to privilege escalation and remote code execution. Users and administrators are strongly advised to prioritize the application of these patches to safeguard against potential threats and maintain system integrity.

Noteworthy Vulnerabilities:

Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability (CVE-2025-21333) along with CVE-2025-21334 and CVE-2025-21335 are a serious security issue that has been exploited in the wild, although it has not been publicly disclosed. This vulnerability has a CVSS score of 7.8 and is rated as Important due to its potential impact, which allows an attacker to gain SYSTEM privileges through elevation of privilege. The vulnerability affects the Windows Hyper-V NT Kernel Integration VSP, and successful exploitation could lead to significant security breaches. Users and administrators are advised to apply any available patches or mitigation strategies to protect against potential attacks leveraging this vulnerability.

- https://nvd.nist.gov/vuln/detail/cve-2025-21333

- https://nvd.nist.gov/vuln/detail/cve-2025-21334

- https://nvd.nist.gov/vuln/detail/cve-2025-21335

Microsoft Access Remote Code Execution Vulnerability (CVE-2025-21186) is a disclosed zero-day vulnerability with a severity rating of Important and a CVSS score of 7.8, though it is not currently being exploited in the wild. This vulnerability allows for remote code execution, where an attacker can execute arbitrary code on a victim's machine by convincing them, through social engineering, to download and open a specially crafted file. Despite the attack vector being local, the term "Remote" in the title refers to the attacker's location. The vulnerability poses a significant risk as it could lead to unauthorized code execution on affected systems. The recommended remediation involves applying the update that blocks potentially malicious extensions from being sent via email, thereby mitigating the risk of exploitation.

- https://nvd.nist.gov/vuln/detail/cve-2025-21186

Windows App Package Installer Elevation of Privilege Vulnerability (CVE-2025-21275) is a disclosed zero-day vulnerability with a severity rating of Important and a CVSS score of 7.8. Although it has not been exploited in the wild, this vulnerability poses a significant risk as it allows an attacker to gain SYSTEM privileges through elevation of privilege. The vulnerability affects the Windows App Package Installer, and successful exploitation could lead to unauthorized access and control over affected systems. Users and administrators are advised to apply necessary patches and follow security best practices to mitigate potential risks associated with this vulnerability.

- https://nvd.nist.gov/vuln/detail/cve-2025-21275

Microsoft Access Remote Code Execution Vulnerability (CVE-2025-21366) is a disclosed zero-day vulnerability with a severity rating of Important and a CVSS score of 7.8, although it is not currently exploited in the wild. This vulnerability allows for remote code execution, where an attacker can execute arbitrary code on a victim's system by convincing them to download and open a specially crafted file, despite the attack vector being local. The vulnerability is mitigated by updates that block potentially malicious extensions from being sent via email, thereby preventing the execution of harmful code.

- https://nvd.nist.gov/vuln/detail/cve-2025-21366

Microsoft Access Remote Code Execution Vulnerability (CVE-2025-21395) is a disclosed zero-day vulnerability with a severity rating of Important and a CVSS score of 7.8, though it is not currently being exploited in the wild. This vulnerability allows for remote code execution, where an attacker, located remotely, can execute arbitrary code on a victim's machine by convincing them to download and open a specially crafted file, despite the attack vector being local. The vulnerability is mitigated by an update that blocks potentially malicious extensions from being sent via email, thereby preventing the execution of harmful code.

- https://nvd.nist.gov/vuln/detail/cve-2025-21395

Windows Themes Spoofing Vulnerability (CVE-2025-21308) is a disclosed zero-day vulnerability with a severity rating of Important and a CVSS score of 6.5, though it is not currently exploited in the wild. This spoofing vulnerability requires user interaction, where an attacker must convince a user to load and manipulate a malicious file, typically through enticements in emails or instant messages. Systems that have disabled NTLM are not affected, and mitigation strategies include applying group policies to block NTLM hashes. Specifically, enabling the policy to restrict NTLM traffic to remote servers can mitigate this issue for remote SMB location clients or servers. This vulnerability highlights the importance of secure configurations and user awareness to prevent potential exploitation.

- https://nvd.nist.gov/vuln/detail/cve-2025-21308

Windows OLE Remote Code Execution Vulnerability (CVE-2025-21298) is a critical vulnerability with a CVSS score of 9.8, which has not been exploited in the wild nor disclosed publicly, making it a potential zero-day threat. This vulnerability allows for remote code execution, posing a significant risk if exploited. An attacker could leverage this vulnerability in an email attack scenario by sending a specially crafted email to a victim using an affected version of Microsoft Outlook. The attack could be triggered either by the victim opening the email or by the Outlook application displaying a preview of it, potentially allowing the attacker to execute arbitrary code on the victim's machine. Object Linking and Embedding (OLE), the technology involved, facilitates embedding and linking to documents and other objects, which is central to this vulnerability's exploitation method.

- https://nvd.nist.gov/vuln/detail/cve-2025-21298

Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability (CVE-2025-21307) is a critical vulnerability with a CVSS score of 9.8, which has not been exploited in the wild nor disclosed publicly as a zero-day. This vulnerability allows an unauthenticated attacker to execute remote code by sending specially crafted packets to a Windows Pragmatic General Multicast (PGM) open socket on the server, without requiring any user interaction. The vulnerability is only exploitable if there is a program actively listening on a PGM port. To mitigate this risk, it is recommended to protect access to any open PGM ports at the network level, such as using a firewall, and to avoid exposing a PGM receiver to the public internet.

- https://nvd.nist.gov/vuln/detail/cve-2025-21307

This summary of Microsoft's monthly updates highlights critical vulnerabilities requiring immediate attention. Notably, the Windows Hyper-V NT Kernel Integration VSP vulnerabilities (CVE-2025-21333, CVE-2025-21334, CVE-2025-21335) are being actively exploited, posing significant risks through privilege elevation. Users should prioritize patching these vulnerabilities to prevent potential system breaches. Additionally, the Windows OLE and RMCAST vulnerabilities, both with a CVSS score of 9.8, present severe remote code execution threats. Although not currently exploited, they demand urgent mitigation to safeguard systems. Applying patches and implementing network-level protections are crucial steps to mitigate these risks effectively ...

