The Consensus Security Vulnerability Alert

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

Stealing Machine Keys for fun and profit (or riding the SharePoint wave)

Published: 2025-08-05

Last Updated: 2025-08-05 08:37:39 UTC

by Bojan Zdrnja (Version: 1)

About 10 days ago exploits for Microsoft SharePoint (CVE-2025-53770, CVE-2025-53771) started being publicly abused – we wrote about that at here and here.

The original SharePoint vulnerability is a deserialization vulnerability that allowed an attacker to execute arbitrary commands – while these could be literally anything, majority of exploits that we analyzed resulted in attackers dropping an ASPX file that just revealed the IIS Machine Key to them. This prompted me into diving a bit deeper into how this can be abused.

*What are IIS Machine Keys?*

A Machine Key in IIS and ASP.NET is a configuration setting used to ensure the security and integrity of data exchanged between the server and clients.

Basically, it is responsible for validating and encrypting sensitive data such as VIEWSTATE, cookies, and session state, protecting them from tampering or unauthorized access. An IIS administrator can define specific Machine Key settings – there are many possible ways to configure all of this, but for this diary we will look into VIEWSTATE protection.

VIEWSTATE is a mechanism used in ASP.NET Web Forms to persist the state of controls and page data between postbacks (i.e., between user actions that send the page back to the server). It allows a developer to easily store values of various controls after a form has been submitted. VIEWSTATE is always used by an IIS APS.NET application.

Since VIEWSTATE can hold sensitive information, it should be appropriately protected. And this is where Machine Keys come into the game – they are used by IIS to prevent tampering of VIEWSTATE and (optionally) encrypt its contents.

By default, IIS (even the very latest version on Windows server 2025) will enable VIEWSTATE MAC (Message Authentication Code) validation but will leave encryption on “Auto” which means that it is not used, as shown in the figure below ...

Read the full entry:

https://isc.sans.edu/diary/Stealing+Machine+Keys+for+fun+and+profit+or+riding+the+SharePoint+wave/32174/

New Feature: Daily Trends Report

Published: 2025-08-04

Last Updated: 2025-08-05 02:52:01 UTC

by Johannes Ullrich (Version: 1)

I implemented a new report today, the "Daily Trends" report. It summarizes noteworthy data received from our honeypot. As with everything, it will improve if you provide feedback :)

There are two ways to receive the report:

E-Mail: Sign up at https://isc.sans.edu/notify.html

JSON/HTTP: You may also just download the raw JSON data for the report at https://isc.sans.edu/feeds/trends.json

The sections of the report:

Top 10 newly registered domains, based on our domain score (the higher, the more suspect)

Top 10 URLs: The top 10 newly seen URLs from our web honeypot.

Top 10 New SSH/Telnet usernames: Usernames our Cowrie honeypots have not seen before.

Top 10 Trending ports

The layout will be refined for sure. Let me know I the data is useful.

Can't receive the email? E-mail delivery has always been an issue, which is why we offer the JSON report as well.

Read the full entry: https://isc.sans.edu/diary/New+Feature+Daily+Trends+Report/32170/

Scattered Spider Related Domain Names

Published: 2025-07-31

Last Updated: 2025-07-31 17:56:10 UTC

by Johannes Ullrich (Version: 1)

This week, CISA updated its advisory on Scattered Spider. Scattered Spider is a threat actor using social engineering tricks to access target networks. The techniques used by Scattered Spider replicate those used by other successful actors, such as Lapsus$. Social engineering does not require a lot of technical tools; creativity is key, and defenses have a hard time keeping up with the techniques used by these threat actors.

For this diary, I want to "zoom in" on one update noted in this week's CISA report. CISA noted that Scattered Spider is using the following domain name patterns ...

Read the full entry: https://isc.sans.edu/diary/Scattered+Spider+Related+Domain+Names/32162/

Do sextortion scams still work in 2025? (2025.08.06)

https://isc.sans.edu/diary/Do+sextortion+scams+still+work+in+2025/32178/

Legacy May Kill (2025.08.03)

https://isc.sans.edu/diary/Legacy+May+Kill/32166/

The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

CVE-2025-6558 - Google Chrome prior to 138.0.7204.157 is vulnerable to sandbox escape via crafted HTML pages due to insufficient validation of untrusted input in ANGLE and GPU.

Product: Google Chrome

CVSS Score: 0

** KEV since 2025-07-22 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-6558

ISC Podcast: https://isc.sans.edu/podcastdetail/9550

CVE-2025-53770 - Microsoft SharePoint Server is vulnerable to code execution by unauthorized attackers through deserialization of untrusted data, with an exploit already in the wild for CVE-2025-53770.

Product: Microsoft SharePoint Server

CVSS Score: 0

** KEV since 2025-07-20 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-53770

ISC Diary: https://isc.sans.edu/diary/32174

CVE-2025-8264 - Z-push/z-push-dev versions before 2.7.6 are vulnerable to SQL Injection, allowing attackers to manipulate the username field in basic authentication and potentially access or modify sensitive third-party database data.

Product: Z-push/z-push-dev

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-8264

NVD References: https://security.snyk.io/vuln/SNYK-PHP-ZPUSHZPUSHDEV-10908180

CVE-2025-40682 - Human Resource Management System version 1.0 is vulnerable to SQL injection via the “city” and “state” parameters in the /controller/ccity.php endpoint, allowing attackers to retrieve, create, update, and delete databases.

Product: Oretnom23 Human Resource Management System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-40682

NVD References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-human-resource-management-system

CVE-2025-46059 - Langchain-ai v0.3.51 is vulnerable to an indirect prompt injection in the GmailToolkit component, enabling attackers to execute arbitrary code through a malicious email.

Product: langchain-ai GmailToolkit

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-46059

CVE-2025-50738 - The Memos application up to version v0.24.3 allows for arbitrary URL embedding in markdown images, exposing users' IP addresses and browser information without explicit consent.

Product: Memos application

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-50738

CVE-2025-44136 - MapTiler Tileserver-php v2.0 is vulnerable to Cross Site Scripting (XSS) due to the unencoded reflection of the "layer" GET parameter in error messages.

Product: MapTiler Tileserver-php v2.0

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-44136

CVE-2025-40600 - SonicOS SSL VPN interface is vulnerable to an externally-controlled format string exploit, which can be used by a remote unauthenticated attacker to disrupt services.

Product: SonicWall SonicOS SSL VPN interface

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-40600

NVD References: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0013

CVE-2025-54381 - BentoML version 1.4.0 until 1.4.19 is vulnerable to SSRF attacks due to an unauthenticated remote attackers exploit in the file upload processing system.

Product: BentomML

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54381

CVE-2025-31229 - iOS and iPadOS 18.6 may allow passcodes to be read aloud by VoiceOver due to a logic issue that has been fixed with improved checks.

Product: Apple iOS and iPadOS

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-31229

NVD References: https://support.apple.com/en-us/124147

CVE-2025-31279 - macOS Sequoia 15.6, iPadOS 17.7.9, macOS Sonoma 14.7.7, and macOS Ventura 13.7.7 addressed a permissions issue with additional restrictions, fixing the ability for an app to potentially fingerprint the user.

Product: Multiple Apple products

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-31279

NVD References:

- https://support.apple.com/en-us/124148

- https://support.apple.com/en-us/124149

- https://support.apple.com/en-us/124150

- https://support.apple.com/en-us/124151

CVE-2025-31281 - visionOS, tvOS, macOS Sequoia, iOS, and iPadOS were vulnerable to unexpected app termination due to an input validation issue, now fixed in versions 2.6, 18.6, 15.6, 18.6, and 18.6.

Product: Multiple Apple products

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-31281

NVD References:

- https://support.apple.com/en-us/124147

- https://support.apple.com/en-us/124149

- https://support.apple.com/en-us/124153

- https://support.apple.com/en-us/124154

CVE-2025-43186 - Parsing a file may lead to an unexpected app termination. The issue was addressed with improved memory handling.

