SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
VOLUME 25ISSUE 24
The Consensus Security Vulnerability Alert
Internet Storm Center Spotlight
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
Don’t Make it Easier than it Already is?..Default Passwords [Guest Diary]
Published: 2025-06-18
Last Updated: 2025-06-18 00:53:35 UTC
by Guy Bruneau (Version: 1)
[This is a Guest Diary by Matthew Paul, an ISC intern as part of the SANS.edu BACS program]
Over the past few months, I’ve been working under a SANS Internet Storm Center (ISC) Sr. Handler as part of the SANS Degree Program ISC Internship. The first objective of the internship is setting up a forward-facing honeypot on your network to review and report on log activity.
For this internship I wanted to focus more on packet vs log analysis. For my setup, I did a bare-metal install of the network analysis tool Malcolm to use as an NSM/IDS. I setup a 5-port managed switch and configured a monitor port for the honeypot with the mirror sending packets to my Malcolm sensor. This setup allowed me to collect and analyze all traffic going to and from my honeypot.
Malcolm is a network capture and analysis tool smartly comprised of various open-source tools; Arkime, OpenSearch, Logstash, Filebeat, OpenSearch Dashboards, Zeek, Suricata, Yara, Capa, ClamAV, CyberChef, jQuery File Upload, NetBox, PostgresSQL, Redis, Keycloak, OpenResty, nginx-auth-ldap, Fluent Bit, Mark Baggett’s (SANS Instructor) freq.py, Florian Roth’s Signature-Base Yara Rules, Bart Blaze’s Yara Rules, RerversingLabs’ Yara Rules and multiple Zeek Packages ...
Read the full entry: https://isc.sans.edu/diary/Dont+Make+it+Easier+than+it+Already+isDefault+Passwords+Guest+Diary/32054/
How Long Until the Phishing Starts? About Two Weeks
Published: 2025-06-17
Last Updated: 2025-06-17 13:15:42 UTC
by Johannes Ullrich (Version: 1)
[This is a guest diary by Christopher Crowley]
Here’s a good reason to include security awareness training for new hires!
I recently added an account to my Google Workspace domain (montance[dot]com). Friday, May 16th, 10:10 am, to be exact. Something interesting to note about the domain configuration is there’s a catchall account in place, so all email addresses are valid.
Starting May 28th the new account started receiving targeted phishing email messages. The subject was either blank or a variation of my name (Chris or Christopher), and the sender's "From" address had a call to action and urgency ...
Read the full entry: https://isc.sans.edu/diary/How+Long+Until+the+Phishing+Starts+About+Two+Weeks/32052/
A JPEG With A Payload
Published: 2025-06-16
Last Updated: 2025-06-16 08:59:44 UTC
by Didier Stevens (Version: 1)
Over the weekend, Xavier posted about another image with a payload: "More Steganography!".
Xavier did a static analysis, and I want to explain how you can decode the payload if you opted for a dynamic analysis.
During your dynamic analysis, you will notice the download of a JPEG image from hxxps://zynova[.]kesug[.]com/new_image.jpg.
You can use my tool jpegdump.py to analyze this file ...
Read the full entry: https://isc.sans.edu/diary/A+JPEG+With+A+Payload/32048/
Internet Storm Center Entries
More Steganography! (2025.06.14)
https://isc.sans.edu/diary/More+Steganography/32044/
[Guest Diary] Anatomy of a Linux SSH Honeypot Attack: Detailed Analysis of Captured Malware (2025.06.13)
Automated Tools to Assist with DShield Honeypot Investigations [Guest Diary] (2025.06.11)
Recent CVEs
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.
CVE-2025-33053 - External control of file name or path in WebDAV allows an unauthorized attacker to execute code over a network.
Product: Microsoft Windows 10 1507
CVSS Score: 8.8
** KEV since 2025-06-10 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-33053
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33053
CVE-2021-20016 - SonicWall SSLVPN SMA100 SQL Injection Vulnerability
Product: SonicWall Sma_500V
CVSS Score: 0
** KEV since 2021-11-03 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-20016
ISC Diary: https://isc.sans.edu/diary/32038
CVE-2025-43200 - watchOS, macOS Ventura, iOS, iPadOS, visionOS, macOS Sequoia, macOS Sonoma: A logic issue allowed for exploitation via maliciously crafted media shared through iCloud Link.
