SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
Microsoft Patch Tuesday, July 2025
Published: 2025-07-08
Last Updated: 2025-07-08 18:24:33 UTC
by Johannes Ullrich (Version: 1)
Today, Microsoft released patches for 130 Microsoft vulnerabilities and 9 additional vulnerabilities not part of Microsoft's portfolio but distributed by Microsoft. 14 of these are rated critical. Only one of the vulnerabilities was disclosed before being patched, and none of the vulnerabilities have so far been exploited.
Noteworthy Vulnerabilities:
CVE-2025-49695 and CVE-2025-49696: Both vulnerabilities affect Microsoft Office, are rated critical, and are considered "more likely" to be exploited by Microsoft. These issues do not require user interaction, so the user does not need to open a document. The exploit could be triggered via the preview pane. Macs are affected as well, but a patch is currently only available for Windows.
- https://nvd.nist.gov/vuln/detail/CVE-2025-49695
- https://nvd.nist.gov/vuln/detail/CVE-2025-49696
CVE-2025-49719: This vulnerability has already been made public. It does allow for information disclosure on a Microsoft SQL Server. To patch, you must patch the OLE DB Driver.
- https://nvd.nist.gov/vuln/detail/CVE-2025-49719
CVE-2025-49717: Exploitation is considered less likely for this vulnerability. But if exploited, it would allow code execution via a Microsoft SQL Server. Take this as additional motivation not to expose SQL servers.
- https://nvd.nist.gov/vuln/detail/CVE-2025-49717
CVE-2025-49704: I consider this vulnerability interesting as it appears to allow command/code injection in SharePoint. However, an attacker has to be authenticated to take advantage of this vulnerability.
- https://nvd.nist.gov/vuln/detail/CVE-2025-49704
Read the full entry: https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+July+2025/32088/
What's My (File)Name? (2025.07.07)
https://isc.sans.edu/diary/Whats+My+FileName/32084/
A few interesting and notable ssh/telnet usernames (2025.07.06)
https://isc.sans.edu/diary/A+few+interesting+and+notable+sshtelnet+usernames/32080/
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.
CVE-2024-8963 - Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.
Product: Ivanti CSA
CVSS Score: 0
** KEV since 2024-09-19 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8963
ISC Podcast: https://isc.sans.edu/podcastdetail/9516
CVE-2024-9380 - Ivanti CSA before version 5.0.2 is vulnerable to OS command injection in the admin web console, enabling a remote authenticated attacker to execute remote code with admin privileges.
Product: Ivanti CSA
CVSS Score: 0
** KEV since 2024-10-09 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9380
ISC Podcast: https://isc.sans.edu/podcastdetail/9516
CVE-2025-47981 - Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network.
Product: Microsoft Windows SPNEGO Extended Negotiation
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47981
ISC Diary: https://isc.sans.edu/diary/32088
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47981
CVE-2025-5777 - Insufficient input validation leading to memory overread on the NetScaler Management Interface NetScaler ADC and NetScaler Gateway
Product: NetScaler ADC and NetScaler Gateway
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-5777
ISC Podcast: https://isc.sans.edu/podcastdetail/9514
CVE-2025-53095 - Sunshine is vulnerable to Cross-Site Request Forgery attacks prior to version 2025.628.4510, allowing an attacker to execute arbitrary commands with Administrator privileges.
Product: Sunshine Moonlight
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-53095
NVD References: https://github.com/LizardByte/Sunshine/security/advisories/GHSA-39hj-fxvw-758m
CVE-2025-41648 - IndustrialPI is vulnerable to remote attackers bypassing login and accessing and changing all device settings.
Product: IndustrialPI web application
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-41648
NVD References: https://certvde.com/en/advisories/VDE-2025-039
CVE-2025-41656 - Node_RED has an unauthenticated remote code execution vulnerability due to lack of default authentication configuration.
Product: Node-RED server
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-41656
NVD References: https://certvde.com/en/advisories/VDE-2025-045
CVE-2025-45872 - zrlog v3.1.5 was discovered to contain a Server-Side Request Forgery (SSRF) via the downloadUrl parameter.
Product: zrlog v3.1.5
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-45872
CVE-2025-37099 - A remote code execution vulnerability exists in HPE Insight Remote Support (IRS) prior to v7.15.0.646.
Product: HPE Insight Remote Support
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-37099
NVD References: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04878en_us&docLocale=en_US
CVE-2025-37103 - HPE Networking Instant On Access Points contain hard-coded login credentials, enabling unauthorized access and potential administrative control by remote attackers.
