SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
VOLUME 25ISSUE 23
The Consensus Security Vulnerability Alert
Internet Storm Center Spotlight
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
Be Careful With Fake Zoom Client Downloads
Published: 2025-06-05
Last Updated: 2025-06-05 06:36:36 UTC
by Xavier Mertens (Version: 1)
Collaborative tools are really popular these days. Since the COVID-19 pandemic, many people switched to remote work positions and we need to collaborate with our colleagues or customers every day. Tools like Microsoft Teams, Zoom, WebEx, (name your best solution), ... became popular and must be regularly updated.Yesterday, I received an interesting email with a fake Zoom meeting invitation ...
When you click on join, you'll visite a website. The HTML page is not malicious but it asks you to install the latest Zoom client ...
If you click on the download button, you'll get a nice "gift" ...
Read the full entry: https://isc.sans.edu/diary/Be+Careful+With+Fake+Zoom+Client+Downloads/32014/
Microsoft Patch Tuesday June 2025
Published: 2025-06-10
Last Updated: 2025-06-10 17:50:23 UTC
by Johannes Ullrich (Version: 1)
Microsoft today released patches for 67 vulnerabilities. 10 of these vulnerabilities are rated critical. One vulnerability has already been exploited and another vulnerability has been publicly disclosed before today.
Notable Vulnerabilities:
CVE-2025-33053: WebDAV remote code execution vulnerability. This vulnerability has already been exploited. Microsoft rates it as important. This affects the client part of WebDAV, not the server part. User interaction is required. If an attacker can control the file name and path, they can trick the victim into executing code over the network. This is another issue related to the still supported remnants of Internet Explorer, like the Scripting Engine and MSHTML. You must apply the IE Cumulative Update to patch, even if you no longer use IE.
- https://nvd.nist.gov/vuln/detail/CVE-2025-33053
CVE-2025-33073: A Windows SMB client elevation of Privilege Vulnerability. This vulnerability has already been disclosed but Microsoft has not yet observed it being exploited. An attacker exploiting this vulnerability will gain SYSTEM privileges. But Microsoft considers successful exploitation less likely. An attacker would need the victim to connect to a malicious SMB server.
- https://nvd.nist.gov/vuln/detail/CVE-2025-33073
CVE-2025-32710: An unauthenticated remote code execution vulnerability in the remote desktop service. But it requires the exploitation of a race condition. Microsoft believes it is less likely that an exploit will become available.
- https://nvd.nist.gov/vuln/detail/CVE-2025-32710
CVE-2025-29828: Microsoft states that this vulnerability is due to a "missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to execute code over a network". This vulnerability worries me a bit if this could be used to exploit various TLS services. However, not enough is known to gauge the exploitability. Microsoft considers the attack as "highly complex" and exploitation as less likely.
- https://nvd.nist.gov/vuln/detail/CVE-2025-29828
Microsoft Office Remote Code Execution Vulnerability: Four of the critical vulnerabilities apply to Microsoft Office. These are rated critical as they may be exploited via the preview pane, without actually opening the malicious document ...
Read the full entry: https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+June+2025/32032/
Quasar RAT Delivered Through Bat Files
Published: 2025-06-11
Last Updated: 2025-06-11 05:53:08 UTC
by Xavier Mertens (Version: 1)
RAT's are popular malware. They are many of them in the wild, Quasar being one of them. The malware has been active for a long time and new campaigns come regularly back on stage. I spotted an interesting .bat file (Windows script) that attracted my attention because it is very well obfuscated. This file is a second stage that is downloaded and launched from a simple script ...
Read the full entry: https://isc.sans.edu/diary/Quasar+RAT+Delivered+Through+Bat+Files/32036/
Internet Storm Center Entries
OctoSQL & Vulnerability Data (2026.06.08)
https://isc.sans.edu/diary/OctoSQL+Vulnerability+Data/32026/
Extracting With pngdump.py (2025.06.08)
https://isc.sans.edu/diary/Extracting+With+pngdumppy/32022/
Wireshark 4.4.7 Released (2025.06.08)
https://isc.sans.edu/diary/Wireshark+447+Released/32020/
Upcoming DShield Honeypot Changes and Customizations (2025.06.06)
https://isc.sans.edu/diary/Upcoming+DShield+Honeypot+Changes+and+Customizations/32016/
Recent CVEs
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.