Product: Multiple Apple productsCVSS Score: 4.8** KEV since 2025-06-16 **NVD: - https://nvd.nist.gov/vuln/detail/CVE-2025-43200- https://citizenlab.ca/2025/06/first-forensic-confirmation-of-paragons-ios-mercenary-spyware-finds-journalists-targeted/CVE-2023-0386 - Linux kernel's OverlayFS subsystem has a uid mapping bug that allows unprivileged local users to gain escalated privileges.Product: Linux Linux_Kernel 6.2CVSS Score: 0** KEV since 2025-06-17 **NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-0386CVE-2025-42989 - Missing Authorization check in SAP NetWeaver Application Server for ABAP. RFC inbound processing lacks necessary authorization checks, allowing authenticated user privilege escalation and critical impact on application integrity and availability.Product: SAP NetWeaver Application Server for ABAP CVSS Score: 9.6NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-42989NVD References: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/june-2025.htmlCVE-2025-1041 - Avaya Call Management System is vulnerable to unauthorized remote command execution through specially crafted web requests in affected versions 18.x, 19.x prior to 19.2.0.7, and 20.x prior to 20.0.1.0.Product: Avaya Call Management SystemCVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1041NVD References: https://support.avaya.com/css/public/documents/101093084CVE-2025-43698 - Salesforce OmniStudio (FlexCards) is vulnerable to improper preservation of permissions, enabling bypass of field level security controls for Salesforce objects, impacting OmniStudio before Spring 2025.Product: Salesforce OmniStudioCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43698NVD References: https://help.salesforce.com/s/articleView?id=004980323&type=1CVE-2025-49455 - Deserialization of Untrusted Data vulnerability in LoftOcean TinySalt allows Object Injection.This issue affects TinySalt: from n/a before 3.10.0.Product: LoftOcean TinySaltCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49455NVD References: https://patchstack.com/database/wordpress/theme/tinysalt/vulnerability/wordpress-tinysalt-3-10-0-php-object-injection-vulnerability?_s_id=cveCVE-2025-49507 - Deserialization of Untrusted Data vulnerability in LoftOcean CozyStay allows Object Injection.This issue affects CozyStay: from n/a before 1.7.1.Product: LoftOcean CozyStayCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49507NVD References: https://patchstack.com/database/wordpress/theme/cozystay/vulnerability/wordpress-cozystay-1-7-1-php-object-injection-vulnerability?_s_id=cveCVE-2024-34711 - GeoServer's improper URI validation vulnerability allows unauthorized attackers to perform XEE attacks and send GET requests to any HTTP server, potentially leading to the scanning of internal networks and further exploitation.Product: GeoServerCVSS Score: 9.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-34711NVD References: - https://docs.geoserver.org/latest/en/user/production/config.html#production-config-external-entities- https://github.com/geoserver/geoserver/security/advisories/GHSA-mc43-4fqr-c965CVE-2025-30220 - GeoServer is vulnerable to XML External Entity (XXE) exploit due to the GeoTools Schema class using Eclipse XSD library improperly, impacting users who expose XML processing with gt-xsd-core involved in parsing documents with external XML schema references.Product: Open Source Geospatial Foundation GeoServerCVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30220NVD References: - https://docs.geoserver.org/latest/en/user/production/config.html#production-config-external-entities- https://github.com/geoserver/geoserver/security/advisories/GHSA-jj54-8f66-c5pc- https://github.com/geotools/geotools/security/advisories/GHSA-826p-4gcg-35vwCVE-2025-40585 - Energy Services (All versions with G5DFR) have default credentials, allowing attackers to take control of the G5DFR component and tamper with device outputs.Product: Energy Services G5DFRCVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-40585NVD References: https://cert-portal.siemens.com/productcert/html/ssa-345750.htmlCVE-2025-47110 - Adobe Commerce versions 2.4.8 and earlier are vulnerable to stored Cross-Site Scripting (XSS) attacks, allowing high privileged attackers to inject malicious scripts into form fields and execute them in victims' browsers.Product: dobe CommerceCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47110NVD References: https://helpx.adobe.com/security/products/magento/apsb25-50.htmlCVE-2024-57190 - Erxes <1.6.1 is vulnerable to Incorrect Access Control, allowing attackers to bypass authentication with a forged "User" HTTP header.Product: ErxesCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57190NVD References: https://www.sonarsource.com/blog/micro-services-major-headaches-detecting-vulnerabilities-in-erxes-microservices/CVE-2025-33073 - Improper access control in Windows SMB allows an authorized attack…
CVE-2023-0386 - Linux kernel's OverlayFS subsystem has a uid mapping bug that allows unprivileged local users to gain escalated privileges.
Product: Linux Linux_Kernel 6.2
CVSS Score: 0
** KEV since 2025-06-17 **
CVE-2025-42989 - Missing Authorization check in SAP NetWeaver Application Server for ABAP. RFC inbound processing lacks necessary authorization checks, allowing authenticated user privilege escalation and critical impact on application integrity and availability.
Product: SAP NetWeaver Application Server for ABAP
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-42989
NVD References: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/june-2025.html
CVE-2025-1041 - Avaya Call Management System is vulnerable to unauthorized remote command execution through specially crafted web requests in affected versions 18.x, 19.x prior to 19.2.0.7, and 20.x prior to 20.0.1.0.
Product: Avaya Call Management System
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1041
NVD References: https://support.avaya.com/css/public/documents/101093084
CVE-2025-43698 - Salesforce OmniStudio (FlexCards) is vulnerable to improper preservation of permissions, enabling bypass of field level security controls for Salesforce objects, impacting OmniStudio before Spring 2025.
Product: Salesforce OmniStudio
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43698
NVD References: https://help.salesforce.com/s/articleView?id=004980323&type=1
CVE-2025-49455 - Deserialization of Untrusted Data vulnerability in LoftOcean TinySalt allows Object Injection.This issue affects TinySalt: from n/a before 3.10.0.
Product: LoftOcean TinySalt
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49455
NVD References: https://patchstack.com/database/wordpress/theme/tinysalt/vulnerability/wordpress-tinysalt-3-10-0-php-object-injection-vulnerability?_s_id=cve
CVE-2025-49507 - Deserialization of Untrusted Data vulnerability in LoftOcean CozyStay allows Object Injection.This issue affects CozyStay: from n/a before 1.7.1.
Product: LoftOcean CozyStay
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49507
NVD References: https://patchstack.com/database/wordpress/theme/cozystay/vulnerability/wordpress-cozystay-1-7-1-php-object-injection-vulnerability?_s_id=cve
CVE-2024-34711 - GeoServer's improper URI validation vulnerability allows unauthorized attackers to perform XEE attacks and send GET requests to any HTTP server, potentially leading to the scanning of internal networks and further exploitation.
