The Consensus Security Vulnerability Alert

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

Scans for Ichano AtHome IP Cameras

Published: 2025-06-23

Last Updated: 2025-06-23 15:33:55 UTC

by Johannes Ullrich (Version: 1)

Ichano's "AtHome Camera" is a bit of a different approach to home surveillance cameras. Instead of a hardware camera solution, this product is a software solution that turns existing devices like computers and tablets into webcams. The software implements features we know from similar IP camera devices. It enabled streaming of images and remote access to features like motion detection and alerting.

Back in 2017, a hard-coded username and password vulnerability was identified in the product (CVE-2017-17761). It is kind of odd that it took so long for this username to show up in scans against our honeypots, but I noticed it on June 18th. The password attempted is "123", as outlined in CVE-2017-17761. It is not clear if this issue was ever fixed by Ichano.

IP addresses scanning for this username and password combination are also scanning for other typical "IoT" default usernames and passwords, with usernames like "root", "admin", "gast", "gpon" and others.

Some of the IP addresses actively scanning ...

Read the full entry: https://isc.sans.edu/diary/Scans+for+Ichano+AtHome+IP+Cameras/32062/

ADS & Python Tools

Published: 2025-06-21

Last Updated: 2025-06-21 10:13:41 UTC

by Didier Stevens (Version: 1)

Ehsaan Mavani talks about Alternate Data Streams (ADS) in diary entry "Alternate Data Streams ? Adversary Defense Evasion and Detection [Guest Diary]".

I'm taking this as an opportunity to remind you that Python tools on Windows and an NTFS disk, can access alternate data streams.

Like my tool cut-bytes<.>py, here I use it to show the content of the Mark-of-the-Web stored inside the Zone.Identifier ADS ...

Read the full entry: https://isc.sans.edu/diary/ADS+Python+Tools/32058/

Quick Password Brute Forcing Evolution Statistics (2025.06.24)

https://isc.sans.edu/diary/Quick+Password+Brute+Forcing+Evolution+Statistics/32068/

Microsoft Patch Tuesday June 2025 (2025.06.10)

https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+June+2025/32032/

The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

CVE-2025-34508 - ZendTo versions 6.15-7 and prior suffer from a path traversal vulnerability, allowing a remote attacker to access files of other users or cause denial of service.

Product: ZendTo

CVSS Score: 6.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-34508

ISC Podcast: https://isc.sans.edu/podcastdetail/9500

NVD References: https://horizon3.ai/attack-research/attack-blogs/cve-2025-34508-another-file-sharing-application-another-path-traversal/

CVE-2025-4404 - FreeIPA project suffers from a privilege escalation vulnerability due to a lack of validation for the uniqueness of the `krbCanonicalName`, enabling users to impersonate the admin account and gain access to sensitive data within the REALM.

Product: FreeIPA

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4404

NVD References: https://bugzilla.redhat.com/show_bug.cgi?id=2364606

CVE-2025-49219 & CVE-2025-49220 - Trend Micro Apex Central below versions 8.0.7007 pre-authentication remote code execution vulnerabilities.

Product: Trend Micro Apex Central

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49219

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49220

NVD References:

- https://success.trendmicro.com/en-US/solution/KA-0019926

- https://www.zerodayinitiative.com/advisories/ZDI-25-366/

- https://www.zerodayinitiative.com/advisories/ZDI-25-367/

CVE-2025-49212, CVE-2025-49213, & CVE-2025-49217 - Trend Micro Endpoint Encryption PolicyServer pre-authentication remote code execution vulnerabilities.

Product: Trend Micro Endpoint Encryption PolicyServer

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49212

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49213

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49217

NVD References:

- https://success.trendmicro.com/en-US/solution/KA-0019928

- https://www.zerodayinitiative.com/advisories/ZDI-25-369/

- https://www.zerodayinitiative.com/advisories/ZDI-25-370/

- https://www.zerodayinitiative.com/advisories/ZDI-25-374/

CVE-2025-49216 - Trend Micro Endpoint Encryption PolicyServer is vulnerable to an authentication bypass that allows attackers to gain admin access and modify product configurations.