CVE-2025-21479 & CVE-2025-21480 - Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
Product: Qualcomm AQT1000
CVSS Score: 8.6
** KEV since 2025-06-03 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21479
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21480
ISC Diary: https://isc.sans.edu/diary/32026
NVD References: https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html
CVE-2025-27038 - Memory corruption while rendering graphics using Adreno GPU drivers in Chrome.
Product: Qualcomm AR8031
CVSS Score: 7.5
** KEV since 2025-06-03 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27038
ISC Diary: https://isc.sans.edu/diary/32026
NVD References: https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html
CVE-2025-33053 - External control of file name or path in WebDAV allows an unauthorized attacker to execute code over a network.
Product: WebDAV Microsoft
CVSS Score: 8.8
** KEV since 2025-06-10 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-33053
ISC Diary: https://isc.sans.edu/diary/32032
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33053
CVE-2025-5419 - Google Chrome prior to 137.0.7151.68 allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Product: Google Chrome
CVSS Score: 8.8
** KEV since 2025-06-05 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-5419
NVD References:
- https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop.html
CVE-2025-47966 - Power Automate is vulnerable to unauthorized actors accessing sensitive information and elevating privileges over a network.
Product: Microsoft Power Automate
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47966
ISC Diary: https://isc.sans.edu/diary/32032
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47966
CVE-2025-48827 - vBulletin versions 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 on PHP 8.1 or later allow unauthenticated users to access protected API controllers' methods via /api.php?method=protectedMethod.
Product: vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48827
ISC Podcast: https://isc.sans.edu/podcastdetail/9478
CVE-2025-48828 - vBulletin versions are vulnerable to arbitrary PHP code execution through Template Conditionals abuse, allowing attackers to bypass security checks and execute code in an alternative function syntax.
Product: Certain vBulletin versions
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48828
ISC Podcast: https://isc.sans.edu/podcastdetail/9478
CVE-2025-4517 - The tarfile module in Python versions 3.12 or later allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data".
Product: Python Software Foundation
CVSS Score: 9.4
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4517
NVD References:
- https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f
- https://github.com/python/cpython/issues/135034
CVE-2025-25022 - IBM QRadar Suite Software version 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security version 1.10.0.0 through 1.10.11.0 may expose highly sensitive information to unauthenticated users through configuration files.
Product: IBM QRadar Suite Software
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-25022
NVD References: https://www.ibm.com/support/pages/node/7235432
CVE-2025-44148 - MailEnable before version 10 is vulnerable to Cross Site Scripting (XSS) attacks, enabling remote attackers to execute arbitrary code through the failure.aspx component.
Product: MailEnable
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-44148
NVD References: http://mailenable.com
CVE-2025-45854 - JEHC-BPM v2.0.1 is vulnerable to arbitrary code execution through file uploads in /server/executeExec.
CVE-2025-32105 - The Sangoma IMG2020 HTTP server through 2.3.9.6 is vulnerable to a buffer overflow, allowing remote code execution for unauthenticated users.
Product: Sangoma IMG2020
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32105
NVD References: https://github.com/austin2111/papers/blob/main/Software_Vulnerabilities_in_Telecommunications_Hardware.pdf
CVE-2025-32106 - Audiocodes Mediapack MP-11x through 6.60A.369.002 allows for unauthenticated remote code execution via a crafted POST request.
Product: Audiocodes MP-112
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32106
NVD References:
CVE-2025-23097 - An issue was discovered in Samsung Mobile Processor Exynos 1380. The lack of a length check leads to out-of-bounds writes.