Product: GeoServer
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-34711
NVD References:
- https://docs.geoserver.org/latest/en/user/production/config.html#production-config-external-entities
- https://github.com/geoserver/geoserver/security/advisories/GHSA-mc43-4fqr-c965
CVE-2025-30220 - GeoServer is vulnerable to XML External Entity (XXE) exploit due to the GeoTools Schema class using Eclipse XSD library improperly, impacting users who expose XML processing with gt-xsd-core involved in parsing documents with external XML schema references.
Product: Open Source Geospatial Foundation GeoServer
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30220
NVD References:
- https://docs.geoserver.org/latest/en/user/production/config.html#production-config-external-entities
- https://github.com/geoserver/geoserver/security/advisories/GHSA-jj54-8f66-c5pc
- https://github.com/geotools/geotools/security/advisories/GHSA-826p-4gcg-35vw
CVE-2025-40585 - Energy Services (All versions with G5DFR) have default credentials, allowing attackers to take control of the G5DFR component and tamper with device outputs.
Product: Energy Services G5DFR
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-40585
NVD References: https://cert-portal.siemens.com/productcert/html/ssa-345750.html
CVE-2025-47110 - Adobe Commerce versions 2.4.8 and earlier are vulnerable to stored Cross-Site Scripting (XSS) attacks, allowing high privileged attackers to inject malicious scripts into form fields and execute them in victims' browsers.
Product: dobe Commerce
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47110
NVD References: https://helpx.adobe.com/security/products/magento/apsb25-50.html
CVE-2024-57190 - Erxes <1.6.1 is vulnerable to Incorrect Access Control, allowing attackers to bypass authentication with a forged "User" HTTP header.
Product: Erxes
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57190
NVD References: https://www.sonarsource.com/blog/micro-services-major-headaches-detecting-vulnerabilities-in-erxes-microservices/
CVE-2025-33073 - Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.
Product: Microsoft Windows SMB
CVSS Score: 8.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-33073
ISC Podcast: https://isc.sans.edu/podcastdetail/9490
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33073
CVE-2025-2474 - QNX SDP versions 8.0, 7.1, and 7.0 are vulnerable to an out-of-bounds write in the PCX image codec, which could result in a denial-of-service or code execution by an unauthenticated attacker.
Product: QNX SDP
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-2474
NVD References: https://support.blackberry.com/pkb/s/article/140646
CVE-2025-49709 - Certain canvas operations could have lead to memory corruption. This vulnerability affects Firefox < 139.0.4.
Product: Mozilla Firefox
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49709
NVD References:
CVE-2025-49710 - An integer overflow was present in `OrderedHashTable` used by the JavaScript engine This vulnerability affects Firefox < 139.0.4.
Product: Mozilla Firefox
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49710
NVD References:
CVE-2025-32711 - Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
Product: M365 Copilot Microsoft
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32711
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32711
CVE-2025-40914 - Perl CryptX before version 0.087 contains a vulnerability due to an integer overflow in its embedded libtommath library.
Product: Perl CryptX
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-40914
NVD References: https://www.cve.org/CVERecord?id=CVE-2023-36328
CVE-2025-40912 - CryptX for Perl before version 0.065 may be vulnerable to malformed unicode due to a dependency on the tomcrypt library.
Product: CryptX Perl
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-40912
NVD References: https://github.com/libtom/libtomcrypt/issues/507
CVE-2022-4976 - Archive::Unzip::Burst for Perl versions 0.01 through 0.09 contains a bundled InfoZip library with multiple vulnerabilities (
Product: Archive::Unzip::Burst from 0.01 through 0.09 for Perl
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-4976
NVD References: https://rt.cpan.org/Public/Bug/Display.html?id=143547
CVE-2024-38824 - Directory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory.
Product: Salt Project SALT versions 3006.x and 3007.x
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38824
NVD References:
- https://docs.saltproject.io/en/3006/topics/releases/3006.12.html
- https://docs.saltproject.io/en/3007/topics/releases/3007.4.html
CVE-2025-29902 - Remote code execution that allows unauthorized users to execute arbitrary code on the server machine.
CVE-2025-45984 through CVE-2025-45988 - Blink routers multiple command injection vulnerabilities.
Product: Blink routers
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-45984
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-45985
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-45986
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-45987
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-45988
NVD References:
CVE-2025-46060 - Buffer Overflow vulnerability in TOTOLINK N600R v4.3.0cu.7866_B2022506 allows a remote attacker to execute arbitrary code via the UPLOAD_FILENAME component
Product: TOTOLINK N600R
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-46060
NVD References: http://totolink.com
CVE-2025-28384 - An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS 6.0.0 allows attackers to execute a directory traversal.
Product: Openc3 Cosmos
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-28384
NVD References: https://openc3.com/
CVE-2025-28386 - OpenC3 COSMOS v6.0.0 is vulnerable to remote code execution through uploading a crafted .txt file in the Plugin Management component.
Product: OpenC3 COSMOS v6.0.0
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-28386
NVD References: https://openc3.com/
CVE-2025-28388 - OpenC3 COSMOS v6.0.0 was discovered to contain hardcoded credentials for the Service Account.
Product: Openc3 Cosmos
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-28388
NVD References: https://openc3.com/
CVE-2025-28389 - Weak password requirements in OpenC3 COSMOS v6.0.0 allow attackers to bypass authentication via a brute force attack.