Product: HPE Networking Instant On Access Points
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-37103
NVD References: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04894en_us&docLocale=en_US
CVE-2025-53104 - gluestack-ui had a command injection vulnerability in the discussion-to-slack.yml GitHub Actions workflow prior to commit e6b4271.
Product: NativeWind gluestack-ui
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-53104
NVD References: https://github.com/gluestack/gluestack-ui/security/advisories/GHSA-432r-9455-7f9x
CVE-2025-45006 - Open-Source RISC-V Processor commit f517abb may enable physical memory access attacks due to improper retention of non-zero mstatus.SUM bit violating privileged spec constraints.
Product: Open-Souce RISC-V Processor commit f517abb
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-45006
CVE-2025-52101 - Linjiashop versions less than 0.9 are vulnerable to Incorrect Access Control, allowing attackers to bypass authentication and access encrypted passwords and salts through brute-force cracking.
Product: linjiashop
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-52101
CVE-2025-20309 - Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) have a vulnerability that allows an unauthenticated, remote attacker to log in to affected devices using default, static credentials for the root account.
Product: Cisco Unified Communications Manager
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-20309
NVD References: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssh-m4UBdpE7
CVE-2025-45814 - NS3000 v8.1.1.125110, v7.2.8.124852, and v7.x and NS2000 v7.02.08 are vulnerable to session hijacking due to missing authentication checks in the query.fcgi endpoint.
Product: NetScaler NS2000
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-45814
CVE-2025-45813 - ENENSYS IPGuard v2 2.10.0 was discovered to contain hardcoded credentials.
Product: ENENSYS IPGuard
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-45813
CVE-2025-53599 - Whale browser for iOS before 3.9.1.4206 is vulnerable to malicious script execution through a crafted javascript scheme.
Product: Whale browser for iOS
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-53599
CVE-2025-53484 - Mediawiki - SecurePoll extension allows attackers to inject JavaScript and compromise user sessions by not properly escaping user-controlled inputs in VotePage.php (poll option input), ResultPage::getPagesTab(), and getErrorsTab().
Product: Mediawiki SecurePoll extension
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-53484
CVE-2025-53495 and CVE-2025-53499 - Mediawiki - AbuseFilter Extension in Wikimedia Foundation allows Unauthorized Access due to Missing Authorization vulnerability.
Product: Mediawiki - AbuseFilter Extension
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-53495
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-53499
CVE-2025-48952 - NetAlertX is susceptible to a authentication bypass vulnerability in versions prior to 25.6.7, allowing users to bypass password verification using SHA-256 magic hashes.
Product: NetAlertX presence scanner
CVSS Score: 9.4
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48952
CVE-2025-26850 - Quest KACE Systems Management Appliance (SMA) before 14.0.97 and 14.1.x before 14.1.19 allows privilege escalation on managed systems.
Product: Quest KACE Systems Management Appliance (SMA)
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26850
CVE-2025-41672 - The vulnerable product allows a remote unauthenticated attacker to gain full access by using default certificates to generate JWT Tokens.
Product: Honeywell Enterprise Building Integrator (EBI)
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-41672
NVD References: https://cert.vde.com/en/advisories/VDE-2025-057
NVD References: https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-057.json
CVE-2025-3626 - Frauscher Sensortechnik FDS101, FDS-SNMP101 and FDS102 for FAdC/FAdCi R2 and all previous versions are vulnerable to OS Command Injection via malicious configuration file.
Product: Frauscher Sensortechnik FDS101, FDS-SNMP101 and FDS102 for FAdC/FAdCi R2
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-3626
NVD References: https://certvde.com/en/advisories/VDE-2025-030
CVE-2025-43930 - Hashview 0.8.1 is vulnerable to account takeover through the password reset feature due to a lack of configuration for SERVER_NAME, allowing resets based on the Host HTTP header.
Product: Hashview 0.8.1
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43930
CVE-2025-43931 - Flask-boilerplate through a170e7c is vulnerable to account takeover via password reset due to unconfigured SERVER_NAME allowing an attacker to manipulate the Host HTTP header.
Product: Flask-Boilerplate
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43931
NVD References: https://gist.github.com/BrookeYangRui/19fcc6c19df7bb4d8437476c609a6129
CVE-2025-43932 - JobCenter is vulnerable to account takeover through the password reset feature due to SERVER_NAME not being configured, allowing a reset based on the Host HTTP header.
