Internet Storm Center Spotlight


INTERNET STORM CENTER SPOTLIGHT

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

Partial ZIP File Downloads

Published: 2025-01-20.

Last Updated: 2025-01-20 07:27:48 UTC

by Didier Stevens (Version: 1)

Say you want a file that is inside a huge online ZIP file (several gigabytes large). Downloading the complete ZIP file would take too long.

If the HTTP server supports the range header, you can do the following:

We will work with my DidierStevensSuite.zip file as an example (it's 13MB in size, not several GBs, but the principle remains te same).

First, with a HEAD HTTP request, we figure out the ZIP file size ...

The size of the ZIP file is 13189336 bytes.

The end of a ZIP file contains a series of DIR records that compose the directory of files (and directories) contained inside the ZIP file. This directory is usually small, compared to the file size, so we will do a partial download starting at position 13000000.

This can be done with the curl range option: this will add a header that specifies the range we want to download ...

Next we use my zipdump.py tool to parse the ZIP records (-f l) inside the partial ZIP download like this ...

Read the full entry: https://isc.sans.edu/diary/Partial+ZIP+File+Downloads/31608/

Geolocation and Starlink

Published: 2025-01-21.

Last Updated: 2025-01-21 15:40:20 UTC

by Johannes Ullrich (Version: 1)

Until now, satellite internet access has been more of a niche solution for internet access. But with the wide availability of Starlink, this is changing. Starlink's performance and price are competitive for many rural users to forgo solutions like cellular or slower DSL speeds if they are available at all.

Starlink offers a substantially different type of service from most "traditional" satellite networks. Traditional satellite networks use a small number of satellites in high orbits, connecting to a handful of ground stations. The ground station issues the IP address, and each ground station may cover a large geographic area, often exceeding individual countries. The IP address of a satellite user identifies the ground station location, not the user's location. Starlink, on the other hand, uses satellites in low earth orbit. The network can forward traffic among satellites, but typically, the satellite will attempt to pass the traffic to the closest base station in view. Due to the low orbit, each satellite only "sees" a relatively small area, and the ground station is usually within a couple hundred miles of the user.

It appears that Starlink is using AS 14593 and 27277. The first one is the one that is used for customer traffic. The second one seems to be used for the internal corporate network.

AS 14593 advertises 696 different prefixes [HE]. Most are small (/23 and /24). This is typical for a newer company like SpaceX that had to "cobble together" IP address space and couldn't get a large allocation. Starlink does not offer a publicly routable address to customers for regular consumer plans. Instead, it uses "carrier-grade NAT". The customer will receive a 100.64.0.0/10 address per RFC 6598 [CGNAT]. By default, the Starlink router will issue 192.168/16 addresses to the user's equipment unless the router is configured in bridge mode (or bypass mode).

The CGNAT address is later translated to a publicly routable address at the ground station. Starlink does support PTR records for its customer IPs and uses the following hostname scheme:

customer.[ground station identifier].pop.starlinkisp.net

Forward resolution for these hostnames does not work. This is likely configured to avoid issues with customers attempting to run mail servers. The "ground stations identifier" appears to follow the following format:

4 digits: City identifier

3 digits: Region (Country or the State, followed by 'X', for US-based ground stations)

1 digit: number

For example ...

Read the full entry: https://isc.sans.edu/diary/Geolocation+and+Starlink/31612/

Internet Storm Center Entries


Zero Trust and Entra ID Conditional Access (2025.01.19)

https://isc.sans.edu/diary/Zero+Trust+and+Entra+ID+Conditional+Access/31602/

New tool: immutable.py (2025.01.18)

https://isc.sans.edu/diary/New+tool+immutablepy/31598/

Leveraging Honeypot Data for Offensive Security Operations [Guest Diary] (2025.01.17)

https://isc.sans.edu/diary/Leveraging+Honeypot+Data+for+Offensive+Security+Operations+Guest+Diary/31596/

Extracting Practical Observations from Impractical Datasets (2025.01.16)

https://isc.sans.edu/diary/Extracting+Practical+Observations+from+Impractical+Datasets/31582/

Recent CVEs


The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

CVE-2024-55591 - FortiOS and FortiProxy versions 7.0.0 through 7.0.16 and 7.2.0 through 7.2.12 are vulnerable to an Authentication Bypass Using an Alternate Path or Channel (CWE-288) that allows remote attackers to gain super-admin privileges via crafted requests to Node.js websocket module.