Product: Trend Micro Endpoint Encryption PolicyServer

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49216

NVD References:

- https://success.trendmicro.com/en-US/solution/KA-0019928

- https://www.zerodayinitiative.com/advisories/ZDI-25-373/

CVE-2025-49825 - Teleport is vulnerable to remote authentication bypass in Community Edition versions before and including 17.5.1 with no available open-source patch.

Product: Teleport Community Edition

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49825

NVD References: https://github.com/gravitational/teleport/security/advisories/GHSA-8cqv-pj7f-pwpc

CVE-2025-45784 - D-Link DPH-400S/SE VoIP Phone v1.01 is vulnerable to hardcoded provisioning variables that may expose sensitive user credentials, allowing attackers to potentially access device functions or user accounts.

Product: D-Link DPH-400S/SE VoIP Phone

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-45784

NVD References:

- https://cybermaya.in/posts/Post-37/

- https://www.dlink.com/en/security-bulletin/

CVE-2025-46157 - EfroTech Time Trax v.1.0 is vulnerable to a remote code execution attack via the file attachment function in the leave request form.

Product: EfroTech Time Trax

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-46157

CVE-2025-20260 - ClamAV is vulnerable to a buffer overflow condition in its PDF scanning processes, allowing an attacker to potentially execute arbitrary code on an affected device.

Product: ClamAV DF scanning processes

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-20260

NVD References: https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html

CVE-2025-26198 - CloudClassroom-PHP-Project v.1.0 is vulnerable to SQL Injection in loginlinkadmin.php, enabling unauthenticated attackers to bypass authentication and gain administrative access.

Product: CloudClassroom-PHP-Project

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26198

CVE-2025-26199 - CloudClassroom PHP Project v.1.0 is vulnerable to remote code execution due to passwords being submitted in cleartext.

Product: CloudClassroom PHP Project v.1.0

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26199

CVE-2024-45208 - The Versa Director SD-WAN orchestration platform is vulnerable to unauthorized administrative actions and remote code execution due to a flaw in the Cisco NCS application service communication over TCP ports 4566 and 4570.

Product: Versa Networks Versa Director SD-WAN orchestration platform

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45208

NVD References: https://docs.versa-networks.com/Solutions/System_Hardening/Perform_Manual_Hardening_for_Versa_Director#Harden_Port_4566

CVE-2025-24288 - The Versa Director software exposes multiple services by default, making it vulnerable to attackers exploiting default credentials and multiple accounts with sudo access, including ssh and postgres, although no known exploits have occurred.

Product: Versa Networks Versa Director

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24288

NVD References: https://security-portal.versa-networks.com/emailbulletins/68526d12dc94d6b9f2faf719

CVE-2025-52467 - pgai is a Python library that transforms PostgreSQL into a retrieval engine for RAG and Agentic applications and was vulnerable to an attack allowing exfiltration of all secrets prior to commit 8eb3567.

Product: pgai Python library

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-52467

NVD References: https://github.com/timescale/pgai/security/advisories/GHSA-89qq-hgvp-x37m

CVE-2025-50201 - WeGIA web manager for charitable institutions is vulnerable to OS Command Injection in version 3.4.2, allowing unauthenticated attackers to execute arbitrary commands on the server.

Product: WeGIA web manager

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-50201

NVD References: https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-52p5-5fmw-9hrf

CVE-2025-4738 - Yirmibes Software MY ERP before 1.170 is vulnerable to SQL Injection.

Product: Yirmibes Software MY ERP

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4738

NVD References: https://www.usom.gov.tr/bildirim/tr-25-0132

CVE-2025-33117 - IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 is vulnerable to allowing a privileged user to modify configuration files and upload malicious autoupdate files to execute arbitrary commands.