Product: Openc3 Cosmos
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-28389
NVD References: https://openc3.com/
CVE-2025-6098 - UTT 进取 750W up to 5.0 has a critical vulnerability in the function strcpy of the file /goform/setSysAdm in the API component, allowing for a buffer overflow via manipulation of the argument passwd1 and remote attack initiation, with the exploit publicly disclosed after the vendor was unresponsive to early contact about the issue.
CVE-2025-6169 - The WIMP website co-construction management platform by HAMASTAR Technology is vulnerable to SQL Injection, allowing unauthenticated remote attackers to manipulate database contents.
Product: HAMASTAR Technology WIMP website co-construction management platform
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-6169
NVD References:
CVE-2025-6172 - Permission vulnerability in the mobile application (com.afmobi.boomplayer) may lead to the risk of unauthorized operation.
Product: Afmobi Boomplayer
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-6172
NVD References: https://security.tecno.com/SRC/securityUpdates
CVE-2025-40916 - Mojolicious::Plugin::CaptchaPNG version 1.05 for Perl is vulnerable due to using a weak random number source for generating the captcha.
Product: Mojolicious::Plugin::CaptchaPNG version 1.05 for Perl
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-40916
NVD References:
- https://metacpan.org/pod/perlfunc#rand
- https://security.metacpan.org/docs/guides/random-data-for-security.html
CVE-2025-47868 - Apache NuttX RTOS repository contains an out-of-bounds write vulnerability in tools/bdf-converter that could lead to a heap-based buffer overflow.
Product: Apache NuttX
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47868
NVD References:
- https://lists.apache.org/thread/p4o2lcqgspx3ws1n2p4wmoqbqow1w1pw
CVE-2025-47869 - Apache NuttX RTOS apps/exapmles/xmlrpc application has a vulnerability that could lead to buffer overflow due to hardcoded buffer sizes in the device stats structure.
Product: Apache NuttX
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47869
NVD References:
- https://lists.apache.org/thread/306qcqyc3bpb2ozh015yxjo9kqs4jbvj
CVE-2025-6121 - D-Link DIR-632 FW103B08 is exposed to a critical stack-based buffer overflow vulnerability in the HTTP POST Request Handler component, allowing for remote attacks due to manipulation of the Content-Length argument.
CVE-2025-49794 - Libxml2 has a use-after-free vulnerability in parsing XPath elements with certain XML schematron schema elements, allowing a malicious actor to crash the program or trigger undefined behaviors.
Product: Libxml2CVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49794NVD References: - https://access.redhat.com/security/cve/CVE-2025-49794- https://bugzilla.redhat.com/show_bug.cgi?id=2372373CVE-2025-49796 - Libxml2 is vulnerable to memory corruption when processing specific sch:name elements in XML input, potentially leading to denial of service or other undefined behavior by allowing an attacker to craft a malicious file.Product: Libxml2CVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49796NVD References: - https://access.redhat.com/security/cve/CVE-2025-49796- https://bugzilla.redhat.com/show_bug.cgi?id=2372385CVE-2025-6179 - Google ChromeOS 16181.27.0 on managed Chrome devices is vulnerable to a permissions bypass that allows a local attacker to disable extensions and access Developer Mode.Product: Google ChromeOSCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-6179NVD References: - https://issues.chromium.org/issues/b/399652193- https://issuetracker.google.com/issues/399652193CVE-2025-4404 - FreeIPA project suffers from a privilege escalation vulnerability due to a lack of validation for the uniqueness of the `krbCanonicalName`, enabling users to impersonate the admin account and gain access to sensitive data within the REALM.Product: FreeIPACVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4404NVD References: - https://access.redhat.com/security/cve/CVE-2025-4404- https://bugzilla.redhat.com/show_bug.cgi?id=2364606CVE-2025-49219 & CVE-2025-49220 - Trend Micro Apex Central below versions 8.0.7007 pre-authentication remote code execution vulnerabilities.Product: Trend Micro Apex CentralCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49219NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49220NVD References: - https://success.trendmicro.com/en-US/solution/KA-0019926- https://www.zerodayinitiative.com/advisories/ZDI-25-366/- https://www.zerodayinitiative.com/advisories/ZDI-25-367/CVE-2025-49212, CVE-2025-49213, & CVE-2025-49217 - Trend Micro Endpoint Encryption PolicyServer is susceptible to pre-authentication remote code execution vulnerabilities.Product: Trend Micro Endpoint Encryption PolicyServerCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49212NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49213NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49217NVD References: - https://success.trendmicro.com/en-US/solution/KA-0019928- https://www.zerodayinitiative.com/advisories/ZDI-25-369/- https://www.zerodayinitiative.com/advisories/ZDI-25-370/- https://www.zerodayinitiative.com/advisories/ZDI-25-374/CVE-2025-49216 - Trend Micro Endpoint Encryption PolicyServer is vulnerable to an authentication bypass that allows attackers to gain admin access and modify product configurations.Product: Trend Micro Endpoint Encryption PolicyServerCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49216NVD References: - https://success.trendmicro.com/en-US/solution/KA-0019928- https://www.zerodayinitiative.com/advisories/ZDI-25-373/CVE-2025-49825 - Teleport is vulnerable to remote authentication bypass in Community Edition versions before and including 17.5.1 with no available open-source patch.Product: Teleport Community EditionCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49825NVD References: https://github.com/gravitational/teleport/security/advisories/GHSA-8cqv-pj7f-pwpcCVE-2025-4973 - The Workreap plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.3.1, allowing unauthenticated attackers to log in as registered users by exploiting a flaw in email address verification.Product: Unknown. Workreap WordPress pluginActive Installations: Update to version 3.3.2, or a newer patched version.CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4973NVD References: - https://themeforest.net/item/workreap-freelance-marketplace-wordpress-theme/23712454#item-description__release-3-3-2-23-may-2025- https://www.wordfence.com/threat-intel/vulnerabilities/id/8e7693a3-642a-4eff-902c-d29a3c12deb0?source=cveCVE-2025-5288 - The REST API | Custom API Generator for WordPress plugin is vulnerable to Privilege Escalation, allowing unauthenticated attackers to create new Admin users.Product: WordPress REST API | Custom API GeneratorActive Installations: This plugin has been closed as of June 11, 2025 and is not available for download. This closure is temporary, pending a full review.CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-5288NVD References: - https://plugins.trac.wordpress.org/browser/import-export-with-custom-rest-api/tags/2.0.3/backend/methods/wot-rapi-import-functions.php#L123- https://wordpress.org/plugins/import-export-with-custom-rest-api/#developers- https://www.wordfence.com/threat-intel/vulnerabilities/id/0e2774fc-f028-436c-a8af-3c17378b9743?source=cveCVE-2025-6065 - The Image Resizer On The Fly plugin for WordPress is vulnerable to arbitrary file deletion,…
CVE-2025-49796 - Libxml2 is vulnerable to memory corruption when processing specific sch:name elements in XML input, potentially leading to denial of service or other undefined behavior by allowing an attacker to craft a malicious file.