Product: Fortinet FortiProxy

CVSS Score: 9.8

** KEV since 2025-01-14 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55591

ISC Podcast: https://isc.sans.edu/podcastdetail/9280

NVD References: https://fortiguard.fortinet.com/psirt/FG-IR-24-535

CVE-2023-37936 - Fortinet FortiSwitch versions 6.0.0 through 7.4.0 are vulnerable to unauthorized code execution due to the use of hard-coded cryptographic keys.

Product: Fortinet FortiSwitch

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37936

NVD References: https://fortiguard.com/psirt/FG-IR-23-260

CVE-2024-47572 - Fortinet FortiSOAR 7.2.1 through 7.4.1 is vulnerable to unauthorized code execution via manipulation of csv files.

Product: Fortinet FortiSOAR

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47572

NVD References: https://fortiguard.fortinet.com/psirt/FG-IR-24-210

CVE-2024-48886 - Fortinet FortiOS, FortiProxy, FortiManager, FortiManager Cloud, FortiAnalyzer Cloud are vulnerable to unauthorized code execution via weak authentication, allowing attackers to exploit with brute-force attacks.

Product: Fortinet FortiOS

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48886

NVD References: https://fortiguard.fortinet.com/psirt/FG-IR-24-221

CVE-2024-7344 - Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path.

Product: Cs-Grp Neo Impact

CVSS Score: 8.2

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7344

ISC Podcast: https://isc.sans.edu/podcastdetail/9286

NVD References:

- https://uefi.org/revocationlistfile

- https://uefi.org/specs/UEFI/2.10/03_Boot_Manager.html

- https://uefi.org/specs/UEFI/2.10/32_Secure_Boot_and_Driver_Signing.html

- https://www.eset.com/blog/enterprise/preparing-for-uefi-bootkits-eset-discovery-shows-the-importance-of-cyber-intelligence/

- https://www.kb.cert.org/vuls/id/529659

- https://www.kb.cert.org/vuls/id/529659

- https://www.welivesecurity.com/en/eset-research/under-cloak-uefi-secure-boot-introducing-cve-2024-7344/

CVE-2025-21333, CVE-2025-21334, CVE-2025-21335 - Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerabilities

Product: Microsoft Windows 10 21H2

CVSS Score: 7.8

** KEV since 2025-01-14 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21333

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21334

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21335

NVD References:

- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21333

- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21334

- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21335

CVE-2024-12919 - The Paid Membership Subscriptions plugin for WordPress up to version 2.13.7 is vulnerable to Authentication Bypass, allowing unauthenticated attackers with knowledge of a valid payment ID to log in as any user who has made a purchase on the targeted site.

Product: WordPress Paid Membership Subscriptions

Active Installations: 10,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12919

NVD References:

- https://plugins.trac.wordpress.org/changeset/3214706/paid-member-subscriptions

- https://www.wordfence.com/threat-intel/vulnerabilities/id/d3a4fa4d-a7d2-4890-b0f5-5fe69bc5e7ac?source=cve

CVE-2025-20055 - STEALTHONE D220/D340 network storage servers provided by Y'S corporation are vulnerable to OS command injection, allowing attackers to execute arbitrary commands.