Product: Multiple Apple products

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43186

NVD References:

- https://support.apple.com/en-us/124147

- https://support.apple.com/en-us/124149

- https://support.apple.com/en-us/124150

- https://support.apple.com/en-us/124151

- https://support.apple.com/en-us/124153

- https://support.apple.com/en-us/124154

- https://support.apple.com/en-us/124155

CVE-2025-43184, CVE-2025-43189, CVE-2025-43192, CVE-2025-43193, CVE-2025-43194, CVE-2025-43198, CVE-2025-43199, CVE-2025-43222, CVE-2025-43232, CVE-2025-43233, CVE-2025-43237, CVE-2025-43243, CVE-2025-43244, CVE-2025-43245, CVE-2025-43253, CVE-2025-43261, CVE-2025-43273, CVE-2025-43275 - Multiple vulnerabilities in macOS.

Product: Apple macOS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43184

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43189

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43192

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43193

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43194

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43198

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43199

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43222

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43232

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43233

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43237

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43243

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43244

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43245

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43253

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43261

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43273

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43275

NVD References:

- https://support.apple.com/en-us/122373

- https://support.apple.com/en-us/124148

- https://support.apple.com/en-us/124149

- https://support.apple.com/en-us/124150

- https://support.apple.com/en-us/124151

CVE-2025-43209 - Safari may crash unexpectedly when processing maliciously crafted web content in macOS Sequoia 15.6, iPadOS 17.7.9, iOS 18.6, iPadOS 18.6, tvOS 18.6, macOS Sonoma 14.7.7, watchOS 11.6, visionOS 2.6, and macOS Ventura 13.7.7.

Product: Multiple Apple products

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43209

NVD References:

- https://support.apple.com/en-us/124147

- https://support.apple.com/en-us/124148

- https://support.apple.com/en-us/124149

- https://support.apple.com/en-us/124150

- https://support.apple.com/en-us/124151

- https://support.apple.com/en-us/124153

- https://support.apple.com/en-us/124154

- https://support.apple.com/en-us/124155

CVE-2025-43220 - iPadOS, macOS Sequoia, macOS Sonoma, and macOS Ventura are vulnerable to unauthorized access of protected user data due to inadequate validation of symlinks, but the issue has been fixed in versions 17.7.9, 15.6, 14.7.7, and 13.7.7.

Product: Multiple Apple products

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43220

NVD References:

- https://support.apple.com/en-us/124148

- https://support.apple.com/en-us/124149

- https://support.apple.com/en-us/124150

- https://support.apple.com/en-us/124151

CVE-2025-43234 - watchOS 11.6, iOS 18.6, iPadOS 18.6, tvOS 18.6, macOS Sequoia 15.6, and visionOS 2.6 are vulnerable to unexpected app termination due to multiple memory corruption issues.

Product: Multiple Apple products

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43234

NVD References:

- https://support.apple.com/en-us/124147

- https://support.apple.com/en-us/124149

- https://support.apple.com/en-us/124153

- https://support.apple.com/en-us/124154

- https://support.apple.com/en-us/124155

CVE-2025-54430 - Dedupe, a python library utilizing machine learning for fuzzy matching, deduplication, and entity resolution, was found to have a critical severity vulnerability in the .github/workflows/benchmark-bot.yml workflow before commit 3f61e79, allowing for exploitation through issue_comment trigger using @benchmark body and potential exfiltration of GITHUB_TOKEN.

Product: dedupe python library

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54430

CVE-2025-46811 - SUSE Manager is vulnerable to Missing Authentication for Critical Function, allowing unauthorized users to execute commands as root via websocket access.

Product: SUSE Manager

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-46811

NVD References: https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-46811

CVE-2025-50578 - LinuxServer.io heimdall 2.6.3-ls307 has a vulnerability in its handling of user-supplied HTTP headers, allowing unauthenticated remote attackers to manipulate headers for Host Header Injection and Open Redirect attacks, potentially leading to phishing, UI redress, and session theft.

Product: LinuxServer.io heimdall 2.6.3-ls307

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-50578

CVE-2025-54576 - OAuth2-Proxy is vulnerable in versions 7.10.0 and below, allowing attackers to bypass authentication by exploiting the skip_auth_routes configuration option with regex patterns.

