SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
Scans for Ichano AtHome IP Cameras
Published: 2025-06-23
Last Updated: 2025-06-23 15:33:55 UTC
by Johannes Ullrich (Version: 1)
Ichano's "AtHome Camera" is a bit of a different approach to home surveillance cameras. Instead of a hardware camera solution, this product is a software solution that turns existing devices like computers and tablets into webcams. The software implements features we know from similar IP camera devices. It enabled streaming of images and remote access to features like motion detection and alerting.
Back in 2017, a hard-coded username and password vulnerability was identified in the product (CVE-2017-17761). It is kind of odd that it took so long for this username to show up in scans against our honeypots, but I noticed it on June 18th. The password attempted is "123", as outlined in CVE-2017-17761. It is not clear if this issue was ever fixed by Ichano.
IP addresses scanning for this username and password combination are also scanning for other typical "IoT" default usernames and passwords, with usernames like "root", "admin", "gast", "gpon" and others.
Some of the IP addresses actively scanning ...
Read the full entry: https://isc.sans.edu/diary/Scans+for+Ichano+AtHome+IP+Cameras/32062/
ADS & Python Tools
Published: 2025-06-21
Last Updated: 2025-06-21 10:13:41 UTC
by Didier Stevens (Version: 1)
Ehsaan Mavani talks about Alternate Data Streams (ADS) in diary entry "Alternate Data Streams ? Adversary Defense Evasion and Detection [Guest Diary]".
I'm taking this as an opportunity to remind you that Python tools on Windows and an NTFS disk, can access alternate data streams.
Like my tool cut-bytes<.>py, here I use it to show the content of the Mark-of-the-Web stored inside the Zone.Identifier ADS ...
Read the full entry: https://isc.sans.edu/diary/ADS+Python+Tools/32058/
Quick Password Brute Forcing Evolution Statistics (2025.06.24)
https://isc.sans.edu/diary/Quick+Password+Brute+Forcing+Evolution+Statistics/32068/
Microsoft Patch Tuesday June 2025 (2025.06.10)
https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+June+2025/32032/
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.
Product: ZendTo
CVSS Score: 6.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-34508
ISC Podcast: https://isc.sans.edu/podcastdetail/9500
NVD References:
Product: FreeIPA
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4404
NVD References: https://bugzilla.redhat.com/show_bug.cgi?id=2364606
Product: Trend Micro Apex Central
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49219
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49220
NVD References:
- https://success.trendmicro.com/en-US/solution/KA-0019926
- https://www.zerodayinitiative.com/advisories/ZDI-25-366/
- https://www.zerodayinitiative.com/advisories/ZDI-25-367/
Product: Trend Micro Endpoint Encryption PolicyServer
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49212
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49213
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49217
NVD References:
- https://success.trendmicro.com/en-US/solution/KA-0019928
- https://www.zerodayinitiative.com/advisories/ZDI-25-369/
- https://www.zerodayinitiative.com/advisories/ZDI-25-370/
- https://www.zerodayinitiative.com/advisories/ZDI-25-374/
Product: Trend Micro Endpoint Encryption PolicyServer
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49216
NVD References:
- https://success.trendmicro.com/en-US/solution/KA-0019928
- https://www.zerodayinitiative.com/advisories/ZDI-25-373/
Product: Teleport Community Edition
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49825
NVD References: https://github.com/gravitational/teleport/security/advisories/GHSA-8cqv-pj7f-pwpc
Product: D-Link DPH-400S/SE VoIP Phone
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-45784
NVD References:
- https://cybermaya.in/posts/Post-37/
- https://www.dlink.com/en/security-bulletin/
Product: ClamAV DF scanning processes
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-20260
NVD References: https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html
Product: CloudClassroom-PHP-Project
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26198
Product: CloudClassroom PHP Project v.1.0
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26199
Product: Versa Networks Versa Director SD-WAN orchestration platform
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45208
NVD References: https://docs.versa-networks.com/Solutions/System_Hardening/Perform_Manual_Hardening_for_Versa_Director#Harden_Port_4566
Product: Versa Networks Versa Director
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24288
NVD References: https://security-portal.versa-networks.com/emailbulletins/68526d12dc94d6b9f2faf719
Product: pgai Python library
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-52467
NVD References: https://github.com/timescale/pgai/security/advisories/GHSA-89qq-hgvp-x37m
Product: WeGIA web manager
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-50201
NVD References: https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-52p5-5fmw-9hrf
Product: Yirmibes Software MY ERP
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4738
NVD References: https://www.usom.gov.tr/bildirim/tr-25-0132
Product: IBM QRadar SIEM