Product: JobCenter 7e7b0b2
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43932
CVE-2025-43933 - fblog is vulnerable to an account takeover through password reset due to missing SERVER_NAME configuration allowing a reset based on the Host HTTP header.
Product: fblog 983bede
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43933
CVE-2025-45065 - Employee record management system in php and mysql v1 contains a SQL injection vulnerability via the loginerms.php endpoint.
Product: PHP employee record management system
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-45065
CVE-2025-45479 - Educoder challenges v1.0 has insufficient security mechanisms in containers, allowing attackers to execute arbitrary code by injecting crafted content.
Product: Educoder challenges v1.0
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-45479
CVE-2025-47202 - Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400 are vulnerable to out-of-bounds writes due to a lack of length check in RRC.
Product: Samsung Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47202
NVD References: https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-47202/
CVE-2024-25176 - LuaJIT through 2.1 has a stack-buffer-overflow in lj_strfmt_wfnum in lj_strfmt_num.c.
Product: LuaJIT
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-25176
CVE-2024-25178 - LuaJIT through 2.1 has an out-of-bounds read in the stack-overflow handler in lj_state.c
Product: LuaJIT
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-25178
CVE-2025-53529 - WeGIA is vulnerable to an SQL Injection in profile_funcionario.php, allowing unauthenticated attackers to inject SQL commands.
Product: WeGIA web manager for charitable institutions
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-53529
CVE-2025-42963 - SAP NetWeaver Application server for Java Log Viewer allows authenticated administrators to exploit unsafe Java object deserialization, enabling full operating system compromise and granting attackers complete control over the affected system, severely impacting confidentiality, integrity, and availability.
Product: SAP NetWeaver Application server
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-42963
NVD References: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/july-2025.html
CVE-2025-42964 - SAP NetWeaver Enterprise Portal Administration is vulnerable to content upload attacks that could compromise system security.
Product: SAP NetWeaver Enterprise Portal Administration
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-42964
NVD References: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/july-2025.html
CVE-2025-42966 - SAP NetWeaver XML Data Archiving Service is vulnerable to an insecure Java deserialization issue, potentially enabling an authenticated attacker with administrative privileges to compromise the confidentiality, integrity, and availability of the application.
Product: SAP NetWeaver XML Data Archiving Service
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-42966
NVD References: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/july-2025.html
CVE-2025-42967 - SAP S/4HANA and SAP SCM Characteristic Propagation allows remote code execution, granting attackers full control of the system and compromising the confidentiality, integrity, and availability of the application.
Product: SAP S/4HANA
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-42967
NVD References: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/july-2025.html
CVE-2025-NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-20680 - SAP NetWeaver Enterprise Portal Federated Portal Network is vulnerable to a potential compromise of confidentiality, integrity, and availability when a privileged user uploads untrusted or malicious content.
Product: SAP NetWeaver Enterprise Portal
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-42980
NVD References: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/july-2025.html
CVE-2025-20680 through CVE-2025-20684 - Multiple out-of-bounds write vulnerabilities.
Product: MediaTek Smartphone, Tablet, AIoT, Smart display, Smart platform, OTT, Computer Vision, Audio, and TV chipsets
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-20680
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-20681
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-20682
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-20683
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-20684
NVD References: https://corp.mediatek.com/product-security-bulletin/July-2025
CVE-2025-25270 - Phoenix Contact CHARX SEC-3xxx charging controllers are vulnerable to remote code execution as root due to unauthorized configuration alterations by a remote attacker.
Product: CHARX SEC-3xxx charging controllers
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-25270
NVD References: https://certvde.com/de/advisories/VDE-2025-019
CVE-2025-40736 - SINEC NMS (All versions < V4.0) allows unauthorized modification of administrative credentials, potentially granting full control to unauthenticated attackers.
Product: Siemens SINEC NMS
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-40736
NVD References: https://cert-portal.siemens.com/productcert/html/ssa-078892.html
CVE-2025-21450 - Cryptographic issue occurs due to use of insecure connection method while downloading.
Product: Qualcomm
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21450
NVD References: https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2025-bulletin.html
CVE-2025-49695 - Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Product: Microsoft Office
CVSS Score: 8.4
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49695
ISC Diary: https://isc.sans.edu/diary/32088
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49695
CVE-2025-49696 - Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.