Product: Libxml2CVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49796NVD References: - https://access.redhat.com/security/cve/CVE-2025-49796- https://bugzilla.redhat.com/show_bug.cgi?id=2372385CVE-2025-6179 - Google ChromeOS 16181.27.0 on managed Chrome devices is vulnerable to a permissions bypass that allows a local attacker to disable extensions and access Developer Mode.Product: Google ChromeOSCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-6179NVD References: - https://issues.chromium.org/issues/b/399652193- https://issuetracker.google.com/issues/399652193CVE-2025-4404 - FreeIPA project suffers from a privilege escalation vulnerability due to a lack of validation for the uniqueness of the `krbCanonicalName`, enabling users to impersonate the admin account and gain access to sensitive data within the REALM.Product: FreeIPACVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4404NVD References: - https://access.redhat.com/security/cve/CVE-2025-4404- https://bugzilla.redhat.com/show_bug.cgi?id=2364606CVE-2025-49219 & CVE-2025-49220 - Trend Micro Apex Central below versions 8.0.7007 pre-authentication remote code execution vulnerabilities.Product: Trend Micro Apex CentralCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49219NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49220NVD References: - https://success.trendmicro.com/en-US/solution/KA-0019926- https://www.zerodayinitiative.com/advisories/ZDI-25-366/- https://www.zerodayinitiative.com/advisories/ZDI-25-367/CVE-2025-49212, CVE-2025-49213, & CVE-2025-49217 - Trend Micro Endpoint Encryption PolicyServer is susceptible to pre-authentication remote code execution vulnerabilities.Product: Trend Micro Endpoint Encryption PolicyServerCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49212NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49213NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49217NVD References: - https://success.trendmicro.com/en-US/solution/KA-0019928- https://www.zerodayinitiative.com/advisories/ZDI-25-369/- https://www.zerodayinitiative.com/advisories/ZDI-25-370/- https://www.zerodayinitiative.com/advisories/ZDI-25-374/CVE-2025-49216 - Trend Micro Endpoint Encryption PolicyServer is vulnerable to an authentication bypass that allows attackers to gain admin access and modify product configurations.Product: Trend Micro Endpoint Encryption PolicyServerCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49216NVD References: - https://success.trendmicro.com/en-US/solution/KA-0019928- https://www.zerodayinitiative.com/advisories/ZDI-25-373/CVE-2025-49825 - Teleport is vulnerable to remote authentication bypass in Community Edition versions before and including 17.5.1 with no available open-source patch.Product: Teleport Community EditionCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49825NVD References: https://github.com/gravitational/teleport/security/advisories/GHSA-8cqv-pj7f-pwpcCVE-2025-4973 - The Workreap plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.3.1, allowing unauthenticated attackers to log in as registered users by exploiting a flaw in email address verification.Product: Unknown. Workreap WordPress pluginActive Installations: Update to version 3.3.2, or a newer patched version.CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4973NVD References: - https://themeforest.net/item/workreap-freelance-marketplace-wordpress-theme/23712454#item-description__release-3-3-2-23-may-2025- https://www.wordfence.com/threat-intel/vulnerabilities/id/8e7693a3-642a-4eff-902c-d29a3c12deb0?source=cveCVE-2025-5288 - The REST API | Custom API Generator for WordPress plugin is vulnerable to Privilege Escalation, allowing unauthenticated attackers to create new Admin users.Product: WordPress REST API | Custom API GeneratorActive Installations: This plugin has been closed as of June 11, 2025 and is not available for download. This closure is temporary, pending a full review.CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-5288NVD References: - https://plugins.trac.wordpress.org/browser/import-export-with-custom-rest-api/tags/2.0.3/backend/methods/wot-rapi-import-functions.php#L123- https://wordpress.org/plugins/import-export-with-custom-rest-api/#developers- https://www.wordfence.com/threat-intel/vulnerabilities/id/0e2774fc-f028-436c-a8af-3c17378b9743?source=cveCVE-2025-6065 - The Image Resizer On The Fly plugin for WordPress is vulnerable to arbitrary file deletion, allowing unauthenticated attackers to delete files on the server and potentially execute remote code.Product: WordPress Image Resizer On The Fly pluginActive Installations: This plugin has been closed as of June 13, 2025 and is not available for download. This closure is temporary, pending a full review.CVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-6065NVD References: - https://plugins.trac.wordpress.org/browser/image-resi…
CVE-2025-6179 - Google ChromeOS 16181.27.0 on managed Chrome devices is vulnerable to a permissions bypass that allows a local attacker to disable extensions and access Developer Mode.