Product: Samsung Exynos 1380
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-23097
NVD References:
- https://semiconductor.samsung.com/support/quality-support/product-security-updates/
- https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-23097/
CVE-2025-49001 - DataEase prior to v2.10.10 allows a user to forge a JWT token by bypassing secret verification.
Product: DataEase
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49001
NVD References: https://github.com/dataease/dataease/security/advisories/GHSA-xx2m-gmwg-mf3r
CVE-2025-49002 - DataEase has a vulnerability in versions prior to v2.10.10 allowing bypass of
Product: DataEase
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49002
NVD References:
- https://github.com/dataease/dataease/security/advisories/GHSA-999m-jv2p-5h34
- https://github.com/dataease/dataease/security/advisories/GHSA-h7hj-4j78-cvc7
CVE-2025-49223 - Billboard.js before 3.15.1 is vulnerable to prototype pollution via the function generate, allowing for potential arbitrary code execution or Denial of Service attacks.
Product: Naver Billboard.Js
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49223
NVD References: https://cve.naver.com/detail/cve-2025-49223.html
CVE-2025-20286 - Cisco Identity Services Engine (ISE) in cloud deployments of AWS, Microsoft Azure, and Oracle Cloud Infrastructure could allow unauthorized access to sensitive data and system configurations.
Product: Cisco Identity Services Engine (ISE)
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-20286
NVD References: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-aws-static-cred-FPMjUcm7
CVE-2025-5600 - TOTOLINK EX1200T 4.1.2cu.5232_B20210713 is vulnerable to a critical stack-based buffer overflow in the setLanguageCfg function of the file /cgi-bin/cstecgi.cgi, allowing remote attackers to initiate an attack by manipulating the LangType argument due to disclosure of the exploit to the public.
Product: TOTOLINK EX1200T
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-5600
NVD References:
CVE-2025-5622, CVE-2025-5623, CVE-2025-5624, CVE-2025-5630 - D-Link DIR-816 1.10CNB05 critical stack-based buffer overflow vulnerabilities.
Product: D-Link DIR-816CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-5622NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-5623NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-5624NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-5630NVD References: - https://www.dlink.com/- https://github.com/wudipjq/my_vuln/blob/main/D-Link5/vuln_50/50.md- https://github.com/wudipjq/my_vuln/blob/main/D-Link5/vuln_51/51.md- https://github.com/wudipjq/my_vuln/blob/main/D-Link5/vuln_53/53.md- https://github.com/wudipjq/my_vuln/blob/main/D-Link5/vuln_54/54.mdCVE-2025-3365 - A missing protection against path traversal allows to accessany file on the server.Product: Nozomi Networks GuardianCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-3365NVD References: https://www.bbraun.com/productsecurityCVE-2025-27531 - Apache InLong is vulnerable to deserialization of untrusted data which allows an attacker to read arbitrary files by double writing the param.Product: Apache InLongCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27531NVD References: https://lists.apache.org/thread/r62lkqrr739wvcb60j6ql6q63rh4bxx5NVD References: http://www.openwall.com/lists/oss-security/2025/02/28/2CVE-2025-41646 - The Kunbus RevPi Webstatus application is vulnerable to an unauthorized remote attacker bypassing authentication through incorrect type conversion, resulting in full device compromise.Product: Kunbus RevPi StatusCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-41646NVD References: https://www.kunbus.com/en/productsecurity/Kunbus-2025-0000003CVE-2025-3461 -The Quantenna Wi-Fi chips ship with an unauthenticated telnet interface by default, posing a high security risk due to missing authentication for critical functions.Product: Quantenna Wi-Fi chipsetCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-3461NVD References: - https://community.onsemi.com/s/article/QCS-Quantenna-Wi-Fi-product-support-and-security-best-practices- https://takeonme.org/cves/cve-2025-3461/CVE-2025-5893 - Smart Parking Management System from Honding Technology is vulnerable to unauthorized remote access and plaintext administrator credential theft due to an Exposure of Sensitive Information flaw.Product: Honding Technology Smart Parking Management SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-5893NVD References: - https://www.twcert.org.tw/en/cp-139-10169-651d6-2.html- https://www.twcert.org.tw/tw/cp-132-10167-39c6d-1.htmlCVE-2025-3835 - Zohocorp ManageEngineÊExchange Reporter Plus versionsÊ5721 and prior are vulnerable to Remote code execution in theÊContent Search module.Product: Zohocorp ManageEngine Exchange Reporter PlusCVSS Score: 9.6NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-3835NVD References: https://www.manageengine.com/products/exchange-reports/advisory/CVE-2025-3835.htmlCVE-2025-49013 - WilderForge is vulnerable to code injection via unsafe usage of user-controlled variables in GitHub Actions workflows, potentially leading to arbitrary command execution and compromise of CI infrastructure and secrets.Product: WilderForgeCVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49013NVD References: - https://codeql.github.com/codeql-query-help/javascript/js-actions-command-injection- https://github.com/WilderForge/WilderForge/security/advisories/GHSA-m6r3-c73x-8fw5- https://securitylab.github.com/research/github-actions-untrusted-inputCVE-2025-49136 - Listmonk version 4.0.0 to 5.0.1 allows non-super-admin users to capture sensitive environment variables using the `env` and `expandenv` template functions, which can be mitigated by upgrading to version 5.0.2.Product: ListmonkCVSS Score: 9.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49136NVD References: https://github.com/knadh/listmonk/security/advisories/GHSA-jc7g-x28f-3v3hCVE-2025-49652 - Lablup's BackendAI lacks proper authentication in its registration feature, allowing unauthorized users to create accounts with access to sensitive data.Product: Lablup BackendAICVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49652NVD References: https://hiddenlayer.com/sai_security_advisor/2025-05-backendai-49653/CVE-2025-30184 - CyberDataÊ011209 Intercom could allow an unauthenticated user access to the Web Interface through an alternate path.Product: CyberData 011209 IntercomCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30184NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-25-155-01CVE-2025-30515 - CyberDataÊ011209 Intercom could allow an authenticated attacker to upload arbitrary files to multiple locations within the system.Product: CyberData 011209 IntercomCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30515NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-25-155-01CVE-2025-42989 - RFC inbound processing lacks necessary authorization checks, allowing authenticated user privilege escalation and critical impact on application integrity and availab…
CVE-2025-27531 - Apache InLong is vulnerable to deserialization of untrusted data which allows an attacker to read arbitrary files by double writing the param.
Product: Apache InLong
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27531
NVD References: https://lists.apache.org/thread/r62lkqrr739wvcb60j6ql6q63rh4bxx5
NVD References: http://www.openwall.com/lists/oss-security/2025/02/28/2
CVE-2025-41646 - The Kunbus RevPi Webstatus application is vulnerable to an unauthorized remote attacker bypassing authentication through incorrect type conversion, resulting in full device compromise.
Product: Kunbus RevPi Status
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-41646
NVD References: https://www.kunbus.com/en/productsecurity/Kunbus-2025-0000003
CVE-2025-3461 - The Quantenna Wi-Fi chips ship with an unauthenticated telnet interface by default, posing a high security risk due to missing authentication for critical functions.
Product: Quantenna Wi-Fi chipset
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-3461
NVD References:
CVE-2025-5893 - Smart Parking Management System from Honding Technology is vulnerable to unauthorized remote access and plaintext administrator credential theft due to an Exposure of Sensitive Information flaw.
Product: Honding Technology Smart Parking Management System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-5893
NVD References:
CVE-2025-3835 - Zohocorp ManageEngineÊExchange Reporter Plus versionsÊ5721 and prior are vulnerable to Remote code execution in theÊContent Search module.
Product: Zohocorp ManageEngine Exchange Reporter Plus
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-3835
NVD References: https://www.manageengine.com/products/exchange-reports/advisory/CVE-2025-3835.html
CVE-2025-49013 - WilderForge is vulnerable to code injection via unsafe usage of user-controlled variables in GitHub Actions workflows, potentially leading to arbitrary command execution and compromise of CI infrastructure and secrets.