Product: OAuth2-Proxy

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54576

NVD References: https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-7rh7-c77v-6434

CVE-2025-49084 - Absolute Secure Access prior to version 13.56 has a vulnerability that allows attackers with administrative access to overwrite policy rules without the necessary permissions, with low attack complexity and high privilege requirements, impacting subsequent systems' confidentiality and availability.

Product: Absolute Secure Access

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49084

NVD References: https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-49084

CVE-2025-50475 - Russound MBX-PRE-D67F firmware version 3.1.6 is vulnerable to OS command injection, enabling unauthorized users to execute commands as root through manipulated input in network configuration requests.

Product: Russound MBX-PRE-D67F

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-50475

CVE-2025-26062 & CVE-2025-26063 - Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 routers allow unauthenticated attackers to access sensitive information in settings files and execute arbitrary code through crafted ESSID name injection.

Product: Intelbras RX1500, RX3000

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26062

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26063

CVE-2025-8286 - Güralp FMUS series seismic monitoring devices have an unauthenticated Telnet-based command line interface vulnerability, enabling potential attackers to alter hardware settings and reset the device.

Product: Güralp FMUS series seismic monitoring devices

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-8286

NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-25-212-01

CVE-2025-8454 - Uscan in devscripts skips OpenPGP verification for previously downloaded upstream sources even if previous verification failed.

Product: devscripts uscan

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-8454

CVE-2019-19144 - XML External Entity Injection vulnerability in Quantum DXi6702 2.3.0.3 (11449-53631 Build304) devices via rest/Users?action=authenticate.

Product: Quantum DXi6702

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2019-19144

CVE-2025-50460 - The ms-swift project version 3.3.0 is vulnerable to remote code execution due to unsafe deserialization in tests/run.py using yaml.load() from the PyYAML library, allowing attackers to execute arbitrary code and potentially compromise the entire system.

Product: ms-open source ms-swift

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-50460

NVD References: https://github.com/advisories/GHSA-6757-jp84-gxfx

CVE-2025-52239 - An arbitrary file upload vulnerability in ZKEACMS v4.1 allows attackers to execute arbitrary code via a crafted file.

Product: ZKEACMS v4.1

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-52239

CVE-2025-50341 - Axelor 5.2.4 is vulnerable to a Boolean-based SQL injection via the _domain parameter, allowing attackers to manipulate SQL query logic, potentially leading to data exposure or further exploitation.

Product: Axelor 5.2.4

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-50341

CVE-2025-50754 - Unisite CMS version 5.0 is vulnerable to stored Cross-Site Scripting (XSS) in the "Report" functionality, allowing attackers to hijack admin sessions and execute remote code on the server.

Product: Unisite CMS version 5.0

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-50754

CVE-2025-51387 - The GitKraken Desktop versions 10.8.0 and 11.1.0 are vulnerable to code injection through misconfigured Electron Fuses.

Product: GitKraken Desktop

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-51387

CVE-2025-27212 - UniFi Access devices are vulnerable to Command Injection due to improper input validation, requiring immediate updates to prevent exploitation by malicious actors.

Product: UniFi Access Reader Pro UniFi Access G2 Reader Pro, UniFi Access G3 Reader Pro, UniFi Access Intercom, UniFi Access G3 Intercom, UniFi Access Intercom Viewer

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27212

NVD References: https://community.ui.com/releases/Security-Advisory-Bulletin-051-051/583fa6e1-3d85-42ec-a453-651d1653c9b3

CVE-2025-46093 - LiquidFiles before 4.1.2 allows FTPDrop users to execute arbitrary code as root via FTP SITE CHMOD mode 6777 and sudoers configuration.

Product: LiquidFiles

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-46093

CVE-2025-54119 - ADOdb PHP database library versions 5.22.9 and below allow SQL injection when connecting to a sqlite3 database and using metaColumns(), metaForeignKeys() or metaIndexes() with a crafted table name, fixed in 5.22.10.

Product: ADOdb PHP database class library

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54119

CVE-2025-54802 - pyLoad version 0.5.0b3.dev89 and below has a path traversal vulnerability in the CNL Blueprint package parameter, leading to Remote Code Execution (RCE).

Product: pyLoad-ng

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54802

CVE-2025-54982 - An improper verification of cryptographic signature in Zscaler's SAML authentication mechanism on the server-side allowed an authentication abuse.

Product: Zscaler SAML authentication mechanism

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54982

NVD References: https://help.zscaler.com/zia/about-identity-providers

CVE-2025-54948 - Trend Micro Apex One (on-premise) management console allows a pre-authenticated remote attacker to upload malicious code and execute commands.

Product: Trend Micro Apex One

CVSS Score: 9.4

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54948

NVD References: https://success.trendmicro.com/en-US/solution/KA-0020652

CVE-2025-54987 - Trend Micro Apex One (on-premise) management console is vulnerable to pre-authenticated remote code execution, similar to CVE-2025-54948, but targeting a different CPU architecture.

Product: Trend Micro Apex One

CVSS Score: 9.4

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54987

NVD References: https://success.trendmicro.com/en-US/solution/KA-0020652

CVE-2025-50706 - An issue in thinkphp v.5.1 allows a remote attacker to execute arbitrary code via the routecheck function

Product: thinkphp v.5.1

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-50706

CVE-2025-50707 - An issue in thinkphp3 v.3.2.5 allows a remote attacker to execute arbitrary code via the index.php component

Product: thinkphp3

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-50707

CVE-2025-46658 - An issue was discovered in ExonautWeb in 4C Strategies Exonaut 21.6. There are verbose error messages.

Product: 4C Strategies ExonautWeb

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-46658

CVE-2025-54253 - Adobe Experience Manager versions 6.5.23 and earlier are vulnerable to a Misconfiguration flaw allowing attackers to execute arbitrary code without user interaction.

Product: Adobe Experience Manager

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54253

NVD References: https://helpx.adobe.com/security/products/aem-forms/apsb25-82.html

CVE-2025-50472 - The modelscope/ms-swift library thru 2.6.1 is vulnerable to arbitrary code execution through deserialization of untrusted data within the `load_model_meta()` function of the `ModelFileSystemCache()` class, enabling attackers to execute commands remotely by manipulating serialized `.mdl` payloads.

Product: modelscope ms-swift

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-50472

CVE-2025-52390 - Saurus CMS Community Edition is vulnerable to a SQL Injection in `FulltextSearch.class.php` due to unsanitized user input concatenation in the `prepareSearchQuery()` method.

Product: Saurus CMS Community Edition

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-52390

CVE-2025-45150 - Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive files via supplying a crafted request.

Product: LangChain ChatGLM-Webui

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-45150

CVE-2025-50870 - Institute-of-Current-Students 1.0 is vulnerable to an Incorrect Access Control flaw in the mydetailsstudent.php endpoint, allowing attackers to access sensitive student information by manipulating the email parameter in the request URL.

Product: Institute-of-Current-Students mydetailsstudent.php

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-50870

CVE-2025-54574 - Squid is vulnerable to a heap buffer overflow and possible remote code execution attack in versions 6.3 and below due to incorrect buffer management when processing URN, fixed in version 6.4 by disabling URN access permissions.

Product: Squid caching proxy for the Web

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54574

NVD References: https://github.com/squid-cache/squid/security/advisories/GHSA-w4gv-vw3f-29g3

CVE-2025-6000 - Vault: A privileged operator with write permission to {{sys/audit}} can execute code on the host if a plugin directory is set in the configuration, fixed in versions 1.20.1, 1.19.7, 1.18.12, and 1.16.23.

Product: Vault Community Edition

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-6000

CVE-2025-6077 - Partner Software's Partner Software Product and corresponding Partner Web application have a shared default credential vulnerability.

Product: Partner Software

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-6077

NVD References: https://partnersoftware.com/resources/software-release-info-4-32/

CVE-2025-6205 - DELMIA Apriso from Release 2020 through Release 2025 is vulnerable to a missing authorization issue that could enable attackers to gain privileged access to the application.

