The Consensus Security Vulnerability Alert

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

New Variant of Crypto Confidence Scam

Published: 2025-05-21

Last Updated: 2025-05-21 15:26:09 UTC

by Johannes Ullrich (Version: 1)

In February, we had a few diaries about crypto wallet scams. We saw these scams use YouTube comments, but they happened via other platforms and messaging systems, not just YouTube. The scam was a bit convoluted: The scammer posted the secret key to their crypto wallet. Usually, this would put their crypto wallet at risk of being emptied. But the wallet they used came with a twist: A second key was required. The scammer counted on the victim paying the transaction fee, which the scammer would receive, before attempting to withdraw the funds.

This is a classic "confidence scheme" or "advance fee" scheme. The victim believes they are scamming the attacker out of their money. Instead, they are being robbed. These types of scams are amazingly successful in real life and online. They rely on greedy victims attempting to get something for free (or cheap).

I recently started seeing a new variation of this scam, this time mostly via X direct messages ...

Read the full entry: https://isc.sans.edu/diary/New+Variant+of+Crypto+Confidence+Scam/31968/

Researchers Scanning the Internet

Published: 2025-05-20

Last Updated: 2025-05-20 13:59:12 UTC

by Johannes Ullrich (Version: 1)

We have been using our data to identify researchers scanning the internet for a few years. Currently, we are tracking 36 groups performing such scans, and our data feed of the IP addresses used contains around 33k addresses. 

Of course, no clear definition of when a scan is inappropriate exists. Some consider any scan performed nationally and without permission to be unethical. Others have a higher bar, for example, considering scans appropriate if they do not exploit vulnerabilities or cause damage. Legal frameworks vary around the world.

Earlier today, Caleb reminded me of RFC 9511, which I believe offers some good ideas and should be considered if you plan to perform an internet-wide scan. The RFC is entitled "Attribution of Internet Probes." It gets to one of the main issues: Identify yourself if you are performing these scans. This way, if you are causing problems, targets can contact you. This should be a minimum requirement to limit unintentional damage.

Can a simple "scan" cause damage? Of course, it can! We had plenty of examples of such scans causing problems. My favorite example is an old Cisco bug that caused routers to crash if they were scanned with empty UDP packets.

RFC9511 suggests adding a URL to your probe packets and a probe description file at "/.well-known/probing.txt." The IP address the probe originates from should reverse resolve to a hostname, and the probe description file can be found at that hostname. Alternatively, the host the probe originates from should run a web server offering the file. Or the probe description URL should be included as a payload.

For web-based scanning, I see many scanners adding a URL to the user-agent header, which I think fulfills what RFC 9511 is attempting to achieve ...

Read the full entry: https://isc.sans.edu/diary/Researchers+Scanning+the+Internet/31964/

Web Scanning SonicWall for CVE-2021-20016 - Update

Published: 2025-05-14

Last Updated: 2025-05-15 01:23:29 UTC

by Guy Bruneau (Version: 1)

I published on the 29 Apr 2025 a diary on scanning activity looking for SonicWall and since this publication this activity has grown 10-fold. Over the past 14 days, several BACS students have reported activity related to SonicWall scans all related for the same 2 URLs previously mentioned in my last diary. My own DShield sensor was probed by 25 separate IPs during those last 14 days. The three most active IPs were all from the same subnet ...

Read the full entry: https://isc.sans.edu/diary/Web+Scanning+SonicWall+for+CVE202120016+Update/31952/

RAT Dropped By Two Layers of AutoIT Code (2025.05.19)

https://isc.sans.edu/diary/RAT+Dropped+By+Two+Layers+of+AutoIT+Code/31960/

xorsearch.py: Python Functions (2025.05.17)

https://isc.sans.edu/diary/xorsearchpy+Python+Functions/31858/

Microsoft Patch Tuesday: May 2025 (2025.05.13)

https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+May+2025/31946/

Apple Updates Everything: May 2025 Edition (2025.05.12)

https://isc.sans.edu/diary/Apple+Updates+Everything+May+2025+Edition/31942/

The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

CVE-2025-32756 -  Fortinet FortiVoice, FortiRecorder, FortiMail, FortiNDR, and FortiCamera are vulnerable to a stack-based buffer overflow allowing remote attackers to execute arbitrary code via specially crafted HTTP requests.

Product: Multiple Fortinet products

CVSS Score: 9.8

** KEV since 2025-05-14 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32756

ISC Podcast: https://isc.sans.edu/podcastdetail/9450

NVD References: https://fortiguard.fortinet.com/psirt/FG-IR-25-254

CVE-2021-20016 - SonicWall SSLVPN SMA100 SQL Injection Vulnerability

Product: Sonicwall SMA_500V

CVSS Score: 0

** KEV since 2021-11-03 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-20016

ISC Podcast: https://isc.sans.edu/podcastdetail/9454

CVE-2025-42999 - SAP NetWeaver Visual Composer Metadata Uploader is vulnerable to upload of untrusted content that could compromise system confidentiality, integrity, and availability.