Product: WilderForge
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49013
NVD References:
- https://codeql.github.com/codeql-query-help/javascript/js-actions-command-injection
- https://github.com/WilderForge/WilderForge/security/advisories/GHSA-m6r3-c73x-8fw5
- https://securitylab.github.com/research/github-actions-untrusted-input
CVE-2025-49136 - Listmonk version 4.0.0 to 5.0.1 allows non-super-admin users to capture sensitive environment variables using the `env` and `expandenv` template functions, which can be mitigated by upgrading to version 5.0.2.
Product: Listmonk
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49136
NVD References: https://github.com/knadh/listmonk/security/advisories/GHSA-jc7g-x28f-3v3h
CVE-2025-49652 - Lablup's BackendAI lacks proper authentication in its registration feature, allowing unauthorized users to create accounts with access to sensitive data.
Product: Lablup BackendAI
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49652
NVD References: https://hiddenlayer.com/sai_security_advisor/2025-05-backendai-49653/
CVE-2025-30184 - CyberDataÊ011209 Intercom could allow an unauthenticated user access to the Web Interface through an alternate path.
Product: CyberData 011209 Intercom
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30184
NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-25-155-01
CVE-2025-30515 - CyberDataÊ011209 Intercom could allow an authenticated attacker to upload arbitrary files to multiple locations within the system.
Product: CyberData 011209 Intercom
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30515
NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-25-155-01
CVE-2025-42989 - RFC inbound processing lacks necessary authorization checks, allowing authenticated user privilege escalation and critical impact on application integrity and availability.
Product: SAP NetWeaver Application Server for ABAP
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-42989
NVD References:
CVE-2025-1041 - Avaya Call Management System is vulnerable to unauthorized remote command execution through specially crafted web requests in affected versions 18.x, 19.x prior to 19.2.0.7, and 20.x prior to 20.0.1.0.
Product: Avaya Call Management System
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1041
NVD References: https://support.avaya.com/css/public/documents/101093084
CVE-2025-49455 - Deserialization of Untrusted Data vulnerability in LoftOcean TinySalt allows Object Injection.This issue affects TinySalt: from n/a before 3.10.0.
Product: LoftOcean TinySalt
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49455
NVD References: https://patchstack.com/database/wordpress/theme/tinysalt/vulnerability/wordpress-tinysalt-3-10-0-php-object-injection-vulnerability?_s_id=cve
CVE-2025-49507 - Deserialization of Untrusted Data vulnerability in LoftOcean CozyStay allows Object Injection.This issue affects CozyStay: from n/a before 1.7.1.
Product: LoftOcean CozyStay
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49507
NVD References: https://patchstack.com/database/wordpress/theme/cozystay/vulnerability/wordpress-cozystay-1-7-1-php-object-injection-vulnerability?_s_id=cve
CVE-2024-34711 - GeoServer's improper URI validation vulnerability allows unauthorized attackers to perform XEE attacks and send GET requests to any HTTP server, potentially leading to the scanning of internal networks and further exploitation.
Product: GeoServer
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-34711
NVD References:
- https://docs.geoserver.org/latest/en/user/production/config.html#production-config-external-entities
- https://github.com/geoserver/geoserver/security/advisories/GHSA-mc43-4fqr-c965
CVE-2025-30220 - GeoServer is vulnerable to XML External Entity (XXE) exploit due to the GeoTools Schema class using Eclipse XSD library improperly, impacting users who expose XML processing with gt-xsd-core involved in parsing documents with external XML schema references.
Product: Open Source Geospatial Foundation GeoServer
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30220
NVD References:
- https://docs.geoserver.org/latest/en/user/production/config.html#production-config-external-entities
- https://github.com/geoserver/geoserver/security/advisories/GHSA-jj54-8f66-c5pc
- https://github.com/geotools/geotools/security/advisories/GHSA-826p-4gcg-35vw
CVE-2025-40585 - Energy Services (All versions with G5DFR) have default credentials, allowing attackers to take control of the G5DFR component and tamper with device outputs.