Product: Google ChromeOS
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-6179
NVD References:
CVE-2025-4404 - FreeIPA project suffers from a privilege escalation vulnerability due to a lack of validation for the uniqueness of the `krbCanonicalName`, enabling users to impersonate the admin account and gain access to sensitive data within the REALM.
Product: FreeIPA
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4404
NVD References:
- https://access.redhat.com/security/cve/CVE-2025-4404
- https://bugzilla.redhat.com/show_bug.cgi?id=2364606
CVE-2025-49219 & CVE-2025-49220 - Trend Micro Apex Central below versions 8.0.7007 pre-authentication remote code execution vulnerabilities.
Product: Trend Micro Apex Central
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49219
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49220
NVD References:
- https://success.trendmicro.com/en-US/solution/KA-0019926
- https://www.zerodayinitiative.com/advisories/ZDI-25-366/
- https://www.zerodayinitiative.com/advisories/ZDI-25-367/
CVE-2025-49212, CVE-2025-49213, & CVE-2025-49217 - Trend Micro Endpoint Encryption PolicyServer is susceptible to pre-authentication remote code execution vulnerabilities.
Product: Trend Micro Endpoint Encryption PolicyServer
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49212
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49213
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49217
NVD References:
- https://success.trendmicro.com/en-US/solution/KA-0019928
- https://www.zerodayinitiative.com/advisories/ZDI-25-369/
- https://www.zerodayinitiative.com/advisories/ZDI-25-370/
- https://www.zerodayinitiative.com/advisories/ZDI-25-374/
CVE-2025-49216 - Trend Micro Endpoint Encryption PolicyServer is vulnerable to an authentication bypass that allows attackers to gain admin access and modify product configurations.
Product: Trend Micro Endpoint Encryption PolicyServer
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49216
NVD References:
- https://success.trendmicro.com/en-US/solution/KA-0019928
- https://www.zerodayinitiative.com/advisories/ZDI-25-373/
CVE-2025-49825 - Teleport is vulnerable to remote authentication bypass in Community Edition versions before and including 17.5.1 with no available open-source patch.
Product: Teleport Community Edition
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49825
NVD References: https://github.com/gravitational/teleport/security/advisories/GHSA-8cqv-pj7f-pwpc
CVE-2025-4973 - The Workreap plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.3.1, allowing unauthenticated attackers to log in as registered users by exploiting a flaw in email address verification.
Product: Unknown. Workreap WordPress plugin
Active Installations: Update to version 3.3.2, or a newer patched version.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4973
NVD References:
CVE-2025-5288 - The REST API | Custom API Generator for WordPress plugin is vulnerable to Privilege Escalation, allowing unauthenticated attackers to create new Admin users.
Product: WordPress REST API | Custom API Generator
Active Installations: This plugin has been closed as of June 11, 2025 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-5288
NVD References:
- https://wordpress.org/plugins/import-export-with-custom-rest-api/#developers
CVE-2025-6065 - The Image Resizer On The Fly plugin for WordPress is vulnerable to arbitrary file deletion, allowing unauthenticated attackers to delete files on the server and potentially execute remote code.
Product: WordPress Image Resizer On The Fly plugin
Active Installations: This plugin has been closed as of June 13, 2025 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-6065
NVD References:
- https://wordpress.org/plugins/image-resizer-on-the-fly/
CVE-2025-24773 - WPCRM - CRM for Contact Form CF7 & WooCommerce from n/a through 3.2.0 is vulnerable to SQL Injection.
Product: Mojoomla WPCRM - CRM for Contact Form CF7 & WooCommerce
Active Installations: 300+
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24773
CVE-2025-47573 - Mojoomla School Management is vulnerable to Blind SQL Injection due to improper neutralization of special elements in SQL commands.
Product: Mojoomla School Management
Active Installations: unknown
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47573
CVE-2025-30618 - Rapyd Payment Extension for WooCommerce is vulnerable to Deserialization of Untrusted Data, allowing Object Injection from version n/a through 1.2.0.
Product: Rapyd Payment Extension for WooCommerce
Active Installations: 500+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30618
CVE-2025-31919 - Deserialization of Untrusted Data vulnerability in themeton Spare allows Object Injection. This issue affects Spare: from n/a through 1.7.
Product: themeton Spare
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-31919
NVD References: https://patchstack.com/database/wordpress/theme/spare/vulnerability/wordpress-spare-1-7-php-object-injection-vulnerability?_s_id=cve
CVE-2025-32510 - Ovatheme Events Manager allows malicious files to be uploaded due to an unrestricted file type vulnerability.
Product: Ovatheme Events Manager
Active Installations: unknown
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32510
CVE-2025-39479 - smartiolabs Smart Notification is vulnerable to Blind SQL Injection, impacting versions from n/a through 10.3.