Product: Microsoft Office
CVSS Score: 8.4
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49696
ISC Diary: https://isc.sans.edu/diary/32088
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49696
CVE-2025-49704 - Microsoft Office SharePoint is vulnerable to code injection, allowing attackers to execute code remotely.
Product: Microsoft Office SharePoint
CVSS Score: 8.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49704
ISC Diary: https://isc.sans.edu/diary/32088
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49704
CVE-2025-49717 - Heap-based buffer overflow in SQL Server allows an authorized attacker to execute code over a network.
Product: Microsoft SQL Server
CVSS Score: 8.5
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49717
ISC Diary: https://isc.sans.edu/diary/32088
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49717
CVE-2025-49719 - Improper input validation in SQL Server allows an unauthorized attacker to disclose information over a network.
Product: Microsoft SQL Server
CVSS Score: 7.5
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49719
ISC Diary: https://isc.sans.edu/diary/32088
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49719
CVE-2025-48384 - Git has a vulnerability that allows for unintentional execution of post-checkout hooks due to a trailing carriage return issue, fixed in versions v2.43.7 and above.
Product: Git
CVSS Score: 8.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48384
ISC Diary: https://isc.sans.edu/diary/32088
NVD References: https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9
CVE-2025-48386 - Git has a vulnerability in the wincred credential helper that could lead to buffer overflows if not properly fixed in versions v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.
Product: Git wincred credential helper
CVSS Score: 6.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48386
ISC Diary: https://isc.sans.edu/diary/32088
NVD References: https://github.com/git/git/security/advisories/GHSA-4v56-3xvj-xvfr
CVE-2025-49535 - ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an XXE vulnerability allowing for a security feature bypass, leading to potential information disclosure or denial of service attacks.
Product: Adobe ColdFusion
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49535
NVD References: https://helpx.adobe.com/security/products/coldfusion/apsb25-69.html
CVE-2025-27203 - Adobe Connect versions 24.0 and earlier are vulnerable to a Deserialization of Untrusted Data flaw allowing attackers to execute arbitrary code through user interaction.
Product: Adobe Connect
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27203
NVD References: https://helpx.adobe.com/security/products/connect/apsb25-61.html
CVE-2025-49533 - Adobe Experience Manager versions 6.5.23.0 and earlier are vulnerable to arbitrary code execution due to a Deserialization of Untrusted Data flaw, without requiring user interaction.
Product: Adobe Experience Manager (MS)
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49533
NVD References: https://helpx.adobe.com/security/products/aem-forms/apsb25-67.html
CVE-2025-7206 - D-Link DIR-825 2.10 is vulnerable to a critical remote stack-based buffer overflow in its httpd component, allowing for attacks if the Language argument is manipulated, but only affects unsupported products.
Product: D-Link DIR-825
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-7206
CVE-2025-6934 - The Opal Estate Pro plugin for WordPress allows unauthenticated attackers to escalate privileges by bypassing role restrictions during registration.
Product: Opal Estate Pro Property Management and Submission plugin for WordPress
Active Installations: This plugin has been closed as of May 17, 2024 and is not available for download. Reason: Security Issue.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-6934
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/5d7b75a4-67b4-4347-91a6-dbf98da5ceaf?source=cve
CVE-2025-49029 - bitto.Kazi Custom Login And Signup Widget is vulnerable to Code Injection, allowing attackers to execute malicious code.
Product: bitto Kazi Custom Login And Signup Widget
Active Installations: unknown
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49029
CVE-2025-4689 - The Ads Pro Plugin for WordPress is vulnerable to Local File Inclusion and SQL Injection, enabling unauthenticated attackers to execute code on the server and upload image files that can be fetched and executed as PHP code.
Product: Scripteo Ads Pro
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4689
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/038ddfcd-093b-4234-a0b8-a3bf9a3d329f?source=cve
CVE-2025-5746 - The Drag and Drop Multiple File Upload (Pro) - WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads allowing unauthenticated attackers to potentially execute remote code on the affected site's server.
Product: WooCommerce Drag and Drop Multiple File Upload (Pro)
Active Installations: 6,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-5746
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/3c1f625e-4456-45e4-8a7f-809b22edb66b?source=cve
CVE-2024-13786 - The education theme for WordPress is vulnerable to PHP Object Injection up to version 3.6.10, allowing unauthenticated attackers to potentially inject a PHP Object via deserialization of untrusted input in the 'themerex_callback_view_more_posts' function.
Product: WordPress Education theme
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13786
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/d0b27bc8-617a-4f98-954f-e49f87dca311?source=cve
CVE-2025-23968 - AiBud WP allows unrestricted upload of dangerous file types, enabling the potential upload of a web shell and compromising the web server, affecting versions from n/a through 1.8.5.
Product: WPCenter AiBud WP
Active Installations: 4,000+
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-23968
CVE-2025-28951 - Bulk Featured Image plugin in CreedAlly allows attackers to upload a web shell to a web server through unrestricted file uploads.
Product: CreedAlly Bulk Featured Image
Active Installations: 900+
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-28951
CVE-2025-23970 - Service Finder Booking: Incorrect Privilege Assignment vulnerability in aonetheme allows Privilege Escalation from n/a through 6.0.
Product: aonetheme Service Finder Booking
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-23970
CVE-2025-28983 - Click & Pledge Connect is vulnerable to SQL Injection, leading to Privilege Escalation from version 25.04010101 through WP6.8.
Product: Click & Pledge Connect
Active Installations: 200+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-28983
CVE-2025-30933 - LogisticsHub version n/a through 1.1.6 allows unrestricted upload of dangerous file types, enabling attackers to upload web shells to the server.
Product: LiquidThemes LogisticsHub
Active Installations: unknown
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30933
CVE-2025-49414 - FW Gallery allows the unrestricted upload of dangerous file types, making it vulnerable to malicious files from n/a through 8.0.0.
Product: Fastw3b LLC FW Gallery
Active Installations: This plugin has been closed as of April 8, 2025 and is not available for download. Reason: Guideline Violation.
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49414
CVE-2025-49417 - BestWpDeveloper WooCommerce Product Multi-Action is vulnerable to Object Injection through the deserialization of untrusted data in versions from n/a through 1.3.
Product: BestWpDeveloper WooCommerce Product Multi-Action
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49417
CVE-2025-49867 - Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes allows Privilege Escalation. This issue affects RealHomes: from n/a through 4.4.0.
Product: InspiryThemes RealHomes
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49867
NVD References: https://patchstack.com/database/wordpress/theme/realhomes/vulnerability/wordpress-realhomes-4-4-0-privilege-escalation-vulnerability?_s_id=cve
CVE-2025-52831 - Video List Manager is vulnerable to SQL Injection from version n/a through 1.7, allowing attackers to manipulate SQL commands.
Product: thanhtungtnt Video List Manager
Active Installations: unknown
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-52831
CVE-2025-52832 - NGG Smart Image Search allows SQL Injection via improper neutralization of special elements in SQL commands, affecting versions up to 3.4.1.
Product: wpo-HR NGG Smart Image Search
Active Installations: 500+
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-52832
CVE-2025-4828 - The Support Board plugin for WordPress is vulnerable to arbitrary file deletion, allowing attackers to delete files on the server and potentially execute remote code.
Product: WordPress Support Board plugin
Active Installations: 200+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4828
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/33989611-8640-4c33-a34e-14f10cd7286d?source=cve
CVE-2025-4855 - The Support Board plugin for WordPress is susceptible to unauthorized data access and manipulation due to hardcoded default secrets, potentially allowing unauthenticated attackers to execute arbitrary actions and exploit CVE-2025-4828.
Product: WordPress Support Board plugin
Active Installations: 200+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4855
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/afd48bc8-d490-4a3e-97fc-70cf008cbf66?source=cve
Vulnerability prioritization should be unique to every organization. A critical vulnerability for your competitor may not have the same relevance for you. CVSS, EPSS, and KEV are helpful, but most organizations need to overlay their own business context and asset criticality to truly prioritize vulnerabilities. Do your VM tools do this for you? See how better data enables better decisions.
Survey | 2025 SANS Detection & Response Survey How effective is your detection strategy? Tell us how your team identifies and responds to threats — and see how your approach compares to others in the industry. Take the survey now and be entered to win a $100 gift card.
Read the SANS Product Review to discover how Corellium automates Mobile Application Security Testing to maximize productivity and cost savings – without sacrificing quality.
Webcast | AI-Driven SecOps: Unifying Controls, Automating Response, and Advancing the Modern SOC using Palo Alto’s XSIAM | Thursday, July 31 at 10AM ET Join us on July 31 to explore how AI and automation are transforming modern security operations. Learn how XSIAM helps teams prioritize threats, streamline investigations, and auto-remediate incidents — all from a unified platform.