Product: Sap NetWeaver

CVSS Score: 9.1

** KEV since 2025-05-15 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-42999

NVD References: 

- https://me.sap.com/notes/3604119

- https://url.sap/sapsecuritypatchday

- https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

CVE-2025-4428 - Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows authenticated attackers to execute arbitrary code through crafted API requests.

Product: Ivanti Endpoint Manager Mobile

CVSS Score: 7.2

** KEV since 2025-05-19 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4428

ISC Podcast: https://isc.sans.edu/podcastdetail/9450

NVD References: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM

CVE-2025-4427 - Ivanti Endpoint Manager Mobile 12.5.0.0 and prior is vulnerable to an authentication bypass in its API component, allowing attackers to access protected resources without proper credentials.

Product: Ivanti Endpoint Manager Mobile

CVSS Score: 5.3

** KEV since 2025-05-19 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4427

ISC Podcast: https://isc.sans.edu/podcastdetail/9450

NVD References: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM

CVE-2025-4664 - Google Chrome Loader had a high severity vulnerability allowing a remote attacker to leak cross-origin data via a crafted HTML page.

Product: Google Chrome

CVSS Score: 4.3

** KEV since 2025-05-15 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4664

ISC Podcast: https://isc.sans.edu/podcastdetail/9454

NVD References: 

- https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_14.html

- https://issues.chromium.org/issues/415810136

CVE-2025-30397 - Microsoft Scripting Engine is vulnerable to type confusion, enabling unauthorized attackers to execute code over a network.

Product: Microsoft Windows 10 1507

CVSS Score: 7.5

** KEV since 2025-05-13 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30397

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30397

CVE-2025-30400 - Use after free in Windows DWM allows an authorized attacker to elevate privileges locally.

Product: Microsoft Windows 10 1809

CVSS Score: 7.8

** KEV since 2025-05-13 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30400

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30400

CVE-2025-32701 - Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Product: Microsoft Windows 10 1507

CVSS Score: 7.8

** KEV since 2025-05-13 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32701

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32701

CVE-2025-32706 - Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Product: Microsoft Windows 10 1507

CVSS Score: 7.8

** KEV since 2025-05-13 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32706

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32706

CVE-2025-32709 - Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Product: Microsoft Windows 10 1507

CVSS Score: 7.8

** KEV since 2025-05-13 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32709

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32709

CVE-2023-49641 - Billing Software v1.0 has multiple Unauthenticated SQL Injection vulnerabilities due to lack of filtering in the 'username' parameter of loginCheck.php.

Product: Kashipara Billing Software v1.0

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-49641

NVD References: 

- https://fluidattacks.com/advisories/zimerman/

- https://www.kashipara.com/

CVE-2025-4632 - Samsung MagicINFO 9 Server before version 21.1052 allows attackers to write arbitrary files with system authority by improperly limiting pathnames to restricted directories.

Product: Samsung MagicINFO 9 Server

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4632

NVD References: https://security.samsungtv.com/securityUpdates#SVP-MAY-2025

CVE-2025-26389 - OZW672 and OZW772 are vulnerable to a remote code execution attack due to unsanitized input parameters in the `exportDiagramPage` endpoint, potentially granting unauthorized root access.

Product: OZW OZW672 and OZW772

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26389

NVD References: https://cert-portal.siemens.com/productcert/html/ssa-047424.html

CVE-2025-26390 -  OZW672 and OZW772 are vulnerable to SQL injection, allowing an unauthenticated remote attacker to bypass authentication and authenticate as Administrator user.

Product: OZW OZW672 and OZW772 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26390

NVD References: https://cert-portal.siemens.com/productcert/html/ssa-047424.html

CVE-2025-32469, CVE-2025-33024, CVE-2025-33025 - RUGGEDCOM ROX series devices are vulnerable to command injection

Product: Siemens RUGGEDCOM

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32469

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-33024

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-33025

NVD References: https://cert-portal.siemens.com/productcert/html/ssa-301229.html

CVE-2025-44831 - EngineerCMS v1.02 through v2.0.5 has a SQL injection vulnerability in the /project/addproject interface.

Product: EngineerCMS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-44831

NVD References: https://github.com/3xxx/engineercms/issues/91

CVE-2024-46506 - NetAlertX 23.01.14 through 24.x before 24.10.12 is susceptible to unauthenticated command injection via settings update due to a missing authentication requirement, seen in a real exploitation in May 2025.