Product: Energy Services G5DFR
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-40585
NVD References: https://cert-portal.siemens.com/productcert/html/ssa-345750.html
CVE-2025-47110 - Adobe Commerce versions 2.4.8 and earlier are vulnerable to stored Cross-Site Scripting (XSS) attacks, allowing high privileged attackers to inject malicious scripts into form fields and execute them in victims' browsers.
Product: Adobe Commerce
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47110
NVD References: https://helpx.adobe.com/security/products/magento/apsb25-50.html
CVE-2024-57190 - Erxes <1.6.1 is vulnerable to Incorrect Access Control, allowing attackers to bypass authentication with a forged "User" HTTP header.
CVE-2025-29828 - Windows Cryptographic Services allows an unauthorized attacker to execute code over a network due to missing release of memory after effective lifetime.
Product: Microsoft Windows Cryptographic Services
CVSS Score: 8.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-29828
ISC Diary: https://isc.sans.edu/diary/32032
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29828
CVE-2025-32710 - Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.
Product: Microsoft Windows Remote Desktop Services
CVSS Score: 8.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32710
ISC Diary: https://isc.sans.edu/diary/32032
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32710
CVE-2025-33073 - Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.
Product: Microsoft Windows SMB
CVSS Score: 8.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-33073
ISC Diary: https://isc.sans.edu/diary/32032
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33073
CVE-2025-2474 - QNX SDP versions 8.0, 7.1, and 7.0 are vulnerable to an out-of-bounds write in the PCX image codec, which could result in a denial-of-service or code execution by an unauthenticated attacker.
Product: QNX SDP
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-2474
NVD References: https://support.blackberry.com/pkb/s/article/140646
CVE-2025-3052 - Microsoft signed UEFI firmware is vulnerable to arbitrary write attacks, putting the system at risk of full compromise and security bypasses.
Product: Microsoft UEFI firmware
CVSS Score: 8.2
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-3052
ISC Diary: https://isc.sans.edu/diary/32032
NVD References:
- https://uefi.org/specs/UEFI/2.10/32_Secure_Boot_and_Driver_Signing.html
CVE-2025-4797 - The Golo - City Travel Guide WordPress Theme is vulnerable to privilege escalation via account takeover in all versions up to 1.7.0 due to improper user identity validation, allowing unauthenticated attackers to log in as any user.
Product: Golo City Travel Guide WordPress Theme
Active Installations: Unknown. Update to version 1.7.1, or a newer patched version
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4797
NVD References:
- https://themeforest.net/item/golo-directory-listing-travel-wordpress-theme/25397810
CVE-2025-4578 - The File Provider WordPress plugin is vulnerable to SQL injection due to an unsanitized parameter in an AJAX action accessible to unauthenticated users.
Product: Dimdavid File_Provider
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4578
NVD References: https://wpscan.com/vulnerability/3aa76b96-40b7-4bde-a39c-c1aa6f8278fc/
CVE-2025-5701 - The HyperComments plugin for WordPress allows unauthenticated attackers to escalate privileges and gain administrative user access by exploiting a missing capability check in versions up to 1.2.2.
Product: HyperComments WordPress plugin
Active Installations: This plugin has been closed as of November 28, 2019 and is not available for download. Reason: Security Issue.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-5701
NVD References:
- https://plugins.trac.wordpress.org/browser/hypercomments/trunk/hypercomments.php
CVE-2025-5486 - The WP Email Debug plugin for WordPress is vulnerable to privilege escalation through unauthenticated attackers gaining administrator access via the WPMDBUG_handle_settings() function in versions 1.0 to 1.1.0.