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-33117
NVD References: https://www.ibm.com/support/pages/node/7237317
Product: Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4981
NVD References: https://mattermost.com/security-updates
Product: Dell PowerScale OneFS
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-53298
NVD References: https://www.dell.com/support/kbdoc/en-us/000326339/dsa-2025-208-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities
Product: COROS PACE 3 devices
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32877
NVD References: https://support.coros.com/hc/en-us/articles/20087694119828-COROS-PACE-3-Release-Notes
Product: COROS PACE 3
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32878
NVD References: https://support.coros.com/hc/en-us/articles/20087694119828-COROS-PACE-3-Release-Notes
Product: COROS PACE 3
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32880
NVD References: https://support.coros.com/hc/en-us/articles/20087694119828-COROS-PACE-3-Release-Notes
Product: COROS PACE
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48706
NVD References: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-028.txt
Product: CloudClassroom-PHP Project v1.0
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-46179
Product: H3C ER2200G2, ERG2-450W, ERG2-1200W, ERG2-1350W, NR1200W, ER3100G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2, ER6300G2, ER8300G2, ER8300G2-X, GR3200, GR5200, GR8300, GR-1800AX, GR-3000AX, GR-5400AX
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-44635
Product: Pterodactyl game server management panel
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49132
NVD References: https://github.com/pterodactyl/panel/security/advisories/GHSA-24wv-6c99-f843
Product: Xiaomi Mi Connect Service APP
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45347
Product: Innoshop
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-52921
NVD References: https://github.com/innocommerce/innoshop
Product: BRAIN2 Server
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-6512
NVD References: https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0004.pdf
Product: Nobeltec BRAIN2
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-6513
NVD References: https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0003.pdf
Product: NCR Terminal Handler
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-47297
NVD References: https://github.com/pwahba/cve-research/blob/main/CVE-2023-47297/CVE-2023-47297.md
Product: NCR ITM Web terminal
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-48978
NVD References: https://github.com/pwahba/cve-research/blob/main/CVE-2023-48978/CVE-2023-48978.md
Product: NCR Terminal Handler
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-47032
NVD References: https://github.com/pwahba/cve-research/blob/main/CVE-2023-47032/CVE-2023-47032.md
Product: NCR Terminal Handler
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-47295
NVD References: https://github.com/pwahba/cve-research/blob/main/CVE-2023-47295/CVE-2023-47295.md
Product: NCR Terminal Handler
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-47030
NVD References: https://github.com/pwahba/cve-research/blob/main/CVE-2023-47030/CVE-2023-47030.md
Product: Beakon Software Beakon Learning Management System Sharable Content Object Reference Model (SCORM)
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-46101
Product: Performave Convoy
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-52562
NVD References: https://github.com/ConvoyPanel/panel/security/advisories/GHSA-43g3-qpwq-hfgg
Product: Advantech WISE-4010LAN, WISE-4050LAN, WISE-4060LAN
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48469
NVD References: https://jro.sg/CVEs/CVE-2025-48469/
NVD References: https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-061/
Product: Sapido Multiple wireless router models
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-6559
NVD References:
- https://www.twcert.org.tw/en/cp-139-10195-69da1-2.html
- https://www.twcert.org.tw/tw/cp-132-10196-898d3-1.html
Product: Sapido Multiple wireless router models
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-6560
NVD References:
- https://www.twcert.org.tw/en/cp-139-10198-55217-2.html
- https://www.twcert.org.tw/tw/cp-132-10197-524ea-1.html
Product: Gogs Git service
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-56731
NVD References: https://github.com/gogs/gogs/security/advisories/GHSA-wj44-9vcg-wjq7
Product: Apache Airflow Providers Snowflake
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-50213
NVD References: https://lists.apache.org/thread/2kqfmyt2pghg5f6797g8hzvq331v8qx3
Product: Quest KACE Systems Management Appliance (SMA)
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32975
NVD References:
- https://seclists.org/fulldisclosure/2025/Jun/22
-
cve-2025-32975-cve-2025-32976-
Product: Quest KACE Systems Management Appliance (SMA)
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32977
NVD References:
cve-2025-32975-cve-2025-32976-
CVE-2025-32977 - Quest KACE Systems Management Appliance (SMA) versions before 13.0.385, 13.1.81, 13.2.183, 14.0.341 (Patch 5), and 14.1.101 (Patch 4) allow unauthenticated users to upload malicious backup files, compromising system integrity.
Product: Quest KACE Systems Management Appliance (SMA)
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32977
NVD References:
- https://seclists.org/fulldisclosure/2025/Jun/24
Product: Art-in Bilişim Teknolojileri ve Yazılım Hizm. Tic. Ltd. Şti. Wi-Fi Cloud Hotspot
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4383
NVD References: https://www.usom.gov.tr/bildirim/tr-25-0134
Product: Ataturk University ATA-AOF Mobile Application
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4378
NVD References: https://www.usom.gov.tr/bildirim/tr-25-0135
Product: mmzdev KnowledgeGPT
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37743
NVD References:
- https://github.com/mmz-001/knowledge_gpt/blob/main/knowledge_gpt/main.py
- https://medium.com/@cnetsec/vulnerability-identified-in-knowledgegpt-version-0-0-5-5168ec081842
Product: Hikka Telegram userbot
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-52571
NVD References: https://github.com/hikariatama/Hikka/security/advisories/GHSA-vwpq-wm8w-44wf
Product: Hikka Telegram userbot
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-52572
NVD References: https://github.com/hikariatama/Hikka/security/advisories/GHSA-7x3c-335v-wxjj
CVE-2025-5777 - Insufficient input validation leading to memory overread on the NetScaler Management Interface NetScaler ADC and NetScaler Gateway
Product: Citrix NetScaler NetScaler ADC and NetScaler Gateway
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-5777
ISC Podcast: https://isc.sans.edu/podcastdetail/9502
NVD References: https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420
CVE-2025-6218 - RARLAB WinRAR is susceptible to a directory traversal remote code execution vulnerability, requiring user interaction to exploit, allowing attackers to execute arbitrary code.
Product: RARLAB WinRAR
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-6218
ISC Podcast: https://isc.sans.edu/podcastdetail/9502
NVD References:
- https://www.zerodayinitiative.com/advisories/ZDI-25-409/
CVE-2017-17761 - Ichano AtHome IP Camera devices allow remote unauthenticated LAN users to run arbitrary commands via the "noodles" binary on port 1300.
Product: Ichano Athome_Ip_Camera_Firmware -
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2017-17761
ISC Diary: https://isc.sans.edu/diary/32062
CVE-2025-24773 - WPCRM - CRM for Contact form CF7 & WooCommerce from n/a through 3.2.0 is vulnerable to SQL Injection.
Product: Mojoomla WPCRM - CRM for Contact form CF7 & WooCommerce
Active Installations: unknown
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24773
CVE-2025-30618 - Rapyd Payment Extension for WooCommerce is vulnerable to Deserialization of Untrusted Data, allowing Object Injection from version n/a through 1.2.0.
Product: Rapyd Payment Extension for WooCommerce
Active Installations: 500+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30618
CVE-2025-31919 - Deserialization of Untrusted Data vulnerability in themeton Spare allows Object Injection. This issue affects Spare: from n/a through 1.7.
Product: themeton Spare
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-31919
NVD References: https://patchstack.com/database/wordpress/theme/spare/vulnerability/wordpress-spare-1-7-php-object-injection-vulnerability?_s_id=cve
CVE-2025-32510 - Ovatheme Events Manager allows malicious files to be uploaded due to an unrestricted file type vulnerability.
Product: Ovatheme Events Manager
Active Installations: unknown
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32510
CVE-2025-39479 - smartiolabs Smart Notification is vulnerable to Blind SQL Injection, impacting versions from n/a through 10.3.
Product: smartiolabs Smart Notification
Active Installations: unknown
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-39479
CVE-2025-47452 - RexTheme WP VR allows unrestricted upload of dangerous file types, potentially enabling the upload of a web shell to a web server, affecting versions up to 8.5.26.
Product: RexTheme WP VR
Active Installations: unknown
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47452
NVD References: https://patchstack.com/database/wordpress/plugin/wpvr/vulnerability/wordpress-wp-vr-8-5-26-arbitrary-file-upload-vulnerability?_s_id=cve
CVE-2025-47559 - MapSVG allows unrestricted upload of dangerous file types, potentially enabling the upload of a web shell to a web server.
Product: RomanCode MapSVG
Active Installations: 1,000+
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47559
NVD References: https://patchstack.com/database/wordpress/plugin/mapsvg/vulnerability/wordpress-mapsvg-plugin-8-5-32-arbitrary-file-upload-vulnerability?_s_id=cve
CVE-2025-47573 - Mojoomla School Management is vulnerable to Blind SQL Injection due to improper neutralization of special elements in SQL commands.
Product: Mojoomla School Management
Active Installations: unknown
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47573
NVD References: https://patchstack.com/database/wordpress/plugin/school-management/vulnerability/wordpress-school-management-system-plugin-92-0-0-sql-injection-vulnerability?_s_id=cve
CVE-2025-48274 - WP Job Portal is vulnerable to Blind SQL Injection from versions n/a through 2.3.2.
Product: WP Job Portal wpjobportal
Active Installations: 8,000+
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48274
NVD References: https://patchstack.com/database/wordpress/plugin/wp-job-portal/vulnerability/wordpress-wp-job-portal-2-3-2-sql-injection-vulnerability?_s_id=cve
CVE-2025-49071 - NasaTheme Flozen allows uploading of a dangerous file type, allowing attackers to upload a web shell to a web server.
Product: NasaTheme Flozen
Active Installations: 100+
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49071
NVD References: https://patchstack.com/database/wordpress/theme/flozen-theme/vulnerability/wordpress-flozen-1-5-1-arbitrary-file-upload-vulnerability?_s_id=cve
CVE-2025-49330 - Integration for Contact Form 7 and Zoho CRM, Bigin is vulnerable to object injection due to deserialization of untrusted data.
Product: CRM Perks Integration for Contact Form 7 and Zoho CRM, Bigin
Active Installations: 3,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49330
CVE-2025-49444 - Merkulove Reformer for Elementor allows uploading dangerous file types, potentially enabling the upload of a web shell to a web server.
Product: Merkulove Reformer for Elementor
Active Installations: unknown
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49444
CVE-2025-49447 - FW Food Menu in Fastw3b LLC allows attackers to upload dangerous files, impacting versions from n/a to 6.0.0.
Product: Fastw3b LLC FW Food Menu
Active Installations: unknown
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49447
CVE-2025-49452 - PostaPanduri through 2.1.3 is vulnerable to SQL Injection due to improper neutralization of special elements used in an SQL command.
Product: Adrian Ladó PostaPanduri
Active Installations: 40+
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49452
NVD References: https://patchstack.com/database/wordpress/plugin/postapanduri/vulnerability/wordpress-postapanduri-2-1-3-sql-injection-vulnerability?_s_id=cve
CVE-2025-1562 - The Recover WooCommerce Cart Abandonment WordPress plugin is vulnerable to unauthorized plugin installation, allowing attackers to potentially infect a vulnerable site.
Product: FunnelKit Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation
Active Installations: 20,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1562
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/094972e6-7e02-4060-b069-e39c8cde9331?source=cve
Product: RARLAB WinRAR
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-6218
ISC Podcast: https://isc.sans.edu/podcastdetail/9502
NVD References:
- https://www.zerodayinitiative.com/advisories/ZDI-25-409/
Product: Ichano Athome_Ip_Camera_Firmware -
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2017-17761
ISC Diary: https://isc.sans.edu/diary/32062
Product: Mojoomla WPCRM - CRM for Contact form CF7 & WooCommerce
Active Installations: unknown
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24773
Product: Rapyd Payment Extension for WooCommerce
Active Installations: 500+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30618
Product: themeton Spare
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-31919
NVD References: https://patchstack.com/database/wordpress/theme/spare/vulnerability/wordpress-spare-1-7-php-object-injection-vulnerability?_s_id=cve
Product: Ovatheme Events Manager
Active Installations: unknown
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32510
Product: smartiolabs Smart Notification
Active Installations: unknown
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-39479
Product: RexTheme WP VR
Active Installations: unknown
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47452
NVD References: https://patchstack.com/database/wordpress/plugin/wpvr/vulnerability/wordpress-wp-vr-8-5-26-arbitrary-file-upload-vulnerability?_s_id=cve
Product: RomanCode MapSVG
Active Installations: 1,000+
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47559
NVD References: https://patchstack.com/database/wordpress/plugin/mapsvg/vulnerability/wordpress-mapsvg-plugin-8-5-32-arbitrary-file-upload-vulnerability?_s_id=cve
Product: Mojoomla School Management
Active Installations: unknown
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47573
NVD References: https://patchstack.com/database/wordpress/plugin/school-management/vulnerability/wordpress-school-management-system-plugin-92-0-0-sql-injection-vulnerability?_s_id=cve
Product: WP Job Portal wpjobportal
Active Installations: 8,000+
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48274
NVD References: https://patchstack.com/database/wordpress/plugin/wp-job-portal/vulnerability/wordpress-wp-job-portal-2-3-2-sql-injection-vulnerability?_s_id=cve
Product: NasaTheme Flozen
Active Installations: 100+
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49071
NVD References: https://patchstack.com/database/wordpress/theme/flozen-theme/vulnerability/wordpress-flozen-1-5-1-arbitrary-file-upload-vulnerability?_s_id=cve
Product: CRM Perks Integration for Contact Form 7 and Zoho CRM, Bigin
Active Installations: 3,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49330
Product: Merkulove Reformer for Elementor
Active Installations: unknown
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49444
Product: Fastw3b LLC FW Food Menu
Active Installations: unknown
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49447
Product: Adrian Ladó PostaPanduri
Active Installations: 40+
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49452
NVD References: https://patchstack.com/database/wordpress/plugin/postapanduri/vulnerability/wordpress-postapanduri-2-1-3-sql-injection-vulnerability?_s_id=cve
Product: FunnelKit Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation
Active Installations: 20,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1562
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/094972e6-7e02-4060-b069-e39c8cde9331?source=cve
Imagine one platform consolidating your asset inventory, security controls, vulnerabilities, exposures, and threat intel so you can effectively manage cyber risk. Stop imagining, and start using Sevco toGain visibility across your entire attack surfacePrioritize the vulnerabilities that matterStreamline your cross-functional remediationTake this self-guided tour to learn more.
Webcast Event | SANS Utilities Forum | Tuesday, 26 August 2025 9:00AM ESTCyber threats to power, water, and critical systems are escalating. Join security leaders and practitioners to explore how OT and IT teams are working together to defend essential infrastructure. Sector-wide alignment. Reserve your spot
Webcast Event | SANS Utilities Forum | Tuesday, 26 August 2025 9:00AM ESTCyber threats to power, water, and critical systems are escalating. Join security leaders and practitioners to explore how OT and IT teams are working together to defend essential infrastructure. Sector-wide alignment. Reserve your spot
Webcast Event | SANS Utilities Forum | Tuesday, 26 August 2025 9:00AM ESTCyber threats to power, water, and critical systems are escalating. Join security leaders and practitioners to explore how OT and IT teams are working together to defend essential infrastructure. Sector-wide alignment. Reserve your spot