Product: NetAlertX 23.01.14 through 24.x before 24.10.12

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46506

NVD References: 

- https://rhinosecuritylabs.com/research/cve-2024-46506-rce-in-netalertx/

- https://rhinosecuritylabs.com/research/cve-2024-46506-rce-in-netalertx/

CVE-2025-22462 - Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2, and 2024.3 with the May 2025 Security Patch allows a remote unauthenticated attacker to gain administrative access to the system through an authentication bypass.

Product: Ivanti Neurons for ITSM

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22462

NVD References: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-on-premises-only-CVE-2025-22462

CVE-2025-28056 - rebuild v3.9.0 through v3.9.3 has a SQL injection vulnerability in /admin/admin-cli/exec component.

Product: rebuild v3.9.0

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-28056

NVD References: 

- https://gist.github.com/LTLTLXEY/c34dc785fc24f4cbb026e2ef3d7660c4

- https://github.com/getrebuild/rebuild/issues/866

CVE-2025-45857 - EDIMAX CV7428NS v1.20 is vulnerable to remote code execution (RCE) through the command parameter in the mp function.

Product: EDIMAX CV7428NS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-45857

NVD References: 

- https://github.com/Jiangxiazhe/IOT_hack/blob/main/EDIMAX/CV7428NS/1.md

- https://www.edimax.com/

CVE-2025-45858 - TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability via the FUN_00459fdc function.

Product: TOTOLINK A3002R

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-45858

NVD References: 

- https://github.com/Jiangxiazhe/IOT_hack/blob/main/TOTOLINK/A3002R/injection1.md

- https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/258/ids/36.html

CVE-2025-45861, CVE-2025-45865, CVE-2025-45863 - TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain multiple buffer overflow vulnerabilities.

Product: Totolink A3002R

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-45861

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-45865

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-45863

NVD References: 

- https://github.com/Jiangxiazhe/IOT_hack/blob/main/TOTOLINK/A3002R/3/overflow.md

- https://github.com/Jiangxiazhe/IOT_hack/blob/main/TOTOLINK/A3002R/6/overflow.md

- https://github.com/Jiangxiazhe/IOT_hack/blob/main/TOTOLINK/A3002R/5/overflow.md

- https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/258/ids/36.html

CVE-2025-30387 - Azure vulnerability allows unauthorized attackers to elevate privileges through improper limitation of pathnames.

Product: Microsoft Azure AI Document Intelligence Studio

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30387

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30387

CVE-2025-4660 - SecureConnector for Windows is vulnerable to remote code execution due to improper access controls on a named pipe, allowing any network-based attacker to connect without authentication and issue commands via the SecureConnector Agent.

Product: Forescout SecureConnector

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4660

NVD References: https://forescout.my.site.com/support/s/article/

CVE-2025-45746 - ZKT ZKBio CVSecurity 6.4.1_R allows unauthenticated attackers to create JWT tokens with a hardcoded secret for unauthorized access to the service console.

Product: ZKT ZKBio CVSecurity

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-45746

NVD References: 

- http://zkbio.com

- https://github.com/mrojz/ZKT-Bio-CVSecurity/blob/main/CVE-2025-45746.md

CVE-2025-43559 & CVE-2025-43560 - ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are vulnerable to Improper Input Validation issues allowing for arbitrary code execution by a high-privileged attacker without user interaction.

Product: Adobe ColdFusion

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43559

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43560

NVD References: https://helpx.adobe.com/security/products/coldfusion/apsb25-52.html

CVE-2025-43561 - ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Incorrect Authorization vulnerability allowing high-privileged attackers to execute arbitrary code without user interaction.

Product: Adobe ColdFusion

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43561

NVD References: https://helpx.adobe.com/security/products/coldfusion/apsb25-52.html

CVE-2025-43562 - ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an OS Command Injection vulnerability allowing arbitrary code execution by high-privileged attackers.

Product: Adobe ColdFusion

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43562

NVD References: https://helpx.adobe.com/security/products/coldfusion/apsb25-52.html

CVE-2025-43563 & CVE-2025-43564 - ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are vulnerable to Improper Access Control flaws allowing unauthorized file system access without user interaction.

Product: Adobe ColdFusion

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43563

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43564

NVD References: https://helpx.adobe.com/security/products/coldfusion/apsb25-52.html

CVE-2025-43567 - Adobe Connect versions 12.8 and earlier are vulnerable to a reflected Cross-Site Scripting (XSS) attack, allowing an attacker to inject malicious scripts into form fields and potentially execute malicious JavaScript on a victim's browser.

Product: Adobe Connect

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43567

NVD References: https://helpx.adobe.com/security/products/connect/apsb25-36.html

CVE-2024-24780 - Apache IoTDB is vulnerable to Remote Code Execution with untrusted URI in UDF, allowing attackers with privilege to register malicious functions from untrusted sources, affecting versions 1.0.0 to 1.3.3, users are advised to update to version 1.3.4 to mitigate the risk.