Product: Y'S corporation STEALTHONE D220/D340

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-20055

NVD References:

- https://jvn.jp/en/vu/JVNVU99653331/

- https://stealthone.net/product_info/d220-d340%e3%80%8cv6-03-03%e3%80%8d%e5%8f%8a%e3%81%b3d440%e3%80%8cv7-00-11%e3%80%8d%e3%83%95%e3%82%a1%e3%83%bc%e3%83%a0%e3%82%a6%e3%82%a7%e3%82%a2%e3%82%92%e3%83%aa%e3%83%aa%e3%83%bc%e3%82%b9%e8%87%b4/

CVE-2024-21797, CVE-2024-36295, CVE-2024-39370, CVE-2024-39604, CVE-2024-39784, CVE-2024-39785 - Wavlink AC3000 M33A8.V5030.210505 multiple command execution vulnerabilities

Product: Wavlink AC3000

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21797

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-36295

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39370

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39604

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39784

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39785

NVD References:

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2028

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2047

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2031

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2038

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2058

CVE-2024-34166, CVE-2024-34544, CVE-2024-37186, CVE-2024-39360, CVE-2024-39367, CVE-2024-39759 through CVE-2024-39765, CVE-2024-39781 through CVE-2024-39783 - Wavlink AC3000 M33A8.V5030.210505. is vulnerable to an os command injection flaw in touchlist_sync.cgi, allowing for arbitrary code execution via specially crafted HTTP requests.

Product: Wavlink AC3000

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-34166

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-34544

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37186

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39360

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39367

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39759

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39760

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39761

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39762

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39763

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39764

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39765

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39781

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39782

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39783

NVD References:

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2000

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2044

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2032

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2054

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2023

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2018

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2020

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2033

CVE-2024-36258, CVE-2024-36272, CVE-2024-36290, CVE-2024-36493, CVE-2024-37184, CVE-2024-37357, CVE-2024-39288, CVE-2024-39294, CVE-2024-39299, CVE-2024-39357 through CVE-2024-39359, CVE-2024-39603, CVE-2024-39756, CVE-2024-39757, CVE-2024-39768 through CVE-2024-39770, CVE-2024-39774, CVE-2024-39801 through CVE-2024-39803 - Wavlink AC3000 M33A8.V5030.210505.0 buffer overflow vulnerabilities

Product: Wavlink AC3000

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-36258

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-36272

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-36290

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-36493

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37184

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37357

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39288

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39294

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39299

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39357

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39358

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39359

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39603

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39756

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39757

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39768

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39769

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39770

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39774

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39801

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39802

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39803

NVD References:

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2046

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2045

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2019

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2041

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2025

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2029

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2021

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2026

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2048

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2039

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2027

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2040

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2042

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2024

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2043

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2022

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2030

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2049

CVE-2024-38666, CVE-2024-39280, CVE-2024-39602, CVE-2024-39788 through CVE-2024-39790, CVE-2024-39793 through CVE-2024-39795, CVE-2024-39798 through CVE-2024-39800 - Wavlink AC3000 M33A8.V5030.210505 has external config control vulnerabilities

Product: Wavlink AC3000 M33A8

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38666

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39280

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39602

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39788

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39789

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39790

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39793

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39794

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39795

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39798

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39799

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39800

NVD References:

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2051

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2055

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2052

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2056

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2056

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2056

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2053

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2050

CVE-2024-39273 & CVE-2024-39608 - Wavlink AC3000 M33A8.V5030.210505 firmware update vulnerabilities

Product: Wavlink AC3000

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39273

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39608

NVD References:

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2037

- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2036

CVE-2024-39363 - Wavlink AC3000 M33A8.V5030.210505. has a cross-site scripting vulnerability in the login.cgi set_lang_CountryCode() function allowing disclosure of sensitive data via specially crafted HTTP requests.

Product: Wavlink AC3000

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39363

NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2024-2017

CVE-2024-39754 - Wavlink AC3000 M33A8.V5030.210505 static login vulnerability allows an attacker to gain root access by sending specially crafted network packets.

Product: Wavlink AC3000 M33A8

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39754

NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2024-2034

CVE-2024-39786 & CVE-2024-39787 - Wavlink AC3000 M33A8.V5030.210505 directory traversal vulnerabilities

Product: Wavlink AC3000

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39786

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39787

NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2024-2057

CVE-2024-10811, CVE-2024-13159, CVE-2024-13160, CVE-2024-13161 - Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows remote unauthenticated attackers to leak sensitive information via absolute path traversal.