Product: smartiolabs Smart Notification
Active Installations: unknown
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-39479
CVE-2025-47452 - RexTheme WP VR allows unrestricted upload of dangerous file types, potentially enabling the upload of a web shell to a web server, affecting versions up to 8.5.26.
Product: RexTheme WP VR
Active Installations: unknown
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47452
NVD References: https://patchstack.com/database/wordpress/plugin/wpvr/vulnerability/wordpress-wp-vr-8-5-26-arbitrary-file-upload-vulnerability?_s_id=cve
CVE-2025-47559 - MapSVG allows unrestricted upload of dangerous file types, potentially enabling the upload of a web shell to a web server.
Product: RomanCode MapSVG
Active Installations: 900+
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47559
CVE-2025-48274 - WP Job Portal is vulnerable to Blind SQL Injection from versions n/a through 2.3.2.
Product: WP Job Portal wpjobportal
Active Installations: 8,000+
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48274
NVD References: https://patchstack.com/database/wordpress/plugin/wp-job-portal/vulnerability/wordpress-wp-job-portal-2-3-2-sql-injection-vulnerability?_s_id=cve
CVE-2025-49071 - NasaTheme Flozen allows uploading of a dangerous file type, allowing attackers to upload a web shell to a web server.
Product: NasaTheme Flozen
Active Installations: unknown
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49071
NVD References: https://patchstack.com/database/wordpress/theme/flozen-theme/vulnerability/wordpress-flozen-1-5-1-arbitrary-file-upload-vulnerability?_s_id=cve
CVE-2025-49330 - Integration for Contact Form 7 and Zoho CRM, Bigin is vulnerable to object injection due to deserialization of untrusted data.
Product: CRM Perks Integration for Contact Form 7 and Zoho CRM, Bigin
Active Installations: 3,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49330
CVE-2025-49444 - Merkulove Reformer for Elementor allows uploading dangerous file types, potentially enabling the upload of a web shell to a web server.
Product: Merkulove Reformer for Elementor
Active Installations: unknown
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49444
CVE-2025-49447 - FW Food Menu in Fastw3b LLC allows attackers to upload dangerous files, impacting versions from n/a to 6.0.0.
Product: Fastw3b LLC FW Food Menu
Active Installations: unknown
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49447
The following vulnerability needs a manual review:
CVE-2025-47188 - Mitel 6800 Series, 6900 Series and 6900w Series SIP Phones, including 6970 Conference Unit Command Injection and Unauthenticated File Upload Vulnerabilities
Product: Mitel 6800 Series, 6900 Series and 6900w Series SIP Phones
CVSS Score: critical
NVD: N/A
ISC Podcast: https://isc.sans.edu/podcastdetail/9496
References: https://www.mitel.com/support/mitel-product-security-advisory-misa-2025-0004
CVE-2025-49219 & CVE-2025-49220 - Trend Micro Apex Central below versions 8.0.7007 pre-authentication remote code execution vulnerabilities.
Product: Trend Micro Apex Central
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49219
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49220
NVD References:
- https://success.trendmicro.com/en-US/solution/KA-0019926
CVE-2025-49212, CVE-2025-49213, & CVE-2025-49217 - Trend Micro Endpoint Encryption PolicyServer is susceptible to pre-authentication remote code execution vulnerabilities.
Product: Trend Micro Endpoint Encryption PolicyServer
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49212
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49213
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49217
NVD References:
- https://success.trendmicro.com/en-US/solution/KA-0019928
- https://www.zerodayinitiative.com/advisories/ZDI-25-369/
CVE-2025-49216 - Trend Micro Endpoint Encryption PolicyServer is vulnerable to an authentication bypass that allows attackers to gain admin access and modify product configurations.
Product: Trend Micro Endpoint Encryption PolicyServer
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49216
NVD References:
CVE-2025-49825 - Teleport is vulnerable to remote authentication bypass in Community Edition versions before and including 17.5.1 with no available open-source patch.
Product: Teleport Community Edition
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49825
NVD References: https://github.com/gravitational/teleport/security/advisories/GHSA-8cqv-pj7f-pwpc
CVE-2025-4973 - The Workreap plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.3.1, allowing unauthenticated attackers to log in as registered users by exploiting a flaw in email address verification.
Product: Unknown. Workreap WordPress plugin
Active Installations: Update to version 3.3.2, or a newer patched version.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4973
NVD References:
CVE-2025-5288 - The REST API | Custom API Generator for WordPress plugin is vulnerable to Privilege Escalation, allowing unauthenticated attackers to create new Admin users.
Product: WordPress REST API | Custom API Generator
Active Installations: This plugin has been closed as of June 11, 2025 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-5288
NVD References:
- https://wordpress.org/plugins/import-export-with-custom-rest-api/#developers
CVE-2025-6065 - The Image Resizer On The Fly plugin for WordPress is vulnerable to arbitrary file deletion, allowing unauthenticated attackers to delete files on the server and potentially execute remote code.
Product: WordPress Image Resizer On The Fly plugin
Active Installations: This plugin has been closed as of June 13, 2025 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-6065
NVD References:
CVE-2025-24773 - WPCRM - CRM for Contact Form CF7 & WooCommerce from n/a through 3.2.0 is vulnerable to SQL Injection.
Product: Mojoomla WPCRM - CRM for Contact Form CF7 & WooCommerce
Active Installations: 300+
CVSS Score: 9.3
CVE-2025-47573 - Mojoomla School Management is vulnerable to Blind SQL Injection due to improper neutralization of special elements in SQL commands.