Product: IBM QRadar SIEM

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-33117

NVD References: https://www.ibm.com/support/pages/node/7237317

CVE-2025-4981 - Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 have a vulnerability that allows authenticated users to upload archives with path traversal sequences in filenames, potentially leading to remote code execution.

Product: Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4981

NVD References: https://mattermost.com/security-updates

CVE-2024-53298 - Dell PowerScale OneFS versions 9.5.0.0 through 9.10.0.1 is vulnerable to missing authorization in NFS exports, allowing unauthorized access to the filesystem by unauthenticated remote attackers.

Product: Dell PowerScale OneFS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-53298

NVD References: https://www.dell.com/support/kbdoc/en-us/000326339/dsa-2025-208-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities

CVE-2025-32877 - COROS PACE 3 devices through 3.0808.0 are vulnerable to machine-in-the-middle attacks due to their lack of authentication during BLE interactions.

Product: COROS PACE 3 devices

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32877

NVD References: https://support.coros.com/hc/en-us/articles/20087694119828-COROS-PACE-3-Release-Notes

CVE-2025-32878 - COROS PACE 3 devices through 3.0808.0 are vulnerable to eavesdropping and manipulation of HTTPS communication due to lack of X.509 server certificate validation.

Product: COROS PACE 3

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32878

NVD References: https://support.coros.com/hc/en-us/articles/20087694119828-COROS-PACE-3-Release-Notes

CVE-2025-32880 - COROS PACE 3 devices through 3.0808.0 are susceptible to sniffing and man-in-the-middle attacks due to unencrypted communication during firmware downloads via WLAN.

Product: COROS PACE 3

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32880

NVD References: https://support.coros.com/hc/en-us/articles/20087694119828-COROS-PACE-3-Release-Notes

CVE-2025-48706 - COROS PACE is vulnerable to an out-of-bounds read issue via a crafted BLE message, leading to unintended device reboots.

Product: COROS PACE

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48706

NVD References: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-028.txt

CVE-2025-46179 - CloudClassroom-PHP Project v1.0 contains a SQL Injection vulnerability in the askquery.php file due to unsanitized input in the squeryx parameter.

Product: CloudClassroom-PHP Project v1.0

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-46179

CVE-2025-45890 - Directory Traversal vulnerability in novel plus before v.5.1.0 allows a remote attacker to execute arbitrary code via the filePath parameter

Product: novel plus

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-45890

CVE-2025-44635 - The H3C ER2200G2, ERG2-450W, ERG2-1200W, ERG2-1350W, NR1200W series routers, H3C ER3100G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2, ER6300G2, ER8300G2, ER8300G2-X series routers, GR3200, GR5200, GR8300, GR-1800AX, GR-3000AX, and GR-5400AX routers are vulnerable to unauthorized remote command execution due to authentication bypass and injection of arbitrary malicious commands.

Product: H3C ER2200G2, ERG2-450W, ERG2-1200W, ERG2-1350W, NR1200W, ER3100G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2, ER6300G2, ER8300G2, ER8300G2-X, GR3200, GR5200, GR8300, GR-1800AX, GR-3000AX, GR-5400AX

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-44635

CVE-2025-49132 - Pterodactyl has a vulnerability that allows a malicious actor to execute arbitrary code without being authenticated, potentially leading to unauthorized access and data extraction.

Product: Pterodactyl game server management panel

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49132

NVD References: https://github.com/pterodactyl/panel/security/advisories/GHSA-24wv-6c99-f843

CVE-2024-45347 - Xiaomi Mi Connect Service APP is vulnerable to unauthorized access due to flawed validation logic, allowing attackers to gain unauthorized access to the victim’s device.

Product: Xiaomi Mi Connect Service APP

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45347

CVE-2025-52921 - In Innoshop through 0.4.1, an attacker can achieve code execution on the server by exploiting the File Manager functions in the admin panel to upload and rename a crafted file with a .php extension.