Product: WordPress WP Email Debug plugin
Active Installations: This plugin has been closed as of June 3, 2025 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-5486
NVD References:
- https://plugins.trac.wordpress.org/browser/wp-email-debug/trunk/hooks.php#L71
CVE-2025-47586 - Motors - Events is vulnerable to PHP Remote File Inclusion from version n/a through 1.4.7.
Product: StylemixThemes Motors - Events
Active Installations: Unknown.
CVSS Score: 9.0
CVE-2025-49072 - Deserialization of Untrusted Data vulnerability in AncoraThemes Mr. Murphy allows Object Injection.This issue affects Mr. Murphy: from n/a before 1.2.12.1.
Product: AncoraThemes Mr. Murphy
Active Installations: Unknown. Update to version 1.2.12.1 or later.
CVSS Score: 9.8
CVE-2025-49073 - Deserialization of Untrusted Data vulnerability in Axiomthemes Sweet Dessert allows Object Injection.This issue affects Sweet Dessert: from n/a before 1.1.13.
Product: Axiomthemes Sweet Dessert
Active Installations: Unknown. Update to version 1.1.13 or later.
CVSS Score: 9.8
CVE-2025-24767 - TicketBAI Facturas para WooCommerce is vulnerable to Blind SQL Injection from n/a through version 3.19.
Product: facturaone TicketBAI Facturas para WooCommerce
Active Installations: Unknown
CVSS Score: 9.3
CVE-2025-31022 - PayU India is susceptible to Authentication Abuse through an alternate path or channel in versions n/a through 3.8.5.
Product: PayU India
Active Installations: 5,000+
CVSS Score: 9.8
CVE-2025-31039 - Category Icon allows XML Entity Linking, exposing an Improper Restriction of XML External Entity Reference vulnerability from version n/a through 1.0.2.
Product: pixelgrade Category Icon
Active Installations: 2,000+
CVSS Score: 9.1
CVE-2025-31052 - The Fashion - Model Agency One Page Beauty Theme is vulnerable to object injection via deserialization of untrusted data from n/a through 1.4.4.
Product: themeton The Fashion - Model Agency One Page Beauty Theme
Active Installations: Unknown
CVSS Score: 9.8
CVE-2025-31396 - FLAP - Business WordPress Theme is vulnerable to a deserialization of untrusted data issue, allowing for object injection, affecting versions from n/a through 1.5.
Product: themeton FLAP - Business WordPress Theme
Active Installations: Unknown
CVSS Score: 9.8
CVE-2025-31429 - PressGrid - Frontend Publish Reaction & Multimedia Theme from n/a through 1.3.1 allows Object Injection via Deserialization of Untrusted Data vulnerability.
Product: themeton PressGrid - Frontend Publish Reaction & Multimedia Theme
Active Installations: Unknown
CVSS Score: 9.8
CVE-2025-31059 - Woobewoo WBW Product Table PRO allows SQL Injection through improper neutralization of special elements in an SQL command, affecting versions n/a through 2.1.3.
Product: Woobewoo WBW Product Table PRO
Active Installations: 2,000+
CVSS Score: 9.3
CVE-2025-31424 - WP Lead Capturing Pages is vulnerable to Blind SQL Injection from versions n/a through 2.3.
Product: kamleshyadav WP Lead Capturing Pages
Active Installations: Unknown
CVSS Score: 9.3
CVE-2025-32291 - SUMO Affiliates Pro in FantasticPlugins allows attackers to upload malicious files due to an unrestricted file upload vulnerability.
Product: FantasticPlugins SUMO Affiliates Pro
Active Installations: Unknown
CVSS Score: 10.0
CVE-2025-47608 - Recover abandoned cart for WooCommerce is vulnerable to SQL Injection from n/a through 2.5.
Product: sonalsinha21 Recover abandoned cart for WooCommerce
Active Installations: 100+
CVSS Score: 9.3
CVE-2025-48122 - Spreadsheet Price Changer for WooCommerce and WP E-commerce Ð Light is vulnerable to SQL Injection from n/a through 2.4.37.