Product: Ivanti EPM

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10811

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13159

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13160

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13161

NVD References: https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6

CVE-2025-21298 - Windows OLE Remote Code Execution Vulnerability

Product: Microsoft Windows

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21298

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21298

CVE-2025-21307 - Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability

Product: Windows Reliable Multicast Transport Driver

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21307

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21307

CVE-2025-21311 - Windows NTLM V1 Elevation of Privilege Vulnerability

Product: Microsoft Windows NTLM

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21311

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21311

CVE-2025-23025 - XWiki Platform's Realtime WYSIWYG Editor extension allows users with edit rights to insert script rendering macros, potentially granting unauthorized access, before being patched in certain versions.

Product: XWiki Platform

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-23025

NVD References:

- https://extensions.xwiki.org/xwiki/bin/view/Extension/CKEditor+Integration#HAdministrationSection

- https://extensions.xwiki.org/xwiki/bin/view/Extension/Realtime%20WYSIWYG%20Editor

- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rmm7-r7wr-xpfg

- https://jira.xwiki.org/browse/XWIKI-21949

CVE-2024-48856 - QNX SDP versions 8.0, 7.1, and 7.0 are vulnerable to an out-of-bounds write in the PCX image codec, which could result in a denial-of-service or code execution by an unauthenticated attacker.

Product: Blackberry QNX Software Development Platform

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48856

NVD References: https://support.blackberry.com/pkb/s/article/140334

CVE-2024-49375 - Rasa, an open source machine learning framework, is vulnerable to Remote Code Execution when a maliciously crafted model is remotely loaded into a Rasa instance with the HTTP API enabled and without proper authentication controls.

Product: Rasa Open source machine learning framework

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49375

NVD References: https://github.com/RasaHQ/rasa-pro-security-advisories/security/advisories/GHSA-cpv4-ggrr-7j9v

CVE-2024-57479 & CVE-2024-57480 - H3C N12 V100R005 buffer overflow vulnerabilities

Product: H3C N12 V100R005

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57479

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57480

NVD References:

- http://h3c.com

- https://gist.github.com/XiaoCurry/c7214be67a44a4a8858c5138ecd05984

- https://gist.github.com/XiaoCurry/16213a4d68f95f17cd0fc2cd07e78a90

CVE-2024-54142 - Discourse AI plugin had a vulnerability where HTML entities from AI Bot conversations could leak into the application, now fixed in commit `92f122c`.

Product: Discourse AI

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54142

NVD References:

- https://github.com/discourse/discourse-ai/commit/92f122c54d9d7ead9223a056270bff5b4c42c73f

- https://github.com/discourse/discourse-ai/security/advisories/GHSA-94c2-qr2h-88jv

CVE-2024-57473 - H3C N12 V100R005 is vulnerable to a buffer overflow in the mac address editing function, allowing remote attackers to crash the device or execute commands by sending a malicious POST request.

Product: H3C N12

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57473

NVD References:

- http://h3c.com

- https://gist.github.com/XiaoCurry/85ae28b7437d24d9c531c970612d3bd8

CVE-2025-23061 - Mongoose before 8.9.5 is vulnerable to search injection through improper use of a nested $where filter with a populate() match.

Product: Mongoose

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-23061

NVD References:

- https://github.com/Automattic/mongoose/blob/master/CHANGELOG.md

- https://github.com/Automattic/mongoose/commit/64a9f9706f2428c49e0cfb8e223065acc645f7bc

- https://github.com/Automattic/mongoose/releases/tag/8.9.5

- https://www.npmjs.com/package/mongoose?activeTab=versions

CVE-2024-9636 - The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation, allowing unauthenticated attackers to register as administrators due to improper user meta restrictions.