Product: Innoshop

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-52921

NVD References: https://github.com/innocommerce/innoshop

CVE-2025-6512 - BRAIN2 allows for the execution of scripts by non-admin users in reports, which can later be run on the server with administrator privileges.

Product: BRAIN2 Server

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-6512

NVD References: https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0004.pdf

CVE-2025-6513 - Standard Windows users can access the configuration file for database access of the BRAIN2 application and decrypt it.

Product: Nobeltec BRAIN2

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-6513

NVD References: https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0003.pdf

CVE-2023-47297 - NCR Terminal Handler v1.5.1 is vulnerable to settings manipulation, enabling attackers to execute arbitrary commands and alter system security auditing configurations.

Product: NCR Terminal Handler

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-47297

NVD References: https://github.com/pwahba/cve-research/blob/main/CVE-2023-47297/CVE-2023-47297.md

CVE-2023-48978 - NCR ITM Web terminal v.4.4.0 and v.4.4.4 is vulnerable to remote code execution through a crafted script in the IP camera URL component.

Product: NCR ITM Web terminal

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-48978

NVD References: https://github.com/pwahba/cve-research/blob/main/CVE-2023-48978/CVE-2023-48978.md

CVE-2023-47032 - NCR Terminal Handler v.1.5.1 is vulnerable to password exploitation, allowing remote attackers to execute arbitrary code.

Product: NCR Terminal Handler

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-47032

NVD References: https://github.com/pwahba/cve-research/blob/main/CVE-2023-47032/CVE-2023-47032.md

CVE-2023-47295 - NCR Terminal Handler v1.5.1 is vulnerable to CSV injection, enabling attackers to run arbitrary commands by inserting a malicious payload into text fields.

Product: NCR Terminal Handler

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-47295

NVD References: https://github.com/pwahba/cve-research/blob/main/CVE-2023-47295/CVE-2023-47295.md

CVE-2023-47031 - NCR Terminal Handler v.1.5.1 is vulnerable to remote privilege escalation via crafted POST requests to multiple SOAP API components.

Product: NCR Terminal Handler

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-47031

CVE-2023-47030 - NCR Terminal Handler v.1.5.1 is vulnerable to remote code execution and sensitive information disclosure through a GET request to a UserService SOAP API endpoint.

Product: NCR Terminal Handler

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-47030

NVD References: https://github.com/pwahba/cve-research/blob/main/CVE-2023-47030/CVE-2023-47030.md

CVE-2025-46101 - Beakon Software Beakon Learning Management System SCORM version before 5.4.3 is vulnerable to SQL Injection, allowing a remote attacker to access sensitive information via the ks parameter in json_scorm.php file.

Product: Beakon Software Beakon Learning Management System Sharable Content Object Reference Model (SCORM)

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-46101

CVE-2025-52562 - Convoy's LocaleController component in versions 3.9.0-rc3 to before 4.4.1 allows unauthenticated remote attackers to execute arbitrary PHP files via a specially crafted HTTP request, patched in version 4.4.1, with a temporary workaround involving strict WAF rules.

Product: Performave Convoy

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-52562

NVD References: https://github.com/ConvoyPanel/panel/security/advisories/GHSA-43g3-qpwq-hfgg

CVE-2025-48469 - The vulnerable product could allow an unauthenticated attacker to upload firmware through a public update page, potentially resulting in backdoor installation or privilege escalation.

Product: Advantech WISE-4010LAN, WISE-4050LAN, WISE-4060LAN

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48469

NVD References: https://jro.sg/CVEs/CVE-2025-48469/

NVD References: https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-061/

CVE-2025-6559 - Sapido wireless routers are vulnerable to OS Command Injection, allowing remote attackers to execute arbitrary commands on unsupported models.