Product: Apache IoTDB

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-24780

NVD References: 

- https://lists.apache.org/thread/xphtm98v3zsk9vlpfh481m1ry2ctxvmj

- http://www.openwall.com/lists/oss-security/2025/05/14/2

CVE-2025-47777 - 5ire is vulnerable to stored cross-site scripting in chatbot responses prior to version 0.11.1, leading to potential Remote Code Execution via unsafe Electron protocol handling.

Product: 5ire client

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47777

NVD References: 

- https://github.com/nanbingxyz/5ire/security/advisories/GHSA-mr8w-mmvv-6hq8

- https://positive.security/blog/url-open-rce

- https://www.electronjs.org/docs/latest/tutorial/security

CVE-2025-47781 - Rallly's authentication mechanism is vulnerable to brute force attacks due to a weak 6-digit token-based authentication system with no brute force protection.

Product: Rallly

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47781

NVD References: https://github.com/lukevella/rallly/security/advisories/GHSA-gm8g-3r3j-48hv

CVE-2025-32363 - mediDOK before 2.5.18.43 allows remote attackers to achieve remote code execution on a target system via deserialization of untrusted data.

Product: mediDOK

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32363

NVD References: 

- https://code-white.com/public-vulnerability-list/#unauthenticated-remote-code-execution-via-deserialization-of-untrusted-data-in-m

- https://medidok.de/aktuelles-neuigkeiten/

- https://medidok.de/neueversionen/update-medidok-2-5-18-43-verfugbar/

CVE-2025-27891 -  Samsung Exynos processors and modems are vulnerable to out-of-bounds reads via malformd NAS packets due to a lack of length check.

Product: Samsung Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27891

NVD References: 

- https://semiconductor.samsung.com/support/quality-support/product-security-updates/

- https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-27891/

CVE-2025-47884 - Jenkins OpenID Connect Provider Plugin allows attackers to craft build ID Tokens with overridden environment values, potentially granting unauthorized access to external services.

Product: Jenkins OpenID Connect Provider Plugin

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47884

NVD References: https://www.jenkins.io/security/advisory/2025-05-14/#SECURITY-3574

CVE-2025-47889 - Jenkins WSO2 OAuth Plugin 1.0 and earlier allows unauthenticated attackers to log in using any username and password due to lack of authentication claim validation.

Product: Jenkins WSO2 OAuth Plugin

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47889

NVD References: https://www.jenkins.io/security/advisory/2025-05-14/#SECURITY-3481

CVE-2025-32002 - I-O DATA network attached hard disk 'HDL-T Series' firmware Ver.1.21 and earlier allows remote unauthenticated attackers to execute arbitrary OS commands via the 'Remote Link3 function'.

Product: I-O DATA HDL-T Series

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32002

NVD References: 

- https://jvn.jp/en/vu/JVNVU91726405/

- https://www.iodata.jp/support/information/2025/05_hdl-t/

CVE-2025-46052 - WebERP v4.15.2 is vulnerable to an error-based SQL Injection (SQLi) attack through the DEL form field in /StockCounts.php, enabling attackers to execute arbitrary SQL commands and extract sensitive data.

Product: WebERP v4.15.2

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-46052

NVD References: 

- https://github.com/johnchd/CVEs/blob/main/WebERP/CVE-2025-46052%20-%20SQLi.md

- https://www.weberp.org/

- https://github.com/johnchd/CVEs/blob/main/WebERP/CVE-2025-46052%20-%20SQLi.md

CVE-2025-47928 - Spotipy, a Python library for the Spotify Web API, is vulnerable to exploitation through the use of `pull_request_target` in `.github/workflows/integration_tests.yml`, allowing attackers to exfiltrate sensitive secrets like `GITHUB_TOKEN` and `SPOTIPY_CLIENT_ID`, potentially leading to a complete takeover of the affected repository.

Product: Spotipy Spotify Web API

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47928

NVD References: 

- https://github.com/spotipy-dev/spotipy/commit/4f5759dbfb4506c7b6280572a4db1aabc1ac778d

- https://github.com/spotipy-dev/spotipy/commit/9dfb7177b8d7bb98a5a6014f8e6436812a47576f

- https://github.com/spotipy-dev/spotipy/security/advisories/GHSA-h25v-8c87-rvm8

CVE-2025-47275 - Auth0-PHP SDK prior to v8.14.0 allows for brute forcing of authentication tags in session cookies, potentially leading to unauthorized access.