Product: The Post Grid Gutenberg Blocks plugin

Active Installations: 40,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9636

NVD References:

- https://plugins.trac.wordpress.org/browser/post-grid/tags/2.2.93/includes/blocks/form-wrap/functions.php#L3200

- https://plugins.trac.wordpress.org/changeset/3117675/post-grid/trunk/includes/blocks/form-wrap/functions.php

- https://plugins.trac.wordpress.org/changeset/3221012/post-grid/trunk/includes/blocks/form-wrap/functions.php

- https://www.wordfence.com/threat-intel/vulnerabilities/id/1bbe01b8-24ed-4e1e-bafc-0f4dea96c1f3?source=cve

CVE-2024-12084 - Rsync daemon contains a heap-based buffer overflow vulnerability due to improper handling of attacker-controlled checksum lengths in the code.

Product: Rsync

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12084

NVD References:

- https://access.redhat.com/security/cve/CVE-2024-12084

- https://bugzilla.redhat.com/show_bug.cgi?id=2330527

- https://kb.cert.org/vuls/id/952657

- http://www.openwall.com/lists/oss-security/2025/01/14/6

CVE-2025-22968 - D-Link DWR-M972V 1.05SSG is vulnerable to remote code execution via SSH with root privileges.

Product: D-Link DWR-M972V

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22968

NVD References:

- https://github.com/CRUNZEX/CVE-2025-22968

- https://github.com/CRUNZEX/CVE-DLINK-LTE

- https://www.dlink.com/en/security-bulletin/

CVE-2024-57011 through CVE-2024-57022 - TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain multiple OS command injection vulnerabilities

Product: TOTOLINK X5000R

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57011

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57012

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57013

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57014

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57015

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57016

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57017

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57018

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57019

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57020

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57021

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57022

NVD References:

- https://github.com/tiger5671/Vulnerabilities/blob/main/TOTOLINK%20X5000R/setScheduleCfg/setScheduleCfg.md

- https://www.totolink.net/

CVE-2024-44136 - iOS and iPadOS versions prior to 17.5 are vulnerable to a flaw allowing attackers with physical access to disable Stolen Device Protection.

Product: Apple iOS

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44136

NVD References: https://support.apple.com/en-us/120905

CVE-2025-22146 - Sentry's SAML SSO implementation contains a critical vulnerability that could allow an attacker to take over any user account on the same instance with a malicious SAML Identity Provider and knowledge of the victim's email address.

Product: Sentry SAML SSO implementation

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22146

NVD References:

- https://github.com/getsentry/sentry/pull/83407

- https://github.com/getsentry/sentry/security/advisories/GHSA-7pq6-v88g-wf3w

CVE-2024-48126 - HI-SCAN 6040i Hitrax HX-03-19-I was discovered to contain hardcoded credentials for access to vendor support and service access.

Product: Hitrax HI-SCAN 6040i

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48126

NVD References: https://kth.diva-portal.org/smash/get/diva2:1876534/FULLTEXT01.pdf

CVE-2025-0455 - The airPASS from NetVision Information is vulnerable to SQL Injection, enabling remote attackers to manipulate database information.

Product: NetVision Information airPASS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-0455

NVD References:

- https://www.twcert.org.tw/en/cp-139-8358-143bc-2.html

- https://www.twcert.org.tw/tw/cp-132-8357-28308-1.html

CVE-2025-0456 - The airPASS from NetVision Information has a Missing Authentication vulnerability that allows unauthenticated remote attackers to access specific administrative functionality and retrieve all accounts and passwords.