Read the full entry: https://isc.sans.edu/diary/Microsoft+January+2025+Patch+Tuesday/31590/

Windows Defender Chrome Extension Detection

Published: 2025-01-10.

Last Updated: 2025-01-10 00:37:58 UTC

by Tom Webb (Version: 1)

With the recent Cyberhaven Extension attack, looking for specific Chrome extensions installed can be very helpful. If you are running Defender with enhanced vulnerability management, Defender automatically catalogs installed extensions by going to Vulnerability Management -> Inventories and selecting Browser Extension from the Defender Console. Also, you can do Hunt Queries on the DeviceTvmBrowserExtensions table.

For those who do not have this feature, you can still look for malicious extensions by searching for the Chrome Extension ID. This ID is used for the folder name on the computer and is easy to find. If you have other Chrome variant browsers, this query will also catch extensions in them. The query at the bottom covers all the IDs listed in the article for Cyberhaven ...

Read the full entry: https://isc.sans.edu/diary/Windows+Defender+Chrome+Extension+Detection/31574/

Internet Storm Center Entries


The Curious Case of a 12-Year-Old Netgear Router Vulnerability (2025.01.15)

https://isc.sans.edu/diary/The+Curious+Case+of+a+12YearOld+Netgear+Router+Vulnerability/31592/

Hikvision Password Reset Brute Forcing (2025.01.13)

https://isc.sans.edu/diary/Hikvision+Password+Reset+Brute+Forcing/31586/

Multi-OLE (2025.01.12)

https://isc.sans.edu/diary/MultiOLE/31580/

Wireshark 4.4.3 Released (2025.01.11)

https://isc.sans.edu/diary/Wireshark+443+Released/31578/

Examining Redtail Analyzing a Sophisticated Cryptomining Malware and its Advanced Tactics [Guest Diary] (2025.01.09)

https://isc.sans.edu/diary/Examining+Redtail+Analyzing+a+Sophisticated+Cryptomining+Malware+and+its+Advanced+Tactics+Guest+Diary/31568/

Recent CVEs


The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

CVE-2025-0282 - Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways have a stack-based buffer overflow vulnerability allowing remote code execution.

Product: Ivanti Connect Secure

CVSS Score: 9.0

** KEV since 2025-01-08 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-0282

ISC Podcast: https://isc.sans.edu/podcastdetail/9272

NVD References:

- https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283

- https://cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secure-vpn-zero-day

- https://www.cisa.gov/cisa-mitigation-instructions-cve-2025-0282

CVE-2025-0283 - Ivanti software versions before 22.7R2.5 allows local authenticated attackers to escalate their privileges via a stack-based buffer overflow.

Product: Ivanti Connect Secure

CVSS Score: 7.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-0283

ISC Podcast: https://isc.sans.edu/podcastdetail/9272

NVD References: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283

CVE-2024-10811, CVE-2024-13159, CVE-2024-13160, CVE-2024-13161 - Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows remote unauthenticated attackers to leak sensitive information via absolute path traversal.

Product: Ivanti EPM

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10811

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13159

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13160

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13161

NVD References: https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6

CVE-2024-55591 - FortiOS and FortiProxy versions 7.0.0 through 7.0.16 and 7.2.0 through 7.2.12 are vulnerable to an Authentication Bypass Using an Alternate Path or Channel (CWE-288) that allows remote attackers to gain super-admin privileges via crafted requests to Node.js websocket module.

Product: Fortinet FortiOS

CVSS Score: 9.8

** KEV since 2025-01-14 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55591

ISC Podcast: https://isc.sans.edu/podcastdetail/9280

NVD References: https://fortiguard.fortinet.com/psirt/FG-IR-24-535

CVE-2023-37936 - Fortinet FortiSwitch versions 6.0.0 through 7.4.0 are vulnerable to unauthorized code execution due to the use of hard-coded cryptographic keys.

Product: Fortinet FortiSwitch

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37936

NVD References: https://fortiguard.com/psirt/FG-IR-23-260

CVE-2024-47572 - Fortinet FortiSOAR 7.2.1 through 7.4.1 is vulnerable to unauthorized code execution via manipulation of csv files.

Product: Fortinet FortiSOAR

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47572

NVD References: https://fortiguard.fortinet.com/psirt/FG-IR-24-210

CVE-2024-48886 - Fortinet FortiOS, FortiProxy, FortiManager, FortiManager Cloud, FortiAnalyzer Cloud are vulnerable to unauthorized code execution via weak authentication, allowing attackers to exploit with brute-force attacks.

Product: Fortinet FortiOS

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48886

NVD References: https://fortiguard.fortinet.com/psirt/FG-IR-24-221

CVE-2023-48365 - Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code execution.

Product: Qlik_Sense november_2022

CVSS Score: 0

** KEV since 2025-01-13 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-48365

CVE-2025-21333, CVE-2025-21334, CVE-2025-21335 - Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerabilities

Product: Microsoft Windows Hyper-V

CVSS Score: 7.8

** KEV since 2025-01-14 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21333

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21334

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21335

ISC Diary: https://isc.sans.edu/diary/31590

NVD References:

- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21333

- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21334

- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21335

CVE-2024-50603 - Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996 allows an unauthenticated attacker to execute arbitrary code by sending shell metacharacters to certain API endpoints.

Product: Aviatrix Controller

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50603

ISC Podcast: https://isc.sans.edu/podcastdetail/9272

NVD References:

- https://docs.aviatrix.com/documentation/latest/network-security/index.html

- https://docs.aviatrix.com/documentation/latest/release-notices/psirt-advisories/psirt-advisories.html?expand=true#remote-code-execution-vulnerability-in-aviatrix-controllers

- https://www.securing.pl/en/cve-2024-50603-aviatrix-network-controller-command-injection-vulnerability/

CVE-2025-21298 - Windows OLE Remote Code Execution Vulnerability

Product: Microsoft Windows

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21298

ISC Diary: https://isc.sans.edu/diary/31590

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21298

CVE-2025-21307 - Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability

Product: Windows Reliable Multicast Transport Driver

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21307

ISC Diary: https://isc.sans.edu/diary/31590

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21307

CVE-2024-12847 - NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability, allowing remote attackers to execute arbitrary OS commands as root through crafted HTTP requests to setup.cgi endpoint.