Product: Mojoomla School Management
Active Installations: unknown
CVSS Score: 9.3
CVE-2025-30618 - Rapyd Payment Extension for WooCommerce is vulnerable to Deserialization of Untrusted Data, allowing Object Injection from version n/a through 1.2.0.
Product: Rapyd Payment Extension for WooCommerce
Active Installations: 500+
CVSS Score: 9.8
CVE-2025-31919 - Deserialization of Untrusted Data vulnerability in themeton Spare allows Object Injection. This issue affects Spare: from n/a through 1.7.
Product: themeton Spare
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-31919
NVD References: https://patchstack.com/database/wordpress/theme/spare/vulnerability/wordpress-spare-1-7-php-object-injection-vulnerability?_s_id=cve
CVE-2025-32510 - Ovatheme Events Manager allows malicious files to be uploaded due to an unrestricted file type vulnerability.
Product: Ovatheme Events Manager
Active Installations: unknown
CVSS Score: 10.0
CVE-2025-39479 - smartiolabs Smart Notification is vulnerable to Blind SQL Injection, impacting versions from n/a through 10.3.
Product: smartiolabs Smart Notification
Active Installations: unknown
CVSS Score: 9.3
CVE-2025-47452 - RexTheme WP VR allows unrestricted upload of dangerous file types, potentially enabling the upload of a web shell to a web server, affecting versions up to 8.5.26.
Product: RexTheme WP VR
Active Installations: unknown
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47452
NVD References: https://patchstack.com/database/wordpress/plugin/wpvr/vulnerability/wordpress-wp-vr-8-5-26-arbitrary-file-upload-vulnerability?_s_id=cve
CVE-2025-47559 - MapSVG allows unrestricted upload of dangerous file types, potentially enabling the upload of a web shell to a web server.
Product: RomanCode MapSVG
Active Installations: 900+
CVSS Score: 9.9
CVE-2025-48274 - WP Job Portal is vulnerable to Blind SQL Injection from versions n/a through 2.3.2.
Product: WP Job Portal wpjobportal
Active Installations: 8,000+
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48274
NVD References: https://patchstack.com/database/wordpress/plugin/wp-job-portal/vulnerability/wordpress-wp-job-portal-2-3-2-sql-injection-vulnerability?_s_id=cve
CVE-2025-49071 - NasaTheme Flozen allows uploading of a dangerous file type, allowing attackers to upload a web shell to a web server.
Product: NasaTheme Flozen
Active Installations: unknown
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49071
NVD References: https://patchstack.com/database/wordpress/theme/flozen-theme/vulnerability/wordpress-flozen-1-5-1-arbitrary-file-upload-vulnerability?_s_id=cve
CVE-2025-49330 - Integration for Contact Form 7 and Zoho CRM, Bigin is vulnerable to object injection due to deserialization of untrusted data.
Product: CRM Perks Integration for Contact Form 7 and Zoho CRM, Bigin
Active Installations: 3,000+
CVSS Score: 9.8
CVE-2025-49444 - Merkulove Reformer for Elementor allows uploading dangerous file types, potentially enabling the upload of a web shell to a web server.
Product: Merkulove Reformer for Elementor
Active Installations: unknown
CVSS Score: 10.0
CVE-2025-49447 - FW Food Menu in Fastw3b LLC allows attackers to upload dangerous files, impacting versions from n/a to 6.0.0.
Product: Fastw3b LLC FW Food Menu
Active Installations: unknown
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49447
The following vulnerability needs a manual review:
CVE-2025-47188 - Mitel 6800 Series, 6900 Series and 6900w Series SIP Phones, including 6970 Conference Unit Command Injection and Unauthenticated File Upload Vulnerabilities
Product: Mitel 6800 Series, 6900 Series and 6900w Series SIP Phones
CVSS Score: critical
NVD: N/A
ISC Podcast: https://isc.sans.edu/podcastdetail/9496
References: https://www.mitel.com/support/mitel-product-security-advisory-misa-2025-0004
Sponsors
Sevco Security
White Paper | Continuous Threat Exposure Management: The Foundation of Modern Cybersecurity If you’re not taking a proactive, comprehensive, and continuous approach to exposure management? You need to rethink. Move beyond traditional vulnerability management with Continuous Threat Exposure Management (CTEM). Read this digital white paper to learn more about the benefits and best practices of CTEM.
SANS
Webcast | How to Easily Secure Every Connected Device with Enterprise IoT & Industrial OT Security | Wednesday, 9 July 2025 3:30PM EST (09 Jul 2025 19:30 UTC) Every connected device is a potential threat, learn how to secure them all. Join cybersecurity expert Victor Kameyama on July 9 to secure your entire IT, IoT, and OT environment without adding operational complexity. Earn a CPE credit. Register:
SANS
Webcast | How to Easily Secure Every Connected Device with Enterprise IoT & Industrial OT Security | Wednesday, 9 July 2025 3:30PM EST (09 Jul 2025 19:30 UTC) Every connected device is a potential threat, learn how to secure them all. Join cybersecurity expert Victor Kameyama on July 9 to secure your entire IT, IoT, and OT environment without adding operational complexity. Earn a CPE credit. Register:
SANS
Webcast | How to Easily Secure Every Connected Device with Enterprise IoT & Industrial OT Security | Wednesday, 9 July 2025 3:30PM EST (09 Jul 2025 19:30 UTC) Every connected device is a potential threat, learn how to secure them all. Join cybersecurity expert Victor Kameyama on July 9 to secure your entire IT, IoT, and OT environment without adding operational complexity. Earn a CPE credit. Register: