The Consensus Security Vulnerability Alert

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

Apple Updates Everything - iOS/macOS 26 Edition

Published: 2025-09-15

Last Updated: 2025-09-15 21:17:32 UTC

by Johannes Ullrich (Version: 1)

Today, as expected, Apple released iOS/iPadOS/macOS/watchOS/tvOS 26. Going forward, Apple will adopt the same OS number across its different offerings, setting us up for a potential year 2100 issue. Notably, VisionOS was not updated.

There are two options to apply the security updates: You may stick with the old major operating system version (iOS 18 or macOS 15), or you may upgrade directly to the "26" version. For more careful users, sticking with the older version will get you all the security fixes (and other bug fixes), but none of the new features and the potential instabilities and compatibility issues.

This update also includes a patch for an already-exploited vulnerability, CVE-2025-43300. Apple patched this vulnerability in August, but only for current operating systems. This update backports this patch for older versions of iOS.

I did some quick Google searches if OS 26 supports various popular security software. Here is a quick summary:

• Crowdstrike: Falcon >= 7.29
• Little Snitch >= 6.3
• Microsoft Defender: supported (July 1st)
• Palo Alto Networks GlobalProtect: "appears to work, firewall detection does not work on macOS 26" (reddit user report, 3 months ago)
• 1Password works fine
• ssh, included with macOS, uses OpenSSH 10.0p2 vs 9.9p2. The newer version of OpenSSH no longer supports some weaker key exchanges, leading to possible issues accessing legacy equipment

Let me know if you have any firsthand experience with any security-related applications that either work or do not work.

Read the full entry: https://isc.sans.edu/diary/Apple+Updates+Everything+iOSmacOS+26+Edition/32286/

Why You Need Phishing Resistant Authentication NOW.

Published: 2025-09-16

Last Updated: 2025-09-16 18:04:16 UTC

by Johannes Ullrich (Version: 1)

The recent (and still ongoing) phishing of NPM developer accounts showed yet again that even technically sophisticated and aware users are falling for phishing lures. Anybody will fall for phishing if a well-targeted e-mail is used.

All it took for the NPM phish to succeed was a well-written email and a convincing landing page. This case used "npmjs[.]help", but a few days later, someone also registered "npmjs[.]cam" (the TLD is .CAM, not .COM, a somewhat underused phishing trick).

Luckily, npmjs[.]cam is currently not reachable ...

Read the full entry: https://isc.sans.edu/diary/Why+You+Need+Phishing+Resistant+Authentication+NOW/32290/

BASE64 Over DNS

Published: 2025-09-10

Last Updated: 2025-09-10 14:55:07 UTC

by Didier Stevens (Version: 1)

On the Stormcast, Johannes talked about BASE64 and DNS used by a backdoor.

I was interested to learn more about this, because DNS labels can only contain letters, digits and a hyphen. If you make a distinction between uppercase and lowercase letters, you have exactly 63 characters to choose from. While BASE64 requires 64 characters (and a 65th character for padding: =).

So how can the backdoor use BASE64 in a label, since RFC 1035 (and updates) does not allow characters +, / and = ?

I did some tests ...

Read the full entry: https://isc.sans.edu/diary/BASE64+Over+DNS/32274/

CTRL-Z DLL Hooking (2025.09.17)

https://isc.sans.edu/diary/CTRLZ+DLL+Hooking/32294/

Web Searches For Archives (2025.09.14)

https://isc.sans.edu/diary/Web+Searches+For+Archives/32282/

DShield SIEM Docker Updates (2025.090.10)

https://isc.sans.edu/diary/DShield+SIEM+Docker+Updates/32276/

The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

CVE-2025-10159 - Sophos AP6 Series Wireless Access Points older than firmware version 1.7.2563 (MR7) are vulnerable to an authentication bypass issue that enables remote attackers to achieve administrative privileges.

Product: Sophos AP6 Series Wireless Access Points

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-10159

ISC Podcast: https://isc.sans.edu/podcastdetail/9608

NVD References: https://www.sophos.com/en-us/security-advisories/sophos-sa-20250909-ap6

CVE-2025-43300 - macOS, iPadOS, iOS, and iPadOS were all vulnerable to an out-of-bounds write issue that could be exploited through a malicious image file, leading to memory corruption and potentially targeted attacks.

Product: Multiple Apple products

CVSS Score: 0

** KEV since 2025-08-21 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43300

ISC Diary: https://isc.sans.edu/diary/32286

CVE-2025-31255 - tvOS, macOS, watchOS, iOS, and iPadOS versions prior to 26, Sonoma 14.8, Sequoia 15.7, and Tahoe 26 allowed an app to access sensitive user data due to an authorization issue addressed with improved state management.

Product: Multiple Apple products

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-31255

ISC Diary: https://isc.sans.edu/diary/32286

CVE-2025-43342 - Safari 26, iOS 18.7, and iPadOS 18.7 fixed a correctness issue with improved checks that could cause an unexpected process crash when processing malicious web content.

Product: Multiple Apple products

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43342

ISC Diary: https://isc.sans.edu/diary/32286

CVE-2025-43343 - tvOS 26, Safari 26, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26, and iPadOS 26 are vulnerable to unexpected process crashes when processing maliciously crafted web content due to memory handling issues.

Product: Multiple Apple products

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43343

ISC Diary: https://isc.sans.edu/diary/32286

CVE-2025-43347 - tvOS 26, watchOS 26, visionOS 26, macOS Tahoe 26, iOS 26, and iPadOS 26 have fixed an input validation issue by removing the vulnerable code.

Product: Multiple Apple products

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43347

ISC Diary: https://isc.sans.edu/diary/32286

CVE-2025-43359 - UDP server sockets on certain Apple devices may become bound to all interfaces due to a logic issue fixed in various updates.

Product: Multiple Apple products

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43359

ISC Diary: https://isc.sans.edu/diary/32286

CVE-2025-43362 - iOS and iPadOS versions prior to 18.7 and 26 allowed apps to monitor keystrokes without user permission, but this vulnerability has been addressed with improved checks.

Product: Apple iOS and iPadOS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43362

ISC Diary: https://isc.sans.edu/diary/32286

CVE-2025-31259 - An app may be able to capture a screenshot of an app entering or exiting full screen mode

Product: macOS

CVSS Score: N/A

NVD: https://nvd.nist.gov/vuln/detail/cve-2025-31259

ISC Diary: https://isc.sans.edu/diary/Apple+Updates+Everything+iOSmacOS+26+Edition/32286/

ISC Podcast: https://isc.sans.edu/podcastdetail/9614

CVE-2025-43273 - A sandboxed process may be able to circumvent sandbox restrictions

Product: macOS

CVSS Score: N/A

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43273

ISC Diary: https://isc.sans.edu/diary/Apple+Updates+Everything+iOSmacOS+26+Edition/32286/

ISC Podcast: https://isc.sans.edu/podcastdetail/9614

CVE: CVE-2025-43277 - Processing a maliciously crafted audio file may lead to memory corruption

Product: macOS

CVSS Score: N/A

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43277

ISC Diary: https://isc.sans.edu/diary/Apple+Updates+Everything+iOSmacOS+26+Edition/32286/

ISC Podcast: https://isc.sans.edu/podcastdetail/9614

CVE-2025-42922 - SAP NetWeaver AS Java allows non-admin users to upload files leading to system compromise.

Product: SAP NetWeaver AS Java

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-42922

NVD References: https://url.sap/sapsecuritypatchday

CVE-2025-42944 - SAP NetWeaver is vulnerable to deserialization attacks allowing unauthenticated attackers to execute arbitrary OS commands through the RMI-P4 module.

Product: SAP NetWeaver

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-42944

NVD References: https://url.sap/sapsecuritypatchday

CVE-2025-42958 - SAP NetWeaver application on IBM i-series allows high privileged unauthorized users to access sensitive information, resulting in a high impact on confidentiality, integrity, and availability.

Product: SAP NetWeaver

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-42958

NVD References: https://url.sap/sapsecuritypatchday

CVE-2025-40795 - SIMATIC PCS neo V4.1, SIMATIC PCS neo V5.0, and User Management Component (UMC) versions prior to V2.15.1.3 are vulnerable to a stack-based buffer overflow, enabling remote attackers to execute arbitrary code or trigger a denial of service attack.

Product: Siemens SIMATIC PCS neo

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-40795

NVD References: https://cert-portal.siemens.com/productcert/html/ssa-722410.html

CVE-2025-40804 - SIMATIC Virtualization as a Service (SIVaaS) allows attackers to access or alter sensitive data through an exposed network share without authentication.

Product: SIMATIC Virtualization as a Service (SIVaaS)

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-40804

NVD References: https://cert-portal.siemens.com/productcert/html/ssa-534283.html

CVE-2025-54236 - Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are vulnerable to an Improper Input Validation issue, allowing attackers to achieve session takeover without requiring user interaction.

Product: Adobe Commerce

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54236

NVD References: https://helpx.adobe.com/security/products/magento/apsb25-88.html

CVE-2025-54261 - ColdFusion versions 2025.3, 2023.15, 2021.21 and earlier are vulnerable to Path Traversal, allowing attackers to execute arbitrary code.

Product: Adobe ColdFusion

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54261

NVD References: https://helpx.adobe.com/security/products/coldfusion/apsb25-93.html

CVE-2025-9994 - The Amp’ed RF BT-AP 111 Bluetooth access point lacks an authentication feature in its HTTP admin interface, enabling unauthorized access from anyone on the network.

Product: Amp'ed RF BT-AP 111 Bluetooth access point

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-9994

CVE-2025-10183 - TecCom TecConnect 4.1 is vulnerable to a blind XXE injection, allowing unauthenticated attackers to exfiltrate files to a remote server, with end-of-life scheduled for December 2023.

Product: TecCom TecConnect 4.1

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-10183

CVE-2025-55232 - Microsoft High Performance Compute Pack (HPC) is vulnerable to code execution over a network due to deserialization of untrusted data.

Product: Microsoft High Performance Compute Pack (HPC)

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-55232

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55232

CVE-2025-57085 - Tenda W30E V16.01.0.19 (5037) is vulnerable to a stack overflow in the v17 parameter, allowing attackers to cause a DoS through a crafted request.

Product: Tenda W30E

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-57085

CVE-2025-10432 - Tenda AC1206 15.03.06.23 is vulnerable to a stack-based buffer overflow in the function check_param_changed of the file /goform/AdvSetMacMtuWa, allowing for remote exploitation through manipulation of the argument wanMTU.

Product: Tenda AC1206

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-10432

CVE-2025-55727 through CVE-2025-55730 - XWiki Remote Macros multiple remote code execution vulnerabilities

Product: XWiki Remote Macros

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-55727

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-55728

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-55729

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-55730

CVE-2025-44594 - halo v2.20.17 and before is vulnerable to server-side request forgery (SSRF) in /apis/uc.api.storage.halo.run/v1alpha1/attachments/-/upload-from-url.

Product: Nozomi Networks halo

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-44594

CVE-2025-58762 - Tautulli allows an attacker with administrative access to write arbitrary python scripts into the application filesystem, leading to remote code execution via the `pms_image_proxy` endpoint in versions 2.15.3 and earlier.

Product: Tautulli Plex Media Server

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-58762

CVE-2025-57633 - FTP-Flask-python through 5173b68 is vulnerable to unauthenticated remote attackers executing arbitrary OS commands via the /ftp.html endpoint's "Upload File" action.

Product: FTP-Flask-python Vulnerable Product

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-57633

CVE-2025-58462 - OPEXUS FOIAXpress Public Access Link (PAL) before version 11.13.1.0 is vulnerable to SQL injection, allowing a remote attacker to manipulate the database.

Product: OPEXUS FOIAXpress Public Access Link (PAL)

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-58462

CVE-2025-58768 - DeepChat is vulnerable to a command execution exploit due to improper handling of user content in the Mermaid chart rendering component.

Product: DeepChat Mermaid chart rendering component

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-58768

CVE-2025-58447 - rAthena has a heap-based buffer overflow vulnerability in the login server, allowing remote attackers to achieve denial of service and potentially remote code execution prior to commit 2f5248b.

Product: rAthena

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-58447

CVE-2025-58448 - rAthena is vulnerable to SQL Injection in the PartyBooking component via the `WorldName` parameter in versions prior to commit 0d89ae0.

Product: rAthena

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-58448

CVE-2025-59046 - The npm package `interactive-git-checkout` is vulnerable to a command injection due to improper input validation in versions up to 1.1.4, but the issue is fixed in commit 8dd832dd302af287a61611f4f85e157cd1c6bb41.

Product: npm interactive-git-checkout

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-59046

CVE-2025-9943 - Shibboleth Service Provider through 3.5.0 is vulnerable to SQL injection via the "ID" attribute of the SAML response, allowing for unauthenticated attackers to extract arbitrary data from the database if configured to use the ODBC plugin.

Product: Shibboleth Service Provider

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-9943

CVE-2025-10220 - AxxonSoft Axxon One VMS 2.0.0 through 2.0.4 on Windows is vulnerable to remote code execution due to the use of unmaintained third-party components like Google.Protobuf and DynamicData.

Product: AxxonSoft Axxon One

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-10220

NVD References: https://www.axxonsoft.com/legal/axxonsoft-vulnerability-