Product: Auth0-PHP

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47275

NVD References: 

- https://github.com/auth0/auth0-PHP/security/advisories/GHSA-g98g-r7gf-2r25

- https://github.com/auth0/laravel-auth0/security/advisories/GHSA-9fwj-9mjf-rhj3

- https://github.com/auth0/symfony/security/advisories/GHSA-9wg9-93h9-j8ch

- https://github.com/auth0/wordpress/security/advisories/GHSA-2f4r-34m4-3w8q

CVE-2025-47916 - Invision Community 5.0.0 before 5.0.7 is vulnerable to remote code execution due to unauthenticated users being able to exploit the themeeditor controller in themeeditor.php.

Product: Invision Community 5.0.0

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47916

NVD References: 

- https://invisioncommunity.com/release-notes-v5/507-r41/

- https://karmainsecurity.com/KIS-2025-02

- https://seclists.org/fulldisclosure/2025/May/4

CVE-2025-40906 - BSON::XS versions 0.8.4 and earlier bundled with libbson 1.1.7 for Perl have multiple vulnerabilities and are no longer supported as of August 13, 2020.

Product: BSON::XS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-40906

NVD References: 

- https://lists.debian.org/debian-lts-announce/2025/05/msg00012.html

- https://www.mongodb.com/community/forums/t/mongodb-perl-driver-end-of-life/7890

CVE-2025-48187 - RAGFlow through 0.18.1 is vulnerable to account takeover due to lack of rate limiting on six-digit email verification codes, allowing successful brute-force attacks for arbitrary account actions.

Product: RAG RAGFlow

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48187

NVD References: 

- https://github.com/infiniflow/ragflow/commits/main/

- https://www.cnblogs.com/qiushuo/p/18881084

CVE-2025-47945 - Donetick, an open-source task and chore management app, has a vulnerability in versions prior to 0.1.44 where the weak default signing secret for JSON Web Tokens can lead to full account takeover for any user.

Product: Donetick open-source app

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47945

NVD References: 

- https://github.com/donetick/donetick/commit/620b897bc0135f6668bb8a5562678104531108eb

- https://github.com/donetick/donetick/commit/b9a6e177eefdc605dedbc5320f0d93d6573d1db6

- https://github.com/donetick/donetick/security/advisories/GHSA-hjjg-vw4j-986x

CVE-2025-4978 - Netgear DGND3700 1.1.00.15_1.00.15NA has a very critical vulnerability in Basic Authentication leading to improper authentication, allowing for remote attacks after disclosure to the public.

Product: Netgear DGND3700

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4978

NVD References: 

- https://github.com/at0de/my_vulns/blob/main/Netgear/DGND3700v2/backdoor.md

- https://www.netgear.com/

CVE-2025-48017 - Improper limitation of pathname in Circuit Provisioning and File Import applications allows modification and uploading of files

Product: Not enough information provided to determine the vendor and product name. 

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48017

NVD References: https://selinc.com/products/software/latest-software-versions/

CVE-2025-46724 - Langroid's TableChatAgent prior to version 0.53.15 is vulnerable to code injection when using `pandas eval()` with untrusted user input, but has since added input sanitization and warnings in the documentation to address this issue.

Product: Langroid TableChatAgent

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-46724

NVD References: 

- https://github.com/langroid/langroid/commit/0d9e4a7bb3ae2eef8d38f2e970ff916599a2b2a6

- https://github.com/langroid/langroid/security/advisories/GHSA-jqq5-wc57-f8hj

CVE-2025-47277 - vLLM is vulnerable in versions 0.6.5 through 0.8.4 in environments using the `PyNcclPipe` KV cache transfer integration with the V0 engine, affecting only those configurations.

Product: vLLM PyNcclPipe

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47277

NVD References: 

- https://docs.vllm.ai/en/latest/deployment/security.html

- https://github.com/vllm-project/vllm/security/advisories/GHSA-hjq4-87xh-g4fv

CVE-2025-47934 - OpenPGP.js is vulnerable to a flaw where a maliciously modified message can be passed to either `openpgp.verify` or `openpgp.decrypt`, causing these functions to return a valid signature verification result while returning data that was not actually signed.

Product: OpenPGP.js OpenPGP protocol

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47934

ISC Podcast: https://isc.sans.edu/podcastdetail/9460

NVD References: https://github.com/openpgpjs/openpgpjs/security/advisories/GHSA-8qff-qr5q-5pr8

CVE-2025-3917 - The 百度站长SEO合集 for WordPress plugin is vulnerable to arbitrary file uploads, allowing unauthenticated attackers to potentially execute remote code.

Product: WordPress 百度站长SEO合集

Active Installations: 1,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-3917

NVD References: 

- https://plugins.trac.wordpress.org/browser/baiduseo/tags/2.0.6/inc/index/youhua.php#L371

- https://wordpress.org/plugins/baiduseo/

- https://www.wordfence.com/threat-intel/vulnerabilities/id/70361501-8adc-499a-91d2-cf91fab5934a?source=cve

CVE-2025-4564 - The TicketBAI Facturas para WooCommerce plugin for WordPress allows unauthenticated attackers to delete arbitrary files on the server through the 'delpdf' action, leading to potential remote code execution in versions up to 3.18.