Product: NetVision Information airPASS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-0456

NVD References:

- https://www.twcert.org.tw/en/cp-139-8360-e97b8-2.html

- https://www.twcert.org.tw/tw/cp-132-8359-53aa7-1.html

CVE-2025-22904, CVE-2025-22907, CVE-2025-22913, CVE-2025-22916 - RE11S v1.11 was discovered to contain stack overflow vulnerabilities

Product: RE11S v1.11

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22904

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22907

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22913

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22916

NVD References:

- http://re11s.com

- https://github.com/xyqer1/RE11S_1.11-setWAN-3-StackOverflow

- https://github.com/xyqer1/RE11S_1.11-formWlSiteSurvey-StackOverflow

- https://github.com/xyqer1/RE11S_1.11-formStaDrvSetup-StackOverflow

- https://github.com/xyqer1/RE11S_1.11-formPPPoESetup-StackOverflow

- https://www.edimax.com/edimax/global/

CVE-2025-22905, CVE-2025-22906, CVE-2025-22912 - RE11S v1.11 was discovered to contain command injection vulnerabilities

Product: RE11S v1.11

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22905

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22906

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22912

NVD References:

- http://re11s.com

- https://github.com/xyqer1/RE11S_1.11-mp-CommandInjection

- https://github.com/xyqer1/RE11S_1.11-setWAN-CommandInjection

- https://github.com/xyqer1/RE11S_1.11-formAccept-CommandInjection

- https://www.edimax.com/edimax/global/

CVE-2025-0471 - PMB platform is vulnerable to unrestricted file uploading, allowing attackers to gain remote access and execute commands on machines running versions 4.0.10 and above.

Product: PMB platform

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-0471

NVD References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-pmb-platform

CVE-2024-57768 - JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component validRoleKey?sysRole.key.

Product: JFinalOA

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57768

NVD References: https://gitee.com/r1bbit/JFinalOA/issues/IBHUMT

CVE-2024-57684 - D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows attackers to set the DMZ service without authentication.

Product: D-Link 816A2_FWv1.10CNB05_R1B011D88210

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57684

NVD References:

- https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/formDMZ.md

- https://www.dlink.com/en/security-bulletin/

CVE-2024-57483 - Tenda i24 V2.0.0.5 is vulnerable to Buffer Overflow in the addWifiMacFilter function.

Product: Tenda i24

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57483

NVD References:

- http://tenda.com

- https://gist.github.com/XiaoCurry/7dd5c6ab5af9df49883535b997cef7a4

CVE-2024-57579 through CVE-2024-57582 - Tenda AC18 V15.03.05.19 was discovered to contain multiple stack overflow vulnerabilities

Product: Tenda AC18

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57579

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57580

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57581

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57582

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57583

NVD References:

- https://github.com/qijiale/Tenda/tree/main/6

- https://github.com/qijiale/Tenda/tree/main/7

- https://github.com/qijiale/Tenda/tree/main/8

- https://github.com/qijiale/Tenda/tree/main/9

CVE-2025-23797 - WP Options Editor has a CSRF vulnerability that allows Privilege Escalation from version n/a through 1.1.

Product: Mike Selander WP Options Editor

Active Installations: This plugin has been closed as of December 5, 2024 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-23797

NVD References: https://patchstack.com/database/wordpress/plugin/wp-options-editor/vulnerability/wordpress-wp-options-editor-plugin-1-1-csrf-to-privilege-escalation-vulnerability?_s_id=cve

CVE-2025-23922 - iSpring Embedder is vulnerable to a CSRF issue that allows attackers to upload a web shell to a web server, affecting versions from n/a through 1.0.

Product: Harsh iSpring Embedder

Active Installations: unknown

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-23922

NVD References: https://patchstack.com/database/wordpress/plugin/embed-ispring/vulnerability/wordpress-ispring-embedder-plugin-1-0-csrf-to-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-57031, CVE-2024-57034 & CVE-2024-57035, CVE-2025-23219 - WeGIA < 3.2.0 is vulnerable to SQL Injection.

Product: WeGIA

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57031

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57034

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57035

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-23219

NVD References:

- https://github.com/nmmorette/vulnerability-research/tree/main/CVE-2024-57031

- https://github.com/nmmorette/vulnerability-research/tree/main/CVE-2024-57034

- https://github.com/nmmorette/vulnerability-research/tree/main/CVE-2024-57035

- https://github.com/nilsonLazarin/WeGIA/issues/827

- https://github.com/LabRedesCefetRJ/WeGIA/commit/ae9c859006143bd0087b3e6e48a0677e1fff5c7e

- https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-h2mg-4c7q-w69v

- https://www.wegia.org

CVE-2024-57032 - WeGIA < 3.2.0 is vulnerable to Incorrect Access Control in controle/control.php, allowing password changes without validating the old password.