Product: NETGEAR DGN1000

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12847

ISC Diary: https://isc.sans.edu/diary/31592

NVD References:

- https://seclists.org/bugtraq/2013/Jun/8

- https://vulncheck.com/advisories/netgear-dgn

- https://www.exploit-db.com/exploits/25978

- https://www.exploit-db.com/exploits/43055

CVE-2025-21186, CVE-2025-21366, CVE-2025-21395 - Microsoft Access Remote Code Execution Vulnerabilities

Product: Microsoft Access

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21186

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21366

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21395

ISC Diary: https://isc.sans.edu/diary/31590

NVD References:

- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21186

- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21366

- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21395

CVE-2025-21275 - Windows App Package Installer Elevation of Privilege Vulnerability

Product: Microsoft Windows App Package Installer

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21275

ISC Diary: https://isc.sans.edu/diary/31590

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21275

CVE-2025-21311 - Windows NTLM V1 Elevation of Privilege Vulnerability

Product: Microsoft Windows NTLM

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21311

ISC Diary: https://isc.sans.edu/diary/31590

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21311

CVE-2025-21308 - Windows Themes Spoofing Vulnerability

Product: Microsoft Windows

CVSS Score: 6.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21308

ISC Diary: https://isc.sans.edu/diary/31590

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21308

CVE-2024-8855 - The WordPress Auction Plugin WordPress plugin through 3.7 is vulnerable to SQL injection attacks due to unsanitized input.

Product: WordPress Auction Plugin WordPress Plugin

Active Installations: 700

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8855

NVD References: https://wpscan.com/vulnerability/04084f2a-45b8-4249-a472-f156fad0c90a/

CVE-2024-49222 - WPGuppy by Amento Tech Pvt ltd is vulnerable to object injection through deserialization of untrusted data from versions n/a to 1.1.0.

Product: Amento Tech Pvt ltd WPGuppy

Active Installations: 800+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49222

NVD References: https://patchstack.com/database/wordpress/plugin/wpguppy-lite/vulnerability/wordpress-wpguppy-plugin-1-1-0-php-object-injection-vulnerability?_s_id=cve

CVE-2024-49649 - Abdul Hakeem Build App Online is vulnerable to PHP Local File Inclusion due to an improper control of filename in include/require statement issue, affecting versions from n/a through 1.0.23.

Product: Abdul Hakeem Build App Online

Active Installations: 700+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49649

NVD References: https://patchstack.com/database/wordpress/plugin/build-app-online/vulnerability/wordpress-build-app-online-plugin-1-0-23-local-file-inclusion-vulnerability?_s_id=cve

CVE-2024-56278 - WP Ultimate Exporter is vulnerable to Code Injection via PHP Remote File Inclusion from version n/a through 2.9.1.

Product: Smackcoders WP Ultimate Exporter

Active Installations: 10,000+

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-56278

NVD References: https://patchstack.com/database/wordpress/plugin/wp-ultimate-exporter/vulnerability/wordpress-wp-ultimate-exporter-plugin-2-9-1-remote-code-execution-rce-vulnerability?_s_id=cve

CVE-2024-56290 - Multiple Shipping And Billing Address For Woocommerce from n/a through 1.2 allows SQL Injection.

Product: silverplugins217 Multiple Shipping And Billing Address For Woocommerce

Active Installations: 200+

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-56290

NVD References: https://patchstack.com/database/wordpress/plugin/different-shipping-and-billing-address-for-woocommerce/vulnerability/wordpress-multiple-shipping-and-billing-address-for-woocommerce-plugin-1-2-unauthenticated-sql-injection-vulnerability?_s_id=cve

CVE-2024-55556 - Crater Invoice is vulnerable to remote command execution through manipulation of session cookies using the secret APP_KEY.

Product: Crater Invoice

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55556

NVD References:

- https://github.com/crater-invoice/crater

- https://www.synacktiv.com/

- https://www.synacktiv.com/advisories/crater-invoice-unauthenticated-remote-command-execution-when-appkey-known

CVE-2025-0247 - Firefox and Thunderbird versions 133 have memory safety bugs that could potentially be exploited to run arbitrary code, affecting versions of Firefox prior to 134.

Product: Mozilla Firefox

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-0247

NVD References:

- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1835193%2C1910021%2C1919803%2C1931576%2C1931948%2C1932173

- https://www.mozilla.org/security/advisories/mfsa2025-01/

- https://www.mozilla.org/security/advisories/mfsa2025-04/

CVE-2025-21624 - ClipBucket V5 has a file upload vulnerability in Manage Playlist functionality, pre 5.5.1 - 239, allowing attackers to upload malicious PHP files in place of images.

Product: ClipBucket V5

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21624

NVD References:

- https://github.com/MacWarrior/clipbucket-v5/commit/893bfb0f1236c4a59b5e2843ab8d27a1e491b12b

- https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-98vm-2xqm-xrcc

- https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-98vm-2xqm-xrcc

CVE-2024-50658 - AdPortal 3.0.39 is vulnerable to Server-Side Template Injection (SSTI) through the shippingAsBilling and firstname parameters in updateuserinfo.html file.

Product: AdPortal 3.0.39

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50658

NVD References:

- http://adportal.com

- http://ipublish.com

- https://petercipolone.info/wp-content/uploads/2025/01/iPublishMedia_AdPortal3.0.39_CVEs.pdf

CVE-2024-50660 - AdPortal 3.0.39 has a file upload bypass vulnerability that allows remote attackers to execute arbitrary code.

Product: AdPortal 3.0.39

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50660

NVD References:

- http://adportal.com

- http://ipublish.com

- https://petercipolone.info/wp-content/uploads/2025/01/iPublishMedia_AdPortal3.0.39_CVEs.pdf

CVE-2024-55414 - Motorola SM56 Modem WDM Driver v6.12.23.0 is vulnerable to exploitation by low-privileged users via specially crafted IOCTL requests, allowing for privilege escalation, code execution, and information disclosure.