Product: TicketBAI Facturas para WooCommerce plugin

Active Installations: This plugin hasn’t been tested with the latest 3 major releases of WordPress. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4564

NVD References: 

- https://plugins.trac.wordpress.org/browser/wp-ticketbai/trunk/wp-ticketbai.php#L240

- https://plugins.trac.wordpress.org/changeset/3292061/

- https://www.wordfence.com/threat-intel/vulnerabilities/id/2927aa13-b012-41eb-93bd-38a4e5fc5455?source=cve

CVE-2024-6159 - The Push Notification for Post and BuddyPress WordPress plugin before version 1.9.4 is vulnerable to SQL injection via an AJAX action accessible to unauthenticated users due to improper sanitization of a parameter used in a SQL statement.

Product: WordPress Push Notification for Post and BuddyPress Plugin

Active Installations: 200+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6159

NVD References: https://wpscan.com/vulnerability/de20ebda-b0bc-489e-a8d3-e9487a2b48e8/

CVE-2024-6584 - The 'wp_ajax_boost_proxy_ig' action allows administrators to make GET requests to arbitrary URLs.

Product: WordPress Boost plugin

Active Installations: 300,000+

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6584

NVD References: https://wpscan.com/vulnerability/eaa57c8c-1cac-4903-9763-79f7f84469fa/

CVE-2025-32643 - WPGYM is vulnerable to Blind SQL Injection through improper neutralization of special elements in SQL commands affecting versions from n/a through 65.0.

Product: mojoomla WPGYM

Active Installations: Unknown

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32643

NVD References: https://patchstack.com/database/wordpress/plugin/gym-management/vulnerability/wordpress-wpgym-plugin-65-0-sql-injection-vulnerability?_s_id=cve

CVE-2025-39406 - WPAMS is vulnerable to PHP Local File Inclusion in versions n/a through 44.0.

Product: mojoomla WPAMS

Active Installations: Unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-39406

NVD References: https://patchstack.com/database/wordpress/plugin/apartment-management/vulnerability/wordpress-wpams-plugin-44-0-local-file-inclusion-to-privilege-escalation-vulnerability?_s_id=cve

CVE-2025-39395 - WPAMS is vulnerable to SQL Injection from version n/a through 44.0 (17-08-2023).

Product: mojoomla WPAMS

Active Installations: Unknown

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-39395

NVD References: https://patchstack.com/database/wordpress/plugin/apartment-management/vulnerability/wordpress-wpams-plugin-44-0-17-08-2023-sql-injection-vulnerability-2?_s_id=cve

CVE-2025-39401 & CVE-2025-39402 - WPAMS allows for unrestricted upload of files with dangerous types, posing a risk of uploading a web shell to a web server.

Product: mojoomla WPAMS

Active Installations: Unknown

CVSS Scores: 9.9 - 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-39401

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-39402

NVD References: 

- https://patchstack.com/database/wordpress/plugin/apartment-management/vulnerability/wordpress-wpams-plugin-44-0-17-08-2023-arbitrary-file-upload-vulnerability?_s_id=cve

- https://patchstack.com/database/wordpress/plugin/apartment-management/vulnerability/wordpress-wpams-plugin-44-0-17-08-2023-arbitrary-file-upload-vulnerability-2?_s_id=cve

CVE-2025-39380 - Mojoomla Hospital Management System allows attackers to upload a web shell to a web server due to unrestricted upload of file with dangerous type vulnerability.

Product: Mojoomla Hospital Management System

Active Installations: Unknown

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-39380

NVD References: https://patchstack.com/database/wordpress/plugin/hospital-management/vulnerability/wordpress-hospital-management-system-plugin-47-0-20-11-2023-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2025-39386 - Mojoomla Hospital Management System is vulnerable to SQL Injection from versions n/a through 47.0(20-11-2023).

Product: Mojoomla Hospital Management System

Active Installations: Unknown

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-39386

NVD References: https://patchstack.com/database/wordpress/plugin/hospital-management/vulnerability/wordpress-hospital-management-system-plugin-47-0-20-11-2023-sql-injection-vulnerability-2?_s_id=cve

CVE-2025-39481 - Eventer software from n/a through version 3.9.6 is vulnerable to Blind SQL Injection due to improper neutralization of special elements in SQL commands.