Product: Sapido Multiple wireless router models

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-6559

NVD References:

- https://www.twcert.org.tw/en/cp-139-10195-69da1-2.html

- https://www.twcert.org.tw/tw/cp-132-10196-898d3-1.html

CVE-2025-6560 - Sapido wireless routers have an Exposure of Sensitive Information vulnerability allowing attackers to access plaintext administrator credentials remotely, making device replacement advisable.

Product: Sapido Multiple wireless router models

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-6560

NVD References:

- https://www.twcert.org.tw/en/cp-139-10198-55217-2.html

- https://www.twcert.org.tw/tw/cp-132-10197-524ea-1.html

CVE-2024-56731 - Gogs is vulnerable to remote command execution and unauthorized access to users' code due to an insufficient patch for CVE-2024-39931 prior to version 0.13.3.

Product: Gogs Git service

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-56731

NVD References: https://github.com/gogs/gogs/security/advisories/GHSA-wj44-9vcg-wjq7

CVE-2025-50213 - Apache Airflow Providers Snowflake before 6.4.0 is vulnerable to Special Element Injection when copying from external stages.

Product: Apache Airflow Providers Snowflake

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-50213

NVD References: https://lists.apache.org/thread/2kqfmyt2pghg5f6797g8hzvq331v8qx3

CVE-2025-32975 - Quest KACE Systems Management Appliance (SMA) versions before 14.1.101 (Patch 4) have an authentication bypass vulnerability, enabling attackers to impersonate legitimate users without valid credentials and potentially gain complete administrative control.

Product: Quest KACE Systems Management Appliance (SMA)

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32975

NVD References:

- https://seclists.org/fulldisclosure/2025/Jun/22

- https://support.quest.com/kb/4379499/quest-response-to-kace-sma-vulnerabilities-cve-2025-32975-cve-2025-32976-cve-2025-32977-cve-2025-32978

CVE-2025-32977 - Quest KACE Systems Management Appliance (SMA) versions before 13.0.385, 13.1.81, 13.2.183, 14.0.341 (Patch 5), and 14.1.101 (Patch 4) allow unauthenticated users to upload malicious backup files, compromising system integrity.

Product: Quest KACE Systems Management Appliance (SMA)

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32977

NVD References:

- https://seclists.org/fulldisclosure/2025/Jun/24

- https://support.quest.com/kb/4379499/quest-response-to-kace-sma-vulnerabilities-cve-2025-32975-cve-2025-32976-cve-2025-32977-cve-2025-32978

CVE-2025-4383 - Art-in Bilişim Teknolojileri ve Yazılım Hizm. Tic. Ltd. Şti. Wi-Fi Cloud Hotspot allows Authentication Abuse and Bypass due to improper restriction of excessive authentication attempts.

Product: Art-in Bilişim Teknolojileri ve Yazılım Hizm. Tic. Ltd. Şti. Wi-Fi Cloud Hotspot

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4383

NVD References: https://www.usom.gov.tr/bildirim/tr-25-0134

CVE-2025-4378 - Ataturk University ATA-AOF Mobile Application is vulnerable to Cleartext Transmission of Sensitive Information and hard-coded credentials, allowing for Authentication Abuse and Bypass before 20.06.2025.

Product: Ataturk University ATA-AOF Mobile Application

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4378

NVD References: https://www.usom.gov.tr/bildirim/tr-25-0135

CVE-2024-37743 - An issue in mmzdev KnowledgeGPT V.0.0.5 allows a remote attacker to execute arbitrary code via the Document Display Component.

Product: mmzdev KnowledgeGPT

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37743

NVD References:

- https://github.com/mmz-001/knowledge_gpt/blob/main/knowledge_gpt/main.py

- https://medium.com/@cnetsec/vulnerability-identified-in-knowledgegpt-version-0-0-5-5168ec081842

CVE-2025-52571 - Hikka, a Telegram userbot, has a vulnerability in versions below 1.6.2 that allows an attacker to gain full access to users' accounts and the server.