Product: Motorola SM56 Modem WDM Driver

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55414

NVD References:

- https://github.com/heyheysky/vulnerable-driver/blob/master/CVE-2024-55414/CVE-2024-55414_SmSerl64.sys_README.md

- https://us.motorola.com/

CVE-2022-41572 - EyesOfNetwork (EON) through 5.3.11 allows for privilege escalation and total control over the server through running nmap as root.

Product: EyesOfNetwork EON

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-41572

NVD References:

- https://github.com/EyesOfNetworkCommunity/eonweb/issues/120

- https://github.com/Orange-Cyberdefense/CVE-repository/

CVE-2022-41573 - Ovidentia 8.3 allows for remote code execution by uploading executable files disguised as .png files.

Product: Ovidentia

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-41573

NVD References:

- https://bitbucket.org/cantico/ovidentia/branches/

- https://github.com/Orange-Cyberdefense/CVE-repository/

- https://github.com/Orange-Cyberdefense/CVE-repository/blob/master/PoCs/poc_CVE-2022-41573.txt

CVE-2024-35532 - Intersec Geosafe-ea 2022.12, 2022.13, and 2022.14 is vulnerable to XXE injection, allowing for arbitrary file reading, SSRF requests, and potential DoS attacks.

Product: Intersec Geosafe-ea

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-35532

NVD References:

- https://github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2024-35532.pdf

- https://intersec.com/public-safety

CVE-2024-54819 - I, Librarian before and including 5.11.1 is vulnerable to Server-Side Request Forgery (SSRF) due to improper input validation in classes/security/validation.php

Product: I, Librarian

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54819

NVD References:

- https://github.com/mkucej/i-librarian-free/commit/ed36f6f258392fa2ec72f9820661ded75d91accc

- https://github.com/partywavesec/CVE-2024-55557

CVE-2025-22133 - WeGIA, a web manager for charitable institutions, had a critical vulnerability prior to version 3.2.8 in the file upload endpoint, allowing malicious files to be executed by the server.

Product: WeGIA is a web manager

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22133

NVD References:

- https://github.com/nilsonLazarin/WeGIA/commit/a08f04de96d3caec85496d7a89a5b82d1960d9dd

- https://github.com/nilsonLazarin/WeGIA/security/advisories/GHSA-mjgr-2jxv-v8qf

- https://github.com/nilsonLazarin/WeGIA/security/advisories/GHSA-mjgr-2jxv-v8qf

CVE-2018-4301 - A potential stack based buffer overflow existed in GemaltoKeyHandle.cpp. This issue is fixed in SCSSU-201801.

Product: Gemalto SCSSU-201801

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2018-4301

NVD References: https://smartcardservices.github.io/security/

CVE-2024-11613 & CVE-2024-11635 - The WordPress File Upload plugin Remote Code Execution vulnerabilities

Product: WordPress File Upload plugin

Active Installations: 20,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11613

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11635

NVD References:

- https://plugins.svn.wordpress.org/wp-file-upload/trunk/wfu_file_downloader.php

- https://plugins.trac.wordpress.org/changeset/3217005/

- https://www.wordfence.com/threat-intel/vulnerabilities/id/31052fe6-a0ae-4502-b2d2-dbc3b3bf672f?source=cve

- https://www.wordfence.com/threat-intel/vulnerabilities/id/b5165f60-6515-4a2c-a124-cc88155eaf01?source=cve

CVE-2024-11350 - The AdForest theme for WordPress is vulnerable to privilege escalation through account takeover in versions up to 5.1.6, allowing unauthenticated attackers to change passwords and gain access to user accounts.

Product: WordPress AdForest theme

Active Installations: unknown

CVSS Score: 9.8 AtRiskScore 30

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11350

NVD References:

- https://themeforest.net/item/adforest-classified-wordpress-theme/19481695

- https://www.wordfence.com/threat-intel/vulnerabilities/id/4ebb766a-44e9-460c-be84-356b7403e593?source=cve

CVE-2024-54676 - Apache OpenMeetings from version 2.1.0 before 8.0.0 is vulnerable to possible deserialization of untrusted data due to lack of white/black lists for OpenJPA in default clustering instructions.

Product: Apache Software Foundation Apache OpenMeetings

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54676

NVD References:

- https://lists.apache.org/thread/o0k05jxrt5tp4nm45lj14yfjxmg67m95

- http://www.openwall.com/lists/oss-security/2025/01/08/1

CVE-2025-22137 - Pingvin Share allows authenticated or unauthenticated users to overwrite arbitrary files on the server via HTTP POST requests, which has been patched in version 1.4.0.

Product: Pingvin Share

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22137

NVD References:

- https://github.com/stonith404/pingvin-share/commit/6cf5c66fe2eda1e0a525edf7440d047fe2f0e35b

- https://github.com/stonith404/pingvin-share/commit/c52ec7192080c402bd804e69be93dd88cc7c5c70

- https://github.com/stonith404/pingvin-share/security/advisories/GHSA-rjwx-p44f-mcrv

CVE-2024-40762 - SonicOS SSLVPN's use of Cryptographically Weak PRNG can be predicted by attackers, leading to potential authentication bypass.

Product: SonicWall SonicOS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-40762

NVD References: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003

CVE-2024-53704 - An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.

Product: SonicWALL SSL-VPN

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-53704

NVD References: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003

CVE-2024-12803 - SonicOS management is vulnerable to a post-authentication stack-based buffer overflow that can crash the firewall and possibly lead to code execution.

Product: SonicWall SonicOS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12803

NVD References: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0004

CVE-2024-12805 - SonicOS management is vulnerable to a post-authentication format string flaw that can crash the firewall and possibly result in code execution.

Product: SonicWall SonicOS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12805

NVD References: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0004

CVE-2024-40765 - SonicOS is vulnerable to an Integer-based buffer overflow via IPSec, allowing remote attackers to cause Denial of Service and potentially execute arbitrary code by sending a crafted IKEv2 payload.