Product: WeGIA controle

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57032

NVD References:

- https://github.com/nmmorette/vulnerability-research/blob/main/CVE-2024-57032

- https://www.wegia.org/

CVE-2024-13375 - The Adifier System plugin for WordPress is susceptible to privilege escalation through account takeover, allowing unauthenticated attackers to change passwords and gain unauthorized access to user accounts.

Product: WordPress Adifier System plugin

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13375

NVD References:

- https://themeforest.net/item/adifier-classified-ads-wordpress-theme/21633950

- https://www.wordfence.com/threat-intel/vulnerabilities/id/fbf2aeed-0f18-4ef6-aff8-9e8c4531d789?source=cve

CVE-2024-38337 - IBM Sterling Secure Proxy versions 6.0.0.0 to 6.2.0.0 may allow unauthorized access to sensitive data through incorrect permission settings.

Product: IBM Sterling Secure Proxy

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38337

NVD References: https://www.ibm.com/support/pages/node/7179166

CVE-2024-41783 - IBM Sterling Secure Proxy versions 6.0.0.0 to 6.2.0.0 are vulnerable to command injection by privileged users due to inadequate input validation.

Product: IBM Sterling Secure Proxy

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41783

NVD References: https://www.ibm.com/support/pages/node/7176189

CVE-2025-0585 - The a+HRD from aEnrich Technology is vulnerable to SQL Injection, enabling remote attackers to manipulate database data.

Product: aEnrich Technology a+HRD

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-0585

NVD References:

- https://www.twcert.org.tw/en/cp-139-8373-91edc-2.html

- https://www.twcert.org.tw/tw/cp-132-8372-19721-1.html

CVE-2024-32555 - Easy Real Estate has an Incorrect Privilege Assignment vulnerability allowing Privilege Escalation in versions up to 2.2.6.

Product: Easy Real Estate

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-32555

NVD References: https://patchstack.com/database/wordpress/plugin/easy-real-estate/vulnerability/wordpress-easy-real-estate-plugin-2-2-6-privilege-escalation-vulnerability?_s_id=cve

CVE-2024-49655 - ARPrice is vulnerable to SQL Injection in versions up to 4.0.3, allowing for improper neutralization of special elements in SQL commands.

Product: ARPrice

Active Installations: unknown

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49655

NVD References: https://patchstack.com/database/wordpress/plugin/arprice/vulnerability/wordpress-arprice-plugin-4-0-3-unauthenticated-sql-injection-vulnerability?_s_id=cve

CVE-2024-49688 - Deserialization of Untrusted Data vulnerability in NotFound ARPrice allows Object Injection. This issue affects ARPrice: from n/a through 4.0.3.

Product: ARPrice

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49688

NVD References: https://patchstack.com/database/wordpress/plugin/arprice/vulnerability/wordpress-arprice-plugin-4-0-3-unauthenticated-php-object-injection-vulnerability?_s_id=cve

CVE-2024-51818 - Fancy Product Designer through version 6.4.3 is vulnerable to SQL Injection, allowing attackers to manipulate database queries and potentially extract sensitive information.

Product: Fancy Product Designer

Active Installations: unknown

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51818

NVD References: https://patchstack.com/database/wordpress/plugin/fancy-product-designer/vulnerability/wordpress-fancy-product-designer-plugin-6-4-3-unauthenticated-sql-injection-vulnerability?_s_id=cve

CVE-2024-51888 - Homey Login Register from n/a through 2.4.0 is vulnerable to Incorrect Privilege Assignment, allowing for Privilege Escalation.

Product: Homey Login Register

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51888

NVD References: https://patchstack.com/database/wordpress/plugin/homey-login-register/vulnerability/wordpress-homey-login-register-plugin-2-4-0-privilege-escalation-vulnerability?_s_id=cve

CVE-2024-51919 - Fancy Product Designer allows for unrestricted upload of dangerous file types, impacting versions from n/a to 6.4.3.

Product: Fancy Product Designer

Active Installations: unknown

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51919

NVD References: https://patchstack.com/database/wordpress/plugin/fancy-product-designer/vulnerability/wordpress-fancy-product-designer-plugin-6-4-3-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2025-22553 - Multiple Carousel version n/a through 2.0 is vulnerable to SQL Injection due to improper neutralization of special elements in SQL commands.

Product: Multiple Carousel

Active Installations: unknown

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22553

NVD References: https://patchstack.com/database/wordpress/plugin/multicarousel/vulnerability/wordpress-multiple-carousel-plugin-2-0-sql-injection-vulnerability?_s_id=cve

CVE-2025-22723 - UkrSolution Barcode Scanner with Inventory & Order Manager allows attackers to upload a web shell to a web server due to unrestricted file type upload vulnerability.

Product: UkrSolution Barcode Scanner with Inventory & Order Manager

Active Installations: 1,000+

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22723

NVD References: https://patchstack.com/database/wordpress/plugin/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/vulnerability/wordpress-barcode-scanner-and-inventory-manager-plugin-1-6-7-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-54794 - The script input feature of SpagoBI 3.5.1 allows arbitrary code execution.

Product: SpagoBI

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54794

NVD References: https://github.com/MarioTesoro/CVE-2024-54794

CVE-2025-24024 - Mjolnir v1.9.0 allows unauthorized users to access server administration components if enabled, posing a security risk that is addressed in versions 1.9.1 and 1.9.2.

Product: Matrix Mjolnir

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24024

NVD References:

- https://github.com/matrix-org/mjolnir/commit/b437fa16b5425985715df861987c836affd51eea

- https://github.com/matrix-org/mjolnir/commit/d0ef527a9e3eb45e17143d5295a64b775ccaa23d

- https://github.com/matrix-org/mjolnir/security/advisories/GHSA-3jq6-xc85-m394

CVE-2025-21524 - The vulnerability in JD Edwards EnterpriseOne Tools product of Oracle JD Edwards allows an unauthenticated attacker to compromise the system.

Product: Oracle JD Edwards EnterpriseOne

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21524

NVD References: https://www.oracle.com/security-alerts/cpujan2025.html

CVE-2025-21535 - The Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core) is vulnerable to an easily exploitable vulnerability that allows unauthenticated attackers with network access via T3, IIOP to compromise the server and potentially take over.

Product: Oracle WebLogic Server

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21535

NVD References: https://www.oracle.com/security-alerts/cpujan2025.html

CVE-2025-21547 - Oracle Hospitality OPERA 5 product is vulnerable to an easily exploitable issue that allows unauthenticated attackers to compromise the system, resulting in unauthorized access to critical data and potential denial of service (DOS) attacks.

Product: Oracle Hospitality OPERA 5

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21547

NVD References: https://www.oracle.com/security-alerts/cpujan2025.html

CVE-2025-21556 - The vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain allows a low privileged attacker to compromise the framework via HTTP, potentially leading to a complete takeover with a CVSS score of 9.9.

Product: Oracle Agile PLM Framework

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21556

NVD References: https://www.oracle.com/security-alerts/cpujan2025.html

CVE-2024-13091 - The WPBot Pro Wordpress Chatbot plugin is vulnerable to arbitrary file uploads leading to potential remote code execution.

Product: WPBot Pro WordPress Chatbot

Active Installations: 5,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13091

NVD References:

- https://www.wordfence.com/threat-intel/vulnerabilities/id/0f9b6979-2662-4d2f-9656-b880dd80832c?source=cve

- https://www.wpbot.pro/

The following vulnerability needs a manual review: CVE-2024-12833