Product: Hikka Telegram userbot

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-52571

NVD References: https://github.com/hikariatama/Hikka/security/advisories/GHSA-vwpq-wm8w-44wf

CVE-2025-52572 - Hikka, a Telegram userbot, has a vulnerability affecting all users on all versions, allowing attackers to remotely execute code and gain access to Telegram accounts.

Product: Hikka Telegram userbot

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-52572

NVD References: https://github.com/hikariatama/Hikka/security/advisories/GHSA-7x3c-335v-wxjj

CVE-2025-5777 - Insufficient input validation leading to memory overread on the NetScaler Management Interface NetScaler ADC and NetScaler Gateway

Product: Citrix NetScaler NetScaler ADC and NetScaler Gateway

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-5777

ISC Podcast: https://isc.sans.edu/podcastdetail/9502

NVD References: https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420

CVE-2025-6218 - RARLAB WinRAR is susceptible to a directory traversal remote code execution vulnerability, requiring user interaction to exploit, allowing attackers to execute arbitrary code.

Product: RARLAB WinRAR

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-6218

ISC Podcast: https://isc.sans.edu/podcastdetail/9502

NVD References:

- https://www.win-rar.com/singlenewsview.html?&tx_ttnews%5Btt_news%5D=276&cHash=388885bd3908a40726f535c026f94eb6

- https://www.zerodayinitiative.com/advisories/ZDI-25-409/

CVE-2017-17761 - Ichano AtHome IP Camera devices allow remote unauthenticated LAN users to run arbitrary commands via the "noodles" binary on port 1300.

Product: Ichano Athome_Ip_Camera_Firmware -

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2017-17761

ISC Diary: https://isc.sans.edu/diary/32062

CVE-2025-24773 - WPCRM - CRM for Contact form CF7 & WooCommerce from n/a through 3.2.0 is vulnerable to SQL Injection.

Product: Mojoomla WPCRM - CRM for Contact form CF7 & WooCommerce

Active Installations: unknown

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24773

NVD References: https://patchstack.com/database/wordpress/plugin/wpcrm/vulnerability/wordpress-wpcrm-crm-for-contact-form-cf7-woocommerce-3-2-0-sql-injection-vulnerability?_s_id=cve

CVE-2025-30618 - Rapyd Payment Extension for WooCommerce is vulnerable to Deserialization of Untrusted Data, allowing Object Injection from version n/a through 1.2.0.

Product: Rapyd Payment Extension for WooCommerce

Active Installations: 500+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30618

NVD References: https://patchstack.com/database/wordpress/plugin/rapyd-payments/vulnerability/wordpress-rapyd-payment-extension-for-woocommerce-1-1-9-php-object-injection-vulnerability?_s_id=cve

CVE-2025-31919 - Deserialization of Untrusted Data vulnerability in themeton Spare allows Object Injection. This issue affects Spare: from n/a through 1.7.

Product: themeton Spare

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-31919

NVD References: https://patchstack.com/database/wordpress/theme/spare/vulnerability/wordpress-spare-1-7-php-object-injection-vulnerability?_s_id=cve

CVE-2025-32510 - Ovatheme Events Manager allows malicious files to be uploaded due to an unrestricted file type vulnerability.

Product: Ovatheme Events Manager

Active Installations: unknown

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32510

NVD References: https://patchstack.com/database/wordpress/plugin/ova-events-manager/vulnerability/wordpress-ovatheme-events-manager-plugin-1-7-5-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2025-39479 - smartiolabs Smart Notification is vulnerable to Blind SQL Injection, impacting versions from n/a through 10.3.

Product: smartiolabs Smart Notification

Active Installations: unknown

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-39479

NVD References: https://patchstack.com/database/wordpress/plugin/smio-push-notification/vulnerability/wordpress-smart-notification-plugin-10-3-sql-injection-vulnerability?_s_id=cve

CVE-2025-47452 - RexTheme WP VR allows unrestricted upload of dangerous file types, potentially enabling the upload of a web shell to a web server, affecting versions up to 8.5.26.