Product: imithemes Eventer

Active Installations: Unknown

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-39481

NVD References: https://patchstack.com/database/wordpress/plugin/eventer/vulnerability/wordpress-eventer-wordpress-event-booking-manager-plugin-plugin-3-9-6-sql-injection-vulnerability?_s_id=cve

CVE-2025-4389 - The Crawlomatic Multipage Scraper Post Generator plugin for WordPress allows unauthenticated attackers to upload arbitrary files and potentially execute remote code.

Product: Crawlomatic Multipage Scraper Post Generator plugin for WordPress

Active Installations: Unknown. Update to version 2.6.8.2, or a newer patched version

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4389

NVD References: 

- https://codecanyon.net/item/crawlomatic-multisite-scraper-post-generator-plugin-for-wordpress/20476010

- https://www.wordfence.com/threat-intel/vulnerabilities/id/1283e839-8588-4a76-9c1e-61562526166d?source=cve

CVE-2025-4391 - The Echo RSS Feed Post Generator plugin for WordPress allows unauthenticated attackers to upload arbitrary files via the echo_generate_featured_image() function, potentially leading to remote code execution.

Product: Echo RSS Feed Post Generator plugin for WordPress

Active Installations: Unbeknown. Update to version 5.4.8.2, or a newer patched version

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4391

NVD References: 

- https://codecanyon.net/item/echo-rss-feed-post-generator-plugin-for-wordpress/19486974

- https://www.wordfence.com/threat-intel/vulnerabilities/id/72de9f64-f3e0-4705-adc1-6c22076b382f?source=cve

CVE-2025-26872 - Eximius allows unrestricted upload of dangerous files, enabling malicious users to exploit this vulnerability from versions n/a through 2.2.

Product: dkszone Eximius

Active Installations: Unknown

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26872

NVD References: https://patchstack.com/database/wordpress/theme/eximius/vulnerability/wordpress-eximius-theme-2-2-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2025-26892 - dkszone Celestial Aura allows malicious files to be uploaded due to unrestricted file uploading vulnerability from n/a through 2.2.

Product: dkszone Celestial Aura

Active Installations: Unknown

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26892

NVD References: https://patchstack.com/database/wordpress/theme/celestial-aura/vulnerability/wordpress-celestial-aura-plugin-2-2-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2025-47582 - WPBot Pro Wordpress Chatbot allows Object Injection via Deserialization of Untrusted Data vulnerability, affecting versions from n/a through 12.7.0.

Product: QuantumCloud WPBot Pro WordPress Chatbot

Active Installations: Unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47582

NVD References: https://patchstack.com/database/wordpress/plugin/wpbot-pro/vulnerability/wordpress-wpbot-pro-wordpress-chatbot-12-7-0-php-object-injection-vulnerability?_s_id=cve

CVE-2025-39410 - Smart Sections Theme Builder - WPBakery Page Builder Addon is vulnerable to deserialization of untrusted data from n/a through 1.7.8.

Product: themegusta Smart Sections Theme Builder - WPBakery Page Builder Addon

Active Installations: Unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-39410

NVD References: https://patchstack.com/database/wordpress/plugin/visucom-smart-sections/vulnerability/wordpress-smart-sections-theme-builder-wpbakery-page-builder-addon-plugin-1-7-8-php-object-injection-vulnerability?_s_id=cve

CVE-2025-39445 - Super Store Finder version from n/a through 7.2 is vulnerable to SQL Injection due to improper neutralization of special elements in SQL commands. 

Product: highwarden Super Store Finder

Active Installations: Unknown

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-39445

NVD References: https://patchstack.com/database/wordpress/plugin/superstorefinder-wp/vulnerability/wordpress-super-store-finder-7-2-sql-injection-vulnerability?_s_id=cve

CVE-2025-47577 - TI WooCommerce Wishlist allows unrestricted uploading of dangerous files, potentially enabling cybercriminals to upload web shells onto web servers.

Product: TemplateInvaders TI WooCommerce Wishlist

Active Installations: 100,000+

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47577

NVD References: https://patchstack.com/database/wordpress/plugin/ti-woocommerce-wishlist/vulnerability/wordpress-ti-woocommerce-wishlist-2-9-2-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2025-47581 - Elbisnero WordPress Events Calendar Registration & Tickets is vulnerable to deserialization of untrusted data, allowing object injection from versions n/a through 2.6.0.

Product: Elbisnero WordPress Events Calendar Registration & Tickets

Active Installations: Unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47581

NVD References: https://patchstack.com/database/wordpress/plugin/wpeventplus/vulnerability/wordpress-wordpress-events-calendar-registration-tickets-plugin-2-6-0-php-object-injection-vulnerability?_s_id=cve

CVE-2025-32926 - Grand Restaurant WordPress allows Path Traversal due to Improper Limitation of a Pathname to a Restricted Directory vulnerability.