Product: SonicWall SonicOS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-40765

NVD References: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0013

CVE-2024-12802 - SonicWALL SSL-VPN may be vulnerable to MFA bypass due to separate handling of UPN and SAM account names, allowing attackers to potentially exploit alternative account names.

Product: SonicWALL SSL-VPN

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12802

NVD References: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0001

CVE-2024-43661 & CVE-2024-43663 - The Iocharger firmware for AC model chargers before version 24120701 is vulnerable to buffer overflow issues

Product: Iocharger AC models

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43661

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43663

NVD References:

- https://csirt.divd.nl/CVE-2024-43661/

- https://csirt.divd.nl/CVE-2024-43663/

- https://csirt.divd.nl/DIVD-2024-00035/

- https://iocharger.com

CVE-2024-11642 - The Post Grid Master plugin for WordPress is vulnerable to Local File Inclusion, allowing unauthenticated attackers to execute arbitrary files on the server through the 'locate_template' function.

Product: The Post Grid Master Custom Post Types, Taxonomies & Ajax Filter Plugin

Active Installations: 1,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11642

NVD References:

- https://plugins.trac.wordpress.org/browser/ajax-filter-posts/tags/3.4.12/inc/Shortcode.php#L624

- https://www.wordfence.com/threat-intel/vulnerabilities/id/b299a932-8167-4547-845b-637c4971360d?source=cve

CVE-2025-22504 - jumpdemand 4ECPS Web Forms allows malicious users to upload a web shell and compromise the web server.

Product: jumpdemand 4ECPS Web Forms

Active Installations: unknown

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22504

NVD References: https://patchstack.com/database/wordpress/plugin/4ecps-webforms/vulnerability/wordpress-4ecps-web-forms-plugin-0-2-18-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2025-22540 - Emailing Subscription from n/a through 1.4.1 is vulnerable to Blind SQL Injection due to improper neutralization of special elements in an SQL command.

Product: Sebastian Orellana Emailing Subscription

Active Installations: unknown

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22540

NVD References: https://patchstack.com/database/wordpress/plugin/email-suscripcion/vulnerability/wordpress-emailing-subscription-plugin-1-4-1-sql-injection-vulnerability?_s_id=cve

CVE-2025-22542 - Ofek Nakar Virtual Bot is vulnerable to Blind SQL Injection from n/a through 1.0.0.

Product: Ofek Nakar Virtual Bot

Active Installations: unknown

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22542

NVD References: https://patchstack.com/database/wordpress/plugin/virtual-bot/vulnerability/wordpress-virtual-bot-plugin-1-0-0-sql-injection-vulnerability?_s_id=cve

CVE-2025-21628 - Chatwoot prior to version 3.16.0 allowed authenticated actors to run arbitrary SQL queries through unfiltered input in conversation and contact filters endpoints.

Product: Chatwoot

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21628

NVD References:

- https://github.com/chatwoot/chatwoot/commit/b34dac7bbe3c910186083b680e51aad5ea60b44b

- https://github.com/chatwoot/chatwoot/security/advisories/GHSA-g8f9-hh83-rcq9

CVE-2024-13239 - Weak Authentication vulnerability in Drupal Two-factor Authentication (TFA) allows Authentication Abuse.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.5.0.

Product: Drupal Two-factor Authentication (TFA)

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13239

NVD References: https://www.drupal.org/sa-contrib-2024-003

CVE-2024-13241 - Drupal Open Social is vulnerable to Improper Authorization, allowing unauthorized users to collect data from common resource locations.

Product: Drupal Open Social

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13241

NVD References: https://www.drupal.org/sa-contrib-2024-005

CVE-2024-13242 - Exposed Dangerous Method or Function vulnerability in Drupal Swift Mailer allows Resource Location Spoofing.This issue affects Swift Mailer: *.*.

Product: Drupal Swift Mailer

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13242

NVD References: https://www.drupal.org/sa-contrib-2024-006

CVE-2024-13253 - Advanced PWA inc Push Notifications in Drupal is vulnerable to Incorrect Authorization, allowing for Forceful Browsing from version 0.0.0 to 1.5.0.

Product: Drupal Advanced PWA inc Push Notifications

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13253

NVD References: https://www.drupal.org/sa-contrib-2024-017

CVE-2024-13258 - Drupal is vulnerable to Incorrect Authorization due to a Forceful Browsing flaw in its REST & JSON API Authentication module (versions 0.0.0 to 2.0.13).

Product: Drupal REST & JSON API Authentication

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13258

NVD References: https://www.drupal.org/sa-contrib-2024-022

CVE-2024-13264 - Opigno module in Drupal is vulnerable to Static Code Injection allowing PHP Local File Inclusion from version 0.0.0 to 3.1.2.

Product: Drupal Opigno

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13264

NVD References: https://www.drupal.org/sa-contrib-2024-028

CVE-2024-13277 - Incorrect Authorization vulnerability in Drupal Smart IP Ban allows Forceful Browsing.This issue affects Smart IP Ban: from 7.X-1.0 before 7.X-1.1.

Product: Drupal Smart IP Ban

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13277

NVD References: https://www.drupal.org/sa-contrib-2024-041

CVE-2024-13278 - Incorrect Authorization vulnerability in Drupal Diff allows Functionality Misuse.This issue affects Diff: from 0.0.0 before 1.8.0.

Product: Drupal Diff

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13278

NVD References: https://www.drupal.org/sa-contrib-2024-042

CVE-2024-13279 - Session Fixation vulnerability in Drupal Two-factor Authentication (TFA) allows Session Fixation.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.8.0.

Product: Drupal Two-factor Authentication (TFA)

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13279

NVD References: https://www.drupal.org/sa-contrib-2024-043

CVE-2024-13280 - Drupal's Persistent Login feature suffers from an Insufficient Session Expiration vulnerability, allowing for Forceful Browsing attacks.

Product: Drupal Persistent Login

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13280

NVD References: https://www.drupal.org/sa-contrib-2024-044

CVE-2024-13281 - Incorrect Authorization vulnerability in Drupal Monster Menus allows Forceful Browsing.This issue affects Monster Menus: from 0.0.0 before 9.3.2.