Product: RexTheme WP VR

Active Installations: unknown

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47452

NVD References: https://patchstack.com/database/wordpress/plugin/wpvr/vulnerability/wordpress-wp-vr-8-5-26-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2025-47559 - MapSVG allows unrestricted upload of dangerous file types, potentially enabling the upload of a web shell to a web server.

Product: RomanCode MapSVG

Active Installations: 1,000+

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47559

NVD References: https://patchstack.com/database/wordpress/plugin/mapsvg/vulnerability/wordpress-mapsvg-plugin-8-5-32-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2025-47573 - Mojoomla School Management is vulnerable to Blind SQL Injection due to improper neutralization of special elements in SQL commands.

Product: Mojoomla School Management

Active Installations: unknown

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47573

NVD References: https://patchstack.com/database/wordpress/plugin/school-management/vulnerability/wordpress-school-management-system-plugin-92-0-0-sql-injection-vulnerability?_s_id=cve

CVE-2025-48274 - WP Job Portal is vulnerable to Blind SQL Injection from versions n/a through 2.3.2.

Product: WP Job Portal wpjobportal

Active Installations: 8,000+

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48274

NVD References: https://patchstack.com/database/wordpress/plugin/wp-job-portal/vulnerability/wordpress-wp-job-portal-2-3-2-sql-injection-vulnerability?_s_id=cve

CVE-2025-49071 - NasaTheme Flozen allows uploading of a dangerous file type, allowing attackers to upload a web shell to a web server.

Product: NasaTheme Flozen

Active Installations: 100+

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49071

NVD References: https://patchstack.com/database/wordpress/theme/flozen-theme/vulnerability/wordpress-flozen-1-5-1-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2025-49330 - Integration for Contact Form 7 and Zoho CRM, Bigin is vulnerable to object injection due to deserialization of untrusted data.

Product: CRM Perks Integration for Contact Form 7 and Zoho CRM, Bigin

Active Installations: 3,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49330

NVD References: https://patchstack.com/database/wordpress/plugin/cf7-zoho/vulnerability/wordpress-integration-for-contact-form-7-and-zoho-crm-bigin-1-3-0-php-object-injection-vulnerability?_s_id=cve

CVE-2025-49444 - Merkulove Reformer for Elementor allows uploading dangerous file types, potentially enabling the upload of a web shell to a web server.

Product: Merkulove Reformer for Elementor

Active Installations: unknown

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49444

NVD References: https://patchstack.com/database/wordpress/plugin/reformer-elementor/vulnerability/wordpress-reformer-for-elementor-1-0-5-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2025-49447 - FW Food Menu in Fastw3b LLC allows attackers to upload dangerous files, impacting versions from n/a to 6.0.0.

Product: Fastw3b LLC FW Food Menu

Active Installations: unknown

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49447

NVD References: https://patchstack.com/database/wordpress/plugin/fw-food-menu/vulnerability/wordpress-fw-food-menu-6-0-0-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2025-49452 - PostaPanduri through 2.1.3 is vulnerable to SQL Injection due to improper neutralization of special elements used in an SQL command.

Product: Adrian Ladó PostaPanduri

Active Installations: 40+

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49452

NVD References: https://patchstack.com/database/wordpress/plugin/postapanduri/vulnerability/wordpress-postapanduri-2-1-3-sql-injection-vulnerability?_s_id=cve

CVE-2025-1562 - The Recover WooCommerce Cart Abandonment WordPress plugin is vulnerable to unauthorized plugin installation, allowing attackers to potentially infect a vulnerable site.

Product: FunnelKit Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation

Active Installations: 20,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1562

NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/094972e6-7e02-4060-b069-e39c8cde9331?source=cve