Product: ThemeGoods Grand Restaurant WordPress

Active Installations: Unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32926

NVD References: https://patchstack.com/database/wordpress/theme/grandrestaurant/vulnerability/wordpress-grand-restaurant-wordpress-theme-7-0-path-traversal-to-php-object-injection-vulnerability?_s_id=cve

CVE-2025-39348 - Grand Restaurant WordPress is vulnerable to Object Injection due to untrusted data deserialization in versions from n/a through 7.0.

Product: ThemeGoods Grand Restaurant WordPress

Active Installations: Unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-39348

NVD References: https://patchstack.com/database/wordpress/theme/grandrestaurant/vulnerability/wordpress-grand-restaurant-wordpress-theme-7-0-php-object-injection-vulnerability?_s_id=cve

CVE-2025-32927 - Deserialization of Untrusted Data vulnerability in Chimpstudio FoodBakery allows Object Injection.This issue affects FoodBakery: from n/a through 3.3.

Product: Chimpstudio FoodBakery

Active Installations: Unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32927

NVD References: https://patchstack.com/database/wordpress/plugin/wp-foodbakery/vulnerability/wordpress-foodbakery-plugin-3-3-php-object-injection-vulnerability?_s_id=cve

CVE-2025-32928 - Deserialization of Untrusted Data vulnerability in ThemeGoods Altair allows Object Injection.This issue affects Altair: from n/a through 5.2.2.

Product: ThemeGoods Altair

Active Installations: Unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32928

NVD References: https://patchstack.com/database/wordpress/theme/altair/vulnerability/wordpress-altair-theme-5-2-2-php-object-injection-vulnerability?_s_id=cve

CVE-2025-39349 - Deserialization of Untrusted Data vulnerability in Potenzaglobalsolutions CiyaShop allows Object Injection.This issue affects CiyaShop: from n/a through 4.18.0.

Product: Potenzaglobalsolutions CiyaShop

Active Installations: Unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-39349

NVD References: https://patchstack.com/database/wordpress/theme/ciyashop/vulnerability/wordpress-ciyashop-theme-4-18-0-php-object-injection-vulnerability?_s_id=cve

CVE-2025-39354 - Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Conference allows Object Injection.This issue affects Grand Conference: from n/a through 5.2.

Product: ThemeGoods Grand Conference

Active Installations: Unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-39354

NVD References: https://patchstack.com/database/wordpress/plugin/grandconference/vulnerability/wordpress-grand-conference-theme-5-2-php-object-injection-vulnerability?_s_id=cve

CVE-2025-39356 - Foodbakery Sticky Cart is vulnerable to Deserialization of Untrusted Data allowing Object Injection from versions n/a through 3.2.

Product: Chimpstudio Foodbakery Sticky Cart

Active Installations: Unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-39356

NVD References: https://patchstack.com/database/wordpress/plugin/foodbakery-sticky-cart/vulnerability/wordpress-foodbakery-sticky-cart-plugin-3-2-php-object-injection-vulnerability?_s_id=cve

CVE-2025-39389 - Solid Plugins AnalyticsWP is vulnerable to SQL Injection through version 2.1.2.

Product: Solid Plugins AnalyticsWP

Active Installations: unknown

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-39389

NVD References: https://patchstack.com/database/wordpress/plugin/analyticswp/vulnerability/wordpress-analyticswp-2-1-2-sql-injection-vulnerability?_s_id=cve

CVE-2025-48340 - User Profile Meta Manager is vulnerable to Cross-Site Request Forgery (CSRF) allowing Privilege Escalation from n/a through 1.02.

Product: Danny Vink User Profile Meta Manager

Active Installations: This plugin has been closed as of April 24, 2025 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48340

NVD References: https://patchstack.com/database/wordpress/plugin/user-profile-meta/vulnerability/wordpress-user-profile-meta-manager-plugin-1-02-csrf-to-privilege-escalation-vulnerability?_s_id=cve

CVE-2025-4322 - The Motors theme for WordPress is vulnerable to privilege escalation through account takeover, allowing unauthenticated attackers to change user passwords and gain administrative access.

Product: WordPress Motors theme

Active Installations: Unknown. Update to version 5.6.68, or a newer patched version

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4322

NVD References: 

- http://themeforest.net/item/motors-car-dealership-wordpress-theme/13987211

- https://www.wordfence.com/threat-intel/vulnerabilities/id/61820ca5-5548-4155-b350-df3db1bc1661?source=cve

The following vulnerability needs a manual review:

CVE-2025-4609 - Chromium/Google Chrome is vulnerable to an incorrect handle provided in unspecified circumstances in Mojo.

Product: Chromium/Google Chrome

CVSS Score: N/A

NVD: N/A

NVD References:

- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-4609

- https://www.securityweek.com/chrome-136-update-patches-vulnerability-with-exploit-in-the-wild/

- https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_14.html

- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-4609