Product: Drupal Monster Menus

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13281

NVD References: https://www.drupal.org/sa-contrib-2024-045

CVE-2024-13285 - Vulnerability in Drupal wkhtmltopdf.This issue affects wkhtmltopdf: *.*.

Product: Drupal wkhtmltopdf

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13285

NVD References: https://www.drupal.org/sa-contrib-2024-049

CVE-2024-55224 - Vaultwarden 1.32.4 and earlier versions allow attackers to execute arbitrary code via injecting a crafted payload into the username field of an e-mail message.

Product: Vaultwarden

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55224

NVD References:

- https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.4

- https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.5

- https://insinuator.net/2024/11/vulnerability-disclosure-authentication-bypass-in-vaultwarden-versions-1-32-5/

CVE-2024-55225 - Vaultwarden is vulnerable to an issue in src/api/identity.rs prior to v1.32.5 that allows attackers to impersonate users, including Administrators, via a crafted authorization request.

Product: Vaultwarden

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55225

NVD References:

- https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.4

- https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.5

- https://insinuator.net/2024/11/vulnerability-disclosure-authentication-bypass-in-vaultwarden-versions-1-32-5/

CVE-2023-28354 - Opsview Monitor Agent 6.8 allows unauthenticated remote attackers to bypass NRPE plugin execution and run commands as NT_AUTHORITY\SYSTEM.

Product: Opsview Monitor Agent

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-28354

NVD References: https://github.com/stormfleet/CVE-2023-28354/blob/main/README.md

CVE-2025-23016 - FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 is vulnerable to integer overflow and subsequent heap-based buffer overflow due to crafted nameLen or valueLen values in data passed to the IPC socket.

Product: FastCGI fcgi2

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-23016

NVD References: https://github.com/FastCGI-Archives/fcgi2/issues/67

CVE-2024-57823 - Raptor RDF Syntax Library through 2.0.16 is vulnerable to an integer underflow when normalizing a URI with the turtle parser in raptor_uri_normalize_path().

Product: Raptor RDF Syntax Library

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57823

NVD References:

- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067896

- https://github.com/dajobe/raptor/issues/70

- https://github.com/pedrib/PoC/blob/master/fuzzing/raptor-fuzz.md

CVE-2024-41787 - IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 are vulnerable to a remote code execution attack due to a race condition that allows an attacker to bypass security restrictions with a specially crafted request.

Product: IBM Engineering Requirements Management DOORS Next

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41787

NVD References: https://www.ibm.com/support/pages/node/7180636

CVE-2024-57686 - PHPGurukul Land Record System v1.0 is vulnerable to Cross Site Scripting (XSS) attacks via the "pagetitle" parameter, enabling remote attackers to execute arbitrary code.

Product: PHPGurukul Land Record System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57686

NVD References: https://github.com/Santoshcyber1/CVE-wirteup/blob/main/Phpgurukul/Land%20record/Reflected%20Cross%20Site%20Scripting.pdf

CVE-2024-57687 - PHPGurukul Land Record System v1.0 is vulnerable to OS Command Injection via the "Cookie" GET request parameter, allowing remote attackers to execute arbitrary code.

Product: PHPGurukul Land Record System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57687

NVD References: https://github.com/Santoshcyber1/CVE-wirteup/blob/main/Phpgurukul/Land%20record/Command%20Injection.pdf

CVE-2025-22946 - Tenda ac9 v1.0 firmware v15.03.05.19 contains a stack overflow vulnerability in /goform/SetOnlineDevName, which may lead to remote arbitrary code execution.

Product: Tenda ac9

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22946

NVD References: https://noisy-caravel-a9a.notion.site/Tenda_AC9V1-0_V15-03-05-19_formSetDeviceName_sprintf_bof-16f898c94eac8057afcbceb63fda7d24

CVE-2025-22949 - Tenda ac9 v1.0 firmware v15.03.05.19 is vulnerable to command injection in /goform/SetSambaCfg, which may lead to remote arbitrary code execution.

Product: Tenda ac9

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22949

NVD References: https://noisy-caravel-a9a.notion.site/Tenda_AC9V1-0_V15-03-05-19_formSetSambaConf_doSystemCmd_CI-16f898c94eac80d5801bdaf777ac2b27

CVE-2024-29970 - Fortanix Enclave OS 3.36.1941-EM has an interface vulnerability that leads to state corruption via injected signals.

Product: Fortanix Enclave OS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29970

NVD References:

- https://github.com/ahoi-attacks/sigy/blob/main/pocs/enclaveos/cve.md

- https://support.fortanix.com/hc/en-us/sections/360012461751-Enclave-OS

CVE-2024-29971 - Scontain SCONE 5.8.0 has an interface vulnerability that leads to state corruption via injected signals.

Product: Scontain SCONE

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29971

NVD References:

- https://github.com/ahoi-attacks/sigy/blob/main/pocs/scone/cve.md

- https://scontain.com

CVE-2025-22152 - Atheos is vulnerable to remote file disclosure, modification, and execution attacks due to improper validation of parameters in versions prior to v600.

Product: Atheos

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22152

NVD References: https://github.com/Atheos/Atheos/security/advisories/GHSA-rgjm-6p59-537v

CVE-2024-57223, CVE-2024-57224, CVE-2024-57225 - Linksys E7350 1.1.00.032 was discovered to contain command injection vulnerabilities

Product: Linksys E7350

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57223

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57224

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57225

NVD References:

- https://github.com/yanggao017/vuln/blob/main/Linksys/E7350/CI_6_apcli_wps_gen_pincode/README.md

- https://github.com/yanggao017/vuln/blob/main/Linksys/E7350/CI_3_apcli_do_enr_pin_wps/README.md

- https://github.com/yanggao017/vuln/blob/main/Linksys/E7350/CI_7_reset_wifi/README.md

CVE-2024-12877 - The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.2.

Product: GiveWP Donation Plugin

Active Installations: 100,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12877

NVD References:

- https://plugins.trac.wordpress.org/changeset/3212723/give/tags/3.19.3/src/Helpers/Utils.php

- https://www.wordfence.com/threat-intel/vulnerabilities/id/b2143edf-5423-4e79-8638-a5b98490d292?source=cve

CVE-2025-22777 - Deserialization of Untrusted Data vulnerability in GiveWP allows Object Injection. This issue affects GiveWP: from n/a through 3.19.3.

Product: GiveWP Donation Plugin

Active Installations: 100,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22777

NVD References:

- https://patchstack.com/database/wordpress/plugin/give/vulnerability/wordpress-givewp-plugin-3-19-3-php-object-injection-vulnerability?_s_id=cve

- https://securityonline.info/cve-2025-22777-cvss-9-8-critical-security-alert-for-givewp-plugin-with-100000-active-installations/

CVE-2024-46479 - Venki Supravizio BPM through 18.0.1 allows an authenticated attacker to upload a malicious file and execute remote code.

Product: Venki Supravizio BPM

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46479

NVD References:

- https://github.com/Lorenzo-de-Sa/Vulnerability-Research

- https://github.com/Lorenzo-de-Sa/Vulnerability-Research/blob/main/CVE-2024-46479.md

- https://www.venki.com.br/ferramenta-bpm/supravizio/

CVE-2024-5743 - Eve Play through 1.1.42 is vulnerable to an attacker exploiting the 'Use of Password Hash With Insufficient Computational Effort' vulnerability to execute arbitrary code.

Product: EveHome Eve Play

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-5743

NVD References: https://www.evehome.com/en-us/security-content

CVE-2025-0066 - SAP NetWeaver AS for ABAP and ABAP Platform may allow attackers to access restricted information through weak access controls, risking confidentiality, integrity, and availability of an application.

Product: SAP NetWeaver AS for ABAP and ABAP Platform

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-0066

NVD References:

- https://me.sap.com/notes/3550708

- https://url.sap/sapsecuritypatchday

CVE-2025-0070 - SAP NetWeaver Application Server for ABAP and ABAP Platform allows an authenticated attacker to gain unauthorized access through improper authentication checks, leading to privilege escalation and potential security risks with a high impact on confidentiality, integrity, and availability.

Product: SAP NetWeaver Application Server

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-0070

NVD References:

- https://me.sap.com/notes/3537476

- https://url.sap/sapsecuritypatchday

CVE-2024-12919 - The Paid Membership Subscriptions plugin for WordPress up to version 2.13.7 is vulnerable to Authentication Bypass, allowing unauthenticated attackers with knowledge of a valid payment ID to log in as any user who has made a purchase on the targeted site.

Product: WordPress Paid Membership Subscriptions

Active Installations: 10,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12919

NVD References:

- https://plugins.trac.wordpress.org/changeset/3214706/paid-member-subscriptions

- https://www.wordfence.com/threat-intel/vulnerabilities/id/d3a4fa4d-a7d2-4890-b0f5-5fe69bc5e7ac?source=cve

CVE-2025-20055 - STEALTHONE D220/D340 network storage servers provided by Y'S corporation are vulnerable to OS command injection, allowing attackers to execute arbitrary commands.

Product: Y'S corporation STEALTHONE D220/D340

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-20055

NVD References:

- https://jvn.jp/en/vu/JVNVU99653331/

- https://stealthone.net/product_info/d220-d340%e3%80%8cv6-03-03%e3%80%8d%e5%8f%8a%e3%81%b3d440%e3%80%8cv7-00-11%e3%80%8d%e3%83%95%e3%82%a1%e3%83%bc%e3%83%a0%e3%82%a6%e3%82%a7%e3%82%a2%e3%82%92%e3%83%aa%e3%83%aa%e3%83%bc%e3%82%b9%e8%87%b4/

CVE-2024-34166, CVE-2024-34544, CVE-2024-37186, CVE-2024-39360, CVE-2024-39367, CVE-2024-39759, CVE-2024-39760, CVE-2024-39761, CVE-2024-39762, CVE-2024-39763, CVE-2024-39764, CVE-2024-39765, CVE-2024-39781, CVE-2024-39782, CVE-2024-39783, CVE-2024-39784, CVE-2024-39785 - Wavlink AC3000 M33A8.V5030.210505. is vulnerable to an os command injection flaw in touchlist_sync.cgi, allowing for arbitrary code execution via specially crafted HTTP requests.

Product: Wavlink AC3000

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-34166

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-34544

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37186

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39360

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39367

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39759

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39760

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39761

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39762

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39763

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39764

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39765

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39781

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39782

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39783

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39784

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39785

NVD References:

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2000

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2044

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2032

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2054

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2023

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2018

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2020

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2033

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2058

CVE-2024-36295, CVE-2024-21797, CVE-2024-39370, CVE-2024-39604 - Wavlink AC3000 M33A8.V5030.210505. may allow arbitrary command execution via specially crafted HTTP requests.

Product: Wavlink AC3000

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-36295

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21797

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39370

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39604

NVD References:

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2047

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2028

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2031

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2038

CVE-2024-36258, CVE-2024-36272, CVE-2024-36290, CVE-2024-36493, CVE-2024-37184, CVE-2024-37357, CVE-2024-39288, CVE-2024-39294, CVE-2024-39299, CVE-2024-39357, CVE-2024-39358, CVE-2024-39359, CVE-2024-39603, CVE-2024-39756, CVE-2024-39757, CVE-2024-39768, CVE-2024-39769, CVE-2024-39770, CVE-2024-39774, CVE-2024-39801, CVE-2024-39802, CVE-2024-39803 - Wavlink AC3000 M33A8.V5030.210505.0 multiple buffer overflow vulnerbilities through specially crafted HTTP requests

Product: Wavlink AC3000

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-36258

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-36272

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-36290

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-36493

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37184

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37357

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39288

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39294

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39299

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39357

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39358

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39359

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39603

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39756

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39757

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39768

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39769

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39770

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39774

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39801

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39802

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39803

NVD References:

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2046

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2045

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2019

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2041

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2025

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2029

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2021

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2026

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2048

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2039

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2027

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2040

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2042

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2024

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2043

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2022

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2030

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2049

CVE-2024-38666, CVE-2024-39280, CVE-2024-39602, CVE-2024-39788, CVE-2024-39789, CVE-2024-39790, CVE-2024-39793, CVE-2024-39794, CVE-2024-39795, CVE-2024-39798, CVE-2024-39799, CVE-2024-39800 - Wavlink AC3000 M33A8.V5030.210505. has multiple external config control vulnerabilities allowing arbitrary command execution via specially crafted HTTP requests.

Product: Wavlink AC3000 M33A8

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38666

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39280

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39602

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39788

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39789

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39790

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39793

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39794

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39794

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39795

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39798

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39799

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39800

NVD References:

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2051

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2055

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2052

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2056

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2053

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2050

CVE-2024-39273 & CVE-2024-39608 - Wavlink AC3000 M33A8.V5030.210505 firmware update vulnerabilities allows arbitrary firmware updates via crafted HTTP requests

Product: Wavlink AC3000

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39273

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39608

NVD References:

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2037

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2036

CVE-2024-39363 - Wavlink AC3000 M33A8.V5030.210505. has a cross-site scripting vulnerability in the login.cgi set_lang_CountryCode() function allowing disclosure of sensitive data via specially crafted HTTP requests.

Product: Wavlink AC3000

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39363

NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2024-2017

CVE-2024-39754 - Wavlink AC3000 M33A8.V5030.210505 static login vulnerability allows an attacker to gain root access by sending specially crafted network packets.

Product: Wavlink AC3000 M33A8

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39754

NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2024-2034

CVE-2024-39786 & CVE-2024-39787- Wavlink AC3000 M33A8.V5030.210505. directory traversal vulnerabilities allow attackers to bypass permissions by sending specially crafted HTTP requests.

Product: Wavlink AC3000

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39786

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39787

NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2024-2057

CVE-2025-23025 - XWiki Platform's Realtime WYSIWYG Editor extension allows users with edit rights to insert script rendering macros, potentially granting unauthorized access, before being patched in certain versions.

Product: XWiki Platform

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-23025

NVD References:

- https://extensions.xwiki.org/xwiki/bin/view/Extension/CKEditor+Integration#HAdministrationSection

- https://extensions.xwiki.org/xwiki/bin/view/Extension/Realtime%20WYSIWYG%20Editor

- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rmm7-r7wr-xpfg

- https://jira.xwiki.org/browse/XWIKI-21949

CVE-2024-48856 - QNX SDP versions 8.0, 7.1, and 7.0 are vulnerable to an out-of-bounds write in the PCX image codec, which could result in a denial-of-service or code execution by an unauthenticated attacker.

Product: QNX SDP

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48856

NVD References: https://support.blackberry.com/pkb/s/article/140334

CVE-2024-49375 - Rasa, an open source machine learning framework, is vulnerable to Remote Code Execution when a maliciously crafted model is remotely loaded into a Rasa instance with the HTTP API enabled and without proper authentication controls.

Product: Rasa Open source machine learning framework

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49375

NVD References: https://github.com/RasaHQ/rasa-pro-security-advisories/security/advisories/GHSA-cpv4-ggrr-7j9v

CVE-2024-50338 - Git Credential Manager (GCM) is vulnerable to a newline mismatch between Git and .NET, allowing an attacker to capture credentials for another Git remote when interacting with a malicious repository.

Product: Git Credential Manager (GCM)

CVSS Score: 7.4

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50338

ISC Diary: https://isc.sans.edu/diary/31590

NVD References:

- https://github.com/git-ecosystem/git-credential-manager/security/advisories/GHSA-86c2-4x57-wc8g

- https://learn.microsoft.com/en-us/dotnet/api/system.io.streamreader?view=net-8.0

CVE-2024-54142 - Discourse AI plugin had a vulnerability where HTML entities from AI Bot conversations could leak into the application, now fixed in commit `92f122c`.

Product: Discourse AI

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54142

NVD References:

- https://github.com/discourse/discourse-ai/commit/92f122c54d9d7ead9223a056270bff5b4c42c73f

- https://github.com/discourse/discourse-ai/security/advisories/GHSA-94c2-qr2h-88jv

CVE-2025-23061 - Mongoose before 8.9.5 is vulnerable to search injection through improper use of a nested $where filter with a populate() match.

Product: Mongoose

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-23061

NVD References:

- https://github.com/Automattic/mongoose/blob/master/CHANGELOG.md

- https://github.com/Automattic/mongoose/commit/64a9f9706f2428c49e0cfb8e223065acc645f7bc

- https://github.com/Automattic/mongoose/releases/tag/8.9.5

- https://www.npmjs.com/package/mongoose?activeTab=versions

CVE-2025-21234 - Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerabilities

Product: Microsoft Windows PrintWorkflowUserSvc

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21234

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21235

ISC Diary: https://isc.sans.edu/diary/31590

NVD References:

- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21234

- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21235

CVE-2025-21271 - Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Product: Microsoft Windows Cloud Files Mini Filter Driver

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21271

ISC Diary: https://isc.sans.edu/diary/31590

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21271

CVE-2024-44243 - macOS System Integrity Protection bypass through kernel extensions. A configuration issue could be exploited to allow an app to modify protected parts of the file system.

Product: macOS

CVSS Score: 5.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44243

ISC Diary: https://isc.sans.edu/diary/31514

ISC Podcast: https://isc.sans.edu/podcastdetail/9252

- https://support.apple.com/en-us/121839

- https://www.microsoft.com/en-us/security/blog/2025/01/13/analyzing-cve-2024-44243-a-macos-system-integrity-protection-bypass-through-kernel-extensions/

The following vulnerability need a manual review:

CVE-2024-12833 - Paessler PRTG Network Monitor SNMP Cross-Site Scripting Authentication Bypass Vulnerability

Product: Paessler PRTG Network Monitor. A patch is available.

CVSS Score: 8.0

NVD: N/A

ISC Podcast: https://isc.sans.edu/podcastdetail/9280

NVD References:

- https://www.paessler.com/prtg/history/stable

- https://www.zerodayinitiative.com/advisories/ZDI-24-1736/