Product: Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce Ð Light
Active Installations: 600+
CVSS Score: 9.3
CVE-2025-48123 - Spreadsheet Price Changer for WooCommerce and WP E-commerce Ð Light allows code injection, affecting versions from n/a through 2.4.37.
Product: Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce - Light
Active Installations: 600+
CVSS Score: 10.0
CVE-2025-48129 - Spreadsheet Price Changer for WooCommerce and WP E-commerce Ð Light versions n/a through 2.4.37 allow for Privilege Escalation due to Incorrect Privilege Assignment vulnerability.
Product: Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce - Light
Active Installations: 600+
CVSS Score: 9.8
CVE-2025-48140 - MetalpriceAPI is vulnerable to Code Injection from version n/a through 1.1.4.
Product: MetalpriceAPI
Active Installations: 400+. Update to version 1.1.5 or later.
CVSS Score: 9.9
CVE-2025-48141 - Alex Zaytseff Multi CryptoCurrency Payments is susceptible to SQL Injection through improper neutralization of special elements in SQL commands, affecting versions from n/a through 2.0.3.
Product: Alex Zaytseff Multi CryptoCurrency Payments
Active Installations: 400+
CVSS Score: 9.3
CVE-2025-48281 - MyStyle Custom Product Designer is vulnerable to Blind SQL Injection from n/a through 3.21.1.
Product: mystyleplatform MyStyle Custom Product Designer
Active Installations: 80+. Update to version 3.21.2 or later.
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48281
The following vulnerabilities need a manual review:
CVE-2025-30399 - .NET and Visual Studio Remote Code Execution Vulnerability
Product: Microsoft .NET and Visual Studio
CVSS Score: 7.5
NVD: N/A
ISC Diary: https://isc.sans.edu/diary/32032
ISC Podcast: https://isc.sans.edu/podcastdetail/9488
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30399
CVE-2025-47959 - Visual Studio Remote Code Execution Vulnerability
Product: Microsoft Visual Studio
CVSS Score: 7.1
NVD: N/A
ISC Diary: https://isc.sans.edu/diary/32032
ISC Podcast: https://isc.sans.edu/podcastdetail/9488
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47959
Sponsors
Wiz
New Research | How 100+ security leaders are tackling AI risk AI adoption is accelerating-and new research shows most security programs are still working to catch up. Get a clear view into how real teams are securing AI in the cloud with this new AI Readiness Report. Read the report:
SANS
Virtual Event | SANS 2025 Cloud Security Exchange | Thursday, August 21 at 10:30 AM ET Earn 4 CPEs Meet Google Cloud, Microsoft, and AWS security leaders-LIVE. Join Dr. Anton Chuvakin, Dr. Paul Vixie, Frank Kim, and other top cloud minds for a front-line look at what's working in cloud security today-and what's next. Plus: You'll receive the free Cloud Security eBook co-authored by the Big 3 + SANS. Can't join live? Register now for access to recordings and eBook:
SANS
Virtual Event | SANS 2025 Cloud Security Exchange | Thursday, August 21 at 10:30 AM ET Earn 4 CPEs Meet Google Cloud, Microsoft, and AWS security leaders-LIVE. Join Dr. Anton Chuvakin, Dr. Paul Vixie, Frank Kim, and other top cloud minds for a front-line look at what's working in cloud security today-and what's next. Plus: You'll receive the free Cloud Security eBook co-authored by the Big 3 + SANS. Can't join live? Register now for access to recordings and eBook:
SANS
Virtual Event | SANS 2025 Cloud Security Exchange | Thursday, August 21 at 10:30 AM ET Earn 4 CPEs Meet Google Cloud, Microsoft, and AWS security leaders-LIVE. Join Dr. Anton Chuvakin, Dr. Paul Vixie, Frank Kim, and other top cloud minds for a front-line look at what's working in cloud security today-and what's next. Plus: You'll receive the free Cloud Security eBook co-authored by the Big 3 + SANS. Can't join live? Register now for access to recordings and eBook: