The Consensus Security Vulnerability Alert

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

Interesting Technique to Launch a Shellcode

Published: 2025-08-27

Last Updated: 2025-08-27 05:55:21 UTC

by Xavier Mertens (Version: 1)

In most attack scenarios, attackers have to perform a crucial operation: to load a shellcode in memory and execute it. This is often performed in a three-step process:

1. Some memory must be allocated and flagged as "executable" ...

2. The shellcode (often deobfuscated) is copied into this newly allocated memory ...

3. The shellcode is launched using the creation of a new thread.

With this technique, the shellcode will be executed in the context of the current process, but alternative techniques might, of course, load and execute the shellcode in a remote process.

This technique is pretty well flagged by most EDRs. That's why Attackers are always looking for alternative ways to execute malicious code and defeat EDRs. I found a nice piece of PowerShell that implements such a technique!

The PowerShell script is dropped by a Windows executable ...

Read the full entry: https://isc.sans.edu/diary/Interesting+Technique+to+Launch+a+Shellcode/32238/

Getting a Better Handle on International Domain Names and Punycode

Published: 2025-08-26

Last Updated: 2025-08-26 16:34:11 UTC

by Johannes Ullrich (Version: 1)

International domain names (IDN) continue to be an interesting topic. For the most part, they are probably less of an issue than some people make them out to be, given that popular browsers like Google Chrome are pretty selective in displaying them. But on the other hand, they are still used legitimately or not, and keeping a handle on them is interesting ...

Read the full entry: https://isc.sans.edu/diary/Getting+a+Better+Handle+on+International+Domain+Names+and+Punycode/32234/

Reading Location Position Value in Microsoft Word Documents

Published: 2025-08-25. Last Updated: 2025-08-25 00:09:14 UTC

by Jesse La Grew (Version: 1)

While studying for the GX-FE, I started exploring the "Position" value in the registry that helps to tell Microsoft Word where you "left off". It's a feature many people that use Word have seen on numerous occasions and is explored in FOR500: Windows Forensic Analysis ...

For example, my registry has the following registry information for a test document I created ...

Read the full entry: https://isc.sans.edu/diary/Reading+Location+Position+Value+in+Microsoft+Word+Documents/32224/

The end of an era: Properly formatted IP addresses in all of our data. (2025.08.24)

https://isc.sans.edu/diary/The+end+of+an+era+Properly+formated+IP+addresses+in+all+of+our+data/32228/

Don't Forget The "-n" Command Line Switch (2025.08.21)

https://isc.sans.edu/diary/Dont+Forget+The+n+Command+Line+Switch/32220/

The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

CVE-2025-31324 - SAP NetWeaver Visual Composer Metadata Uploader lacks proper authorization, enabling unauthenticated agents to upload harmful executables, compromising system security.

Product: SAP NetWeaver Visual Composer

CVSS Score: 0

** KEV since 2025-04-29 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-31324

ISC Podcast: https://isc.sans.edu/podcastdetail/9578

CVE-2025-42999 - SAP NetWeaver Visual Composer Metadata Uploader is vulnerable to upload of untrusted content that could compromise system confidentiality, integrity, and availability.

Product: SAP NetWeaver Visual Composer

CVSS Score: 0

** KEV since 2025-05-15 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-42999

ISC Podcast: https://isc.sans.edu/podcastdetail/9578

CVE-2025-43300 - macOS, iPadOS, iOS, and iPadOS were all vulnerable to an out-of-bounds write issue that could be exploited through a malicious image file, leading to memory corruption and potentially targeted attacks.

Product: Apple macOS, iOS, and iPadOS

CVSS Score: 8.8

** KEV since 2025-08-21 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43300

ISC Podcast: https://isc.sans.edu/podcastdetail/9580

CVE-2025-36157 - IBM Jazz Foundation versions 7.0.2 to 7.1.0 are vulnerable to unauthorized actions by an unauthenticated remote attacker updating server property files.

Product: IBM Jazz Foundation

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-36157

ISC Podcast: https://isc.sans.edu/podcastdetail/9586

NVD References: https://www.ibm.com/support/pages/node/7242925

CVE-2025-7775 - NetScaler ADC and NetScaler Gateway are vulnerable to Memory overflow leading to Remote Code Execution and/or Denial of Service when configured as Gateway or LB virtual servers bound with IPv6 services.

Product: NetScaler ADC and NetScaler Gateway

CVSS Score: 0

** KEV since 2025-08-26 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-7775

ISC Podcast: https://isc.sans.edu/podcastdetail/9588

CVE-2025-7776 - NetScaler ADC and NetScaler Gateway are vulnerable to memory overflow, potentially causing unpredictable behavior and denial of service if the product is configured as a Gateway with a PCoIP Profile.

Product: Citrix NetScaler ADC and NetScaler Gateway

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-7776

ISC Podcast: https://isc.sans.edu/podcastdetail/9588

NVD References: https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938

CVE-2025-8424 - NetScaler ADC and NetScaler Gateway are vulnerable to improper access control on the NetScaler Management Interface, allowing attackers to gain access to critical IP addresses and potentially compromise the system.

Product: Citrix NetScaler ADC and NetScaler Gateway

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-8424

ISC Podcast: https://isc.sans.edu/podcastdetail/9588

CVE-2025-48384 - Git has a vulnerability that allows for unintentional execution of post-checkout hooks due to a trailing carriage return issue, fixed in versions v2.43.7 and above.

Product: Git

CVSS Score: 0

** KEV since 2025-08-25 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48384

ISC Podcast: https://isc.sans.edu/podcastdetail/9588

CVE-2025-50567 - Saurus CMS Community Edition 4.7.1 is vulnerable to SQL injection and potential arbitrary PHP code execution due to the deprecated /e modifier in the custom DB::prepare() function.

Product: Saurus CMS Community Edition 4.7.1

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-50567

CVE-2025-54336 - Plesk Obsidian 18.0.70 is vulnerable to a login bypass attack due to insecure comparison in _isAdminPasswordValid function.

Product: Plesk Obsidian

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54336

CVE-2025-55294 - Screenshot-desktop is vulnerable to a command injection issue, allowing arbitrary command execution with the privileges of the calling process.

Product: screenshot-desktop

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-55294

NVD References: https://github.com/bencevans/screenshot-desktop/security/advisories/GHSA-gjx4-2c7g-fm94

CVE-2024-44373 - AllSky v2023.05.01_04 is vulnerable to path traversal, allowing an attacker to create a webshell and execute remote code.

Product: AllSky v2023.05.01_04

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44373

CVE-2025-55306 - GenX_FX backend is at risk of exposing API keys and authentication tokens due to misconfigured environment variables, allowing unauthorized access to cloud resources.

Product: GenX FX

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-55306

CVE-2025-55733 - DeepChat before 0.3.1 has a one-click remote code execution vulnerability, allowing attackers to exploit it by embedding a specially crafted deepchat: URL on a website, leading to remote code execution on the victim's machine.

Product: DeepChat

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-55733

CVE-2025-51543 - An issue was discovered in Cicool builder 3.4.4 allowing attackers to reset the administrator's password via the /administrator/auth/reset_password endpoint.

Product: Cicool builder

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-51543

CVE-2025-54143 - Firefox for iOS < 141 is vulnerable to sandboxed iframes allowing potentially malicious downloads to bypass sandbox restrictions on parent pages.

Product: Mozilla Firefox

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54143

CVE-2025-54145 - Firefox for iOS < 141 could be exploited by scanning a malicious QR code to open arbitrary websites.

Product: Mozilla Firefox

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54145

CVE-2025-55031 - Firefox for iOS < 142 and Focus for iOS < 142 are vulnerable to triggering the hybrid passkey transport, potentially allowing attackers to trick users into logging into unauthorized accounts.

Product: Mozilla Firefox

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-55031

CVE-2025-8042 - Firefox for Android allowed a sandboxed iframe without the `allow-downloads` attribute to start downloads. This vulnerability affects Firefox < 141.

Product: Mozilla Firefox for Android

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-8042

NVD References: https://www.mozilla.org/security/advisories/mfsa2025-56/

CVE-2025-9179 - Firefox and Thunderbird versions below 142, 115.27, 128.14, and 140.2 are susceptible to memory corruption attacks in the GMP process handling encrypted media.

Product: Mozilla Firefox and Thunderbird

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-9179

CVE-2025-9187 - Firefox 141 and Thunderbird 141 are vulnerable to memory safety bugs that could potentially allow for arbitrary code execution.

Product: Mozilla Firefox and Thunderbird

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-9187

CVE-2025-27129 - Tenda AC6 V5.0 V02.03.01.110 is vulnerable to an authentication bypass issue that can be exploited by a specially crafted HTTP request for arbitrary code execution.

Product: Tenda AC6

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27129

CVE-2025-55613 - Tenda O3V2 1.0.0.12(3880) is vulnerable to Buffer Overflow in the fromSafeSetMacFilter function via the mac parameter.

Product: Tenda O3V2

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-55613

CVE-2024-57157 - Incorrect access control in Jantent v1.1 allows attackers to bypass authentication and access sensitive APIs without a token.

Product: Jantent v1.1

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57157

CVE-2024-50640 - jeewx-boot 1.3 has an authentication bypass vulnerability in the preHandle function

Product: jeewx-boot 1.3

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50640

CVE-2025-50901 - JeeWMS 771e4f5d0c01ffdeae1671be4cf102b73a3fe644 (2025-05-19) contains incorrect authentication bypass vulnerability, which can lead to arbitrary file reading.

Product: JeeWMS 771e4f5d0c01ffdeae1671be4cf102b73a3fe644

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-50901

CVE-2024-53499 - Jeewms v3.7 was discovered to contain a SQL injection vulnerability via the CgReportController API.

Product: Jeewms v3.7

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-53499

CVE-2025-50904 - WinterChenS my-site contains an authentication bypass vulnerability, allowing unauthorized access to /admin/ API without a token.

Product: WinterChenS my-site

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-50904

CVE-2025-55444 - Online Artwork and Fine Arts MCA Project 1.0 is vulnerable to SQL injection via the id2 parameter in the cancel_booking.php page, allowing remote attackers to execute code and breach the database.

Product: Online Artwork Fine Arts MCA Project 1.0

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-55444

CVE-2025-55746 - Directus: A vulnerability allows unauthenticated actors to modify and upload files without detection in versions 10.8.0 to before 11.9.3, but is fixed in 11.9.3.

Product: Directus

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-55746

CVE-2024-57154 - Incorrect access control in dts-shop v0.0.1-SNAPSHOT allows attackers to bypass authentication via sending a crafted payload to /admin/auth/index.

Product: dts-shop v0.0.1-SNAPSHOT

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57154

CVE-2025-54988 - Apache Tika is vulnerable to Critical XXE allowing attackers to inject malicious XML via a crafted XFA file in PDFs, potentially exposing sensitive data or triggering malicious requests to internal or third-party servers.

Product: Apache Tika

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54988

CVE-2024-57155 - Incorrect access control in radar v1.0.8 allows attackers to bypass authentication and access sensitive APIs without a token.

Product: Radar v1.0.8

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57155

CVE-2025-24285 - UniFi Connect EV Station Lite is vulnerable to Multiple Improper Input Validation vulnerabilities, potentially allowing Command Injection by a malicious actor with network access.

Product: UniFi Connect EV Station Lite

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24285

CVE-2025-27214 - UniFi Connect EV Station Pro (Version 1.5.18 and earlier) is vulnerable to unauthorized factory resets by malicious actors with physical or adjacent access.

Product: UniFi Connect EV Station Pro

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27214

CVE-2025-27217 - UISP Application is vulnerable to Server-Side Request Forgery, allowing unauthorized requests to be made outside of application scope.

Product: UISP Application

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27217

CVE-2025-7390 - OPC.https server vulnerability allows malicious clients to bypass certificate trust checks when restricting communication to secure endpoints.

Product: opc https server

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-7390

CVE-2025-52395 - Roadcute API v.1 is vulnerable to a remote code execution attack due to a password reset API endpoint that lacks proper requester identity validation.

Product: Roadcute API v.1

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-52395

CVE-2024-45438 - TitanHQ SpamTitan Email Security Gateway allows unauthenticated users to trigger account-level actions through a crafted GET request.

Product: TitanHQ SpamTitan Email Security Gateway

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45438

CVE-2025-57754 - eslint-ban-moment exposes a sensitive Supabase URI in .env, allowing unauthorized access and control over database and user data.

Product: Eslint eslint-ban-moment

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-57754

CVE-2025-52352 - Aikaan IoT management platform v3.25.0325-5-g2e9c59796 allows unauthenticated users to bypass authentication and gain unauthorized access to admin portals via publicly accessible sign-up API endpoint despite user sign-up feature being disabled on the login page UI.

Product: Aikaan IoT management platform

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-52352

CVE-2025-3128 - Mitsubishi Electric smartRTU is susceptible to remote unauthenticated attackers executing arbitrary OS commands to interfere with or delete device information and potentially cause a denial-of-service.

Product: Mitsubishi Electric smartRTU

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-3128

NVD References:

- https://emea.mitsubishielectric.com/fa/products/quality/quality-news-information

- https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-09

CVE-2025-53763 - Improper access control in Azure Databricks allows an unauthorized attacker to elevate privileges over a network.

Product: Azure Databricks

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-53763

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53763

CVE-2025-53795 - Improper authorization in Microsoft PC Manager allows an unauthorized attacker to elevate privileges over a network.

Product: Microsoft PC Manager

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-53795

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53795

CVE-2025-9254 - WebITR by Uniong has a Missing Authentication vulnerability that enables unauthenticated remote attackers to log in as arbitrary users through a specific functionality.

Product: UnioNg WebITR

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-9254

NVD References: https://www.twcert.org.tw/en/cp-139-10329-a1c5d-2.html

CVE-2025-29365 - spimsimulator spim v9.1.24 and before is vulnerable to Buffer Overflow in READ_STRING_SYSCALL.

Product: spimsimulator spim

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-29365

CVE-2025-29366 - Mupen64plus v2.6.0 is vulnerable to an array overflow in the write_rdram_regs and write_rdram_regs functions, allowing for arbitrary command execution on the host machine.

Product: Mupen64plus

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-29366

CVE-2025-52095 - An issue in PDQ Smart Deploy V.3.0.2040 allows an attacker to escalate privileges via the Credential encryption routines in SDCommon.dll

Product: PDQ Smart Deploy

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-52095

CVE-2024-50644 - zhisheng17 blog 3.0.1-SNAPSHOT has an authentication bypass vulnerability. An attacker can exploit this vulnerability to access API without any token.

Product: zhisheng17 blog

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50644

CVE-2025-55398 - mouse07410 asn1c thru 0.9.29 (2025-03-20) fails to enforce INTEGER constraints in UPER, potentially resulting in incorrect or malicious input processing.

Product: mouse07410 asn1c

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-55398

CVE-2022-45134 - Mahara is vulnerable to code execution due to unsafe deserialization of user input during skin import.

Product: Mahara

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-45134

CVE-2025-51092 - The LogIn-SignUp project by VishnuSivadasVS is vulnerable to SQL Injection through unsafe construction of SQL queries in DataBase.php.

Product: VishnuSivadasVS LogIn-SignUp project

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-51092

CVE-2022-31491 - Voltronic Power ViewPower, ViewPower Pro, and PowerShield Netguard allow remote attackers to execute arbitrary code via an unspecified web interface related to UPS shutdown detection, regardless of UPS state or presence, before versions 1.04-24215, 2.0-22165, and 1.04-23292.

Product: Voltronic Power ViewPower

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-31491

NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-25-182-05

CVE-2022-43110 - Voltronic Power ViewPower and PowerShield Netguard are vulnerable to remote attackers who can configure the system, change passwords, view system configuration, enumerate connected UPS devices, and shut down UPS devices.

Product: Voltronic Power ViewPower

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-43110

NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-25-182-05

CVE-2025-26496 - Salesforce Tableau Server, Tableau Desktop is vulnerable to a Type Confusion issue in the File Upload modules, allowing Local Code Inclusion before specified versions.

Product: Salesforce Tableau Server

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26496

CVE-2025-4609 - Mojo in Google Chrome on Windows allowed a remote attacker to potentially escape the sandbox via a malicious file due to an incorrect handle.

Product: Google Chrome

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4609

CVE-2025-45968 - System PDV v1.0 is vulnerable to an Insecure Direct Object Reference (IDOR) flaw, allowing a remote attacker to access sensitive information via the hash parameter in a URL.

Product: System PDV v1.0

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-45968

CVE-2025-48005, CVE-2025-52581, CVE-2025-53511, CVE-2025-53518, CVE-2025-53557, CVE-2025-53853, CVE-2025-54462, CVE-2025-54480 through CVE-2025-54494 - Multiple vulnerabilities in the Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa).

Product: Libbiosig Project

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48005

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-52581

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-53511

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-53518

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-53557

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-53853

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54462

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54480

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54481

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54482

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54483

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54484

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54485

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54486

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54487

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54488

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54489

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54490

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54491

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54492

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54493

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54494

CVE-2025-50900 - Getrebuild/rebuild 4.0.4 is vulnerable to unauthenticated attackers gaining sensitive information or escalated privileges via the com.rebuild.web.RebuildWebInterceptor class's preHandle function.

Product: Getrebuild / rebuild

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-50900

CVE-2025-56212 & CVE-2025-56214 - phpgurukul Hospital Management System 4.0 SQL injection vulnerabilities.

Product: phpgurukul Hospital Management System 4.0

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-56212

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-56214

CVE-2025-53118 - Unified PAM is vulnerable to an authentication bypass that allows an unauthenticated attacker to manipulate administrator backup functions and compromise stored passwords, secrets, and application session tokens.

Product: Unified Automation Unified PAM

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-53118

CVE-2025-53120 - Unified PAM server is susceptible to path traversal vulnerability through unauthenticated upload functionality, enabling remote code execution by uploading malicious binaries and scripts.

Product: Unified Automation Unified PAM server

CVSS Score: 9.4

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-53120

CVE-2025-55575 - SMM Panel 3.1 is vulnerable to SQL Injection, potentially enabling remote attackers to extract sensitive data through a specially crafted HTTP request.

Product: SMM Panel 3.1

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-55575

CVE-2025-50722 - Insecure Permissions vulnerability in sparkshop v.1.1.7 allows a remote attacker to execute arbitrary code via the Common.php component

Product: sparkshop v.1.1.7

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-50722

CVE-2025-41702 - egOS WebGUI backend has a vulnerability where the JWT secret key is exposed to the default user, allowing unauthenticated remote attackers to generate valid tokens and bypass authentication/authorization.

Product: egOS WebGUI

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-41702

NVD References: https://certvde.com/de/advisories/VDE-2025-076

CVE-2025-9074 - Docker Desktop is vulnerable to local running Linux containers accessing the Docker Engine API, leading to execution of privileged commands and potential host drive mounting in certain circumstances.

Product: Docker Desktop

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-9074

ISC Podcast: https://isc.sans.edu/podcastdetail/9582

CVE-2025-6758 - The Real Spaces - WordPress Properties Directory Theme is vulnerable to privilege escalation via the 'imic_agent_register' function due to a lack of role restriction, allowing unauthenticated attackers to choose the Administrator role during user registration.

Product: Real Estate Real Spaces - WordPress Properties Directory Theme

Active Installations: Unknown. Update to version 3.6.1, or a newer patched version.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-6758

NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/e2b24858-dfcd-46f3-9552-c7acc63a1ee7?source=cve

CVE-2025-8723 - The Cloudflare Image Resizing plugin for WordPress is vulnerable to Remote Code Execution due to missing authentication and insufficient sanitization, allowing unauthenticated attackers to inject arbitrary PHP code.

Product: Cloudflare Image Resizing plugin for WordPress

Active Installations: 300+. Update to version 1.5.7, or a newer patched version.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-8723

NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/0f3b3c1a-1d45-4e2f-854a-171fe759257b?source=cve

CVE-2025-48169 - Jordy Meow Code Engine is vulnerable to improper control of code generation, allowing remote code inclusion from versions n/a through 0.3.3.

Product: Jordy Meow Code Engine

Active Installations: 600+. Update to version 0.3.4 or later.

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48169

NVD References: https://patchstack.com/database/wordpress/plugin/code-engine/vulnerability/wordpress-code-engine-plugin-0-3-3-remote-code-execution-rce-vulnerability?_s_id=cve

CVE-2025-53213 - ReachShip WooCommerce Multi-Carrier & Conditional Shipping allows malicious files to be uploaded due to an unrestricted file upload vulnerability.

Product: ELEXtensions ReachShip WooCommerce Multi-Carrier & Conditional Shipping

Active Installations: 100+. Update to version 4.3.2 or later.

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-53213

NVD References: https://patchstack.com/database/wordpress/plugin/elex-reachship-multi-carrier-conditional-shipping/vulnerability/wordpress-reachship-woocommerce-multi-carrier-conditional-shipping-4-3-1-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2025-53299 - ThemeMakers Visual Content Composer is vulnerable to Object Injection through deserialization of untrusted data.

Product: ThemeMakers Visual Content Composer

Active Installations: Unknown. No known patch available.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-53299

NVD References: https://patchstack.com/database/wordpress/plugin/tmm_content_composer/vulnerability/wordpress-thememakers-visual-content-composer-plugin-1-5-8-php-object-injection-vulnerability?_s_id=cve

CVE-2025-53577 - Global DNS is vulnerable to remote code inclusion due to improper control of code generation, affecting versions from n/a through 3.1.0.

Product: Global DNS

Active Installations: Unknown. Update to version 3.1.1 or later.

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-53577

NVD References: https://patchstack.com/database/wordpress/plugin/global-dns/vulnerability/wordpress-global-dns-plugin-3-1-0-remote-code-execution-rce-vulnerability?_s_id=cve

CVE-2025-53580 - Simple Business Directory Pro allows Privilege Escalation through an Incorrect Privilege Assignment vulnerability, affecting versions from n/a through n/a.

Product: QuantumCloud Simple Business Directory Pro

Active Installations: 300+. Update to version 15.6.9 or later.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-53580

NVD References: https://patchstack.com/database/wordpress/plugin/simple-business-directory-pro/vulnerability/wordpress-simple-business-directory-pro-plugin-15-6-9-privilege-escalation-vulnerability?_s_id=cve

CVE-2025-54014 - MediCenter - Health Medical Clinic is vulnerable to object injection through deserialization of untrusted data from n/a through 15.1.

Product: QuanticaLabs MediCenter - Health Medical Clinic

Active Installations: Unknown. Update to version 15.2 or later.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54014

NVD References: https://patchstack.com/database/wordpress/theme/medicenter/vulnerability/wordpress-medicenter-health-medical-clinic-15-1-php-object-injection-vulnerability?_s_id=cve

CVE-2025-54048 - Custom API for WP through 4.2.2 allows SQL Injection due to improper neutralization of special elements in SQL commands.

Product: miniOrange Custom API for WP

Active Installations: 1,000+. Update to version 4.2.3 or later.

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54048https://nvd.nist.gov/vuln/detail/CVE-2025-54048

NVD References: https://patchstack.com/database/wordpress/plugin/custom-api-for-wp/vulnerability/wordpress-custom-api-for-wp-4-2-2-sql-injection-vulnerability?_s_id=cve

CVE-2025-54049 - Custom API for WP by miniOrange has an Incorrect Privilege Assignment vulnerability that allows for Privilege Escalation from n/a through 4.2.2.

Product: miniOrange Custom API for WP

Active Installations: 1,000+. Update to version 4.2.3 or later.

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54049

NVD References: https://patchstack.com/database/wordpress/plugin/custom-api-for-wp/vulnerability/wordpress-custom-api-for-wp-4-2-2-privilege-escalation-vulnerability?_s_id=cve

CVE-2025-54677 - vcita Online Booking & Scheduling Calendar for WordPress by vcita allows attackers to upload dangerous files.

Product: vcita Online Booking & Scheduling Calendar for WordPress

Active Installations: 2,000+. Update to version 4.5.5 or later.

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54677

NVD References: https://patchstack.com/database/wordpress/plugin/meeting-scheduler-by-vcita/vulnerability/wordpress-online-booking-scheduling-calendar-for-wordpress-by-vcita-plugin-4-5-3-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2025-54713 - Magepeopleteam Taxi Booking Manager for WooCommerce allows for authentication bypass using an alternate path or channel, enabling authentication abuse from n/a through version 1.3.0.

Product: magepeopleteam Taxi Booking Manager for WooCommerce

Active Installations: 1,000+. Update to version 1.3.1 or later.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54713

NVD References: https://patchstack.com/database/wordpress/plugin/ecab-taxi-booking-manager/vulnerability/wordpress-taxi-booking-manager-for-woocommerce-plugin-1-3-0-broken-authentication-vulnerability?_s_id=cve

CVE-2025-54726 - Miguel Useche JS Archive List is vulnerable to SQL Injection from version n/a to n/a.

Product: Miguel Useche JS Archive List

Active Installations: 3,000+

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54726

NVD References: https://patchstack.com/database/wordpress/plugin/jquery-archive-list-widget/vulnerability/wordpress-js-archive-list-plugin-6-1-6-sql-injection-vulnerability?_s_id=cve

CVE-2025-8895 - The WP Webhooks plugin for WordPress is vulnerable to arbitrary file copy, allowing unauthenticated attackers to copy files on the server, including sensitive information like database credentials.

Product: WP Webhooks WordPress

Active Installations: 20,000+. Update to version 3.3.6, or a newer patched version

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-8895

NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/de9c9e1e-3c3c-463a-a78c-d8bc7228da93?source=cve

CVE-2025-53251 - Pin WP is vulnerable to unrestricted upload of dangerous file types, allowing attackers to upload a web shell to the server, affecting versions from n/a through 6.9.

Product: An-Themes Pin WP

Active Installations: Unknown. Update to version 7.2 or later.

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-53251

NVD References: https://patchstack.com/database/wordpress/theme/pin-wp/vulnerability/wordpress-responsive-menu-plugin-6-1-4-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2025-5821 - The Case Theme User plugin for WordPress allows unauthenticated attackers to log in as administrative users by bypassing authentication in versions up to 1.0.3.

Product: WordPress Case Theme User plugin

Active Installations: Unknown. Update to version 1.0.4, or a newer patched version

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-5821

NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/3ce95a04-11bd-488e-ad25-1b661e083eb2?source=cve