Product: DELMIA Apriso

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-6205

NVD References: https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6205

CVE-2025-36594 - Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions 7.7.1.0 through 8.3.0.15, LTS2024 versions 7.13.1.0 through 7.13.1.25, and LTS 2023 versions 7.10.1.0 through 7.10.1.60, is vulnerable to an Authentication Bypass by Spoofing, allowing remote unauthenticated attackers to bypass protection mechanisms and potentially expose sensitive information, compromise system integrity, and disrupt availability.

Product: Dell PowerProtect Data Domain

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-36594

NVD References: https://www.dell.com/support/kbdoc/en-us/000348708/dsa-2025-159-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities

CVE-2025-51536 - Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a hardcoded Administrator password.

Product: Austrian Archaeological Institute (AI) OpenAtlas

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-51536

CVE-2025-44954 - RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build has a hardcoded SSH private key for a root-equivalent user account.

Product: RUCKUS SmartZone (SZ)

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-44954

NVD References:

- https://claroty.com/team82/disclosure-dashboard/cve-2025-44954

- https://kb.cert.org/vuls/id/613753

CVE-2025-44961 - RUCKUS SmartZone (SZ) allows OS command injection through an authenticated user's input in the IP address field before 6.1.2p3 Refresh Build.

Product: RUCKUS SmartZone (SZ)

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-44961

NVD References:

- https://claroty.com/team82/disclosure-dashboard/cve-2025-44961

- https://kb.cert.org/vuls/id/613753

CVE-2025-44963 - RUCKUS Network Director (RND) before version 4.5 is vulnerable to administrator JWT spoofing if the attacker knows the hardcoded secret key.

Product: RUCKUS Network Director (RND)

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-44963

NVD References:

- https://claroty.com/team82/disclosure-dashboard/cve-2025-44963

- https://kb.cert.org/vuls/id/613753

CVE-2025-51535 - Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a SQL injection vulnerability.

Product: Austrian Archaeological Institute (AI) OpenAtlas

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-51535

CVE-2025-51390 - TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a command injection vulnerability via the pin parameter in the setWiFiWpsConfig function.

Product: TOTOLINK N600R

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-51390

CVE-2025-54594 - React-native-bottom-tabs versions 0.9.2 and below improperly used the pull_request_target event trigger in the GitHub Actions repository workflow, allowing for untrusted code execution in a privileged context, leading to sensitive data exfiltration and potential code compromise.

Product: React Native react-native-bottom-tabs

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54594

CVE-2025-23319 - NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write by sending a request. A successful exploit of this vulnerability might lead to remote code execution, denial of service, data tampering, or information disclosure.

Product: NVIDIA Triton Inference Server for Windows and Linux CVSS Score: 8.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-23319

ISC Podcast: https://isc.sans.edu/podcastdetail/9556

NVD References: https://nvidia.custhelp.com/app/answers/detail/a_id/5687

CVE-2025-5954 - The Service Finder SMS System plugin for WordPress allows for privilege escalation through account takeover in versions up to 2.0.0, permitting unauthenticated attackers to register as an administrator user.

Product: WordPress Service Finder SMS System plugin

Active Installations: Unknown. Update to version 3.0.0, or a newer patched version

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-5954

NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/520c1e8b-d0c1-4201-90bf-0cefab9af7e0?source=cve

CVE-2025-5947 - The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via authentication bypass in all versions up to, and including, 6.0, allowing unauthenticated attackers to login as any user, including admins.

Product: WordPress Service Finder Bookings plugin

Active Installations: Unknown. Update to version 6.1, or a newer patched version

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-5947

NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/c1fe4f60-d93b-4071-90ae-ac863c17fe19?source=cve

CVE-2025-7710 - The Brave Conversion Engine (PRO) plugin for WordPress allows unauthenticated attackers to bypass authentication by logging in as other users.

Product: Brave Conversion Engine (PRO) plugin for WordPress

Active Installations: 20,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-7710

NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/604249c6-b23a-40e9-984d-2014f5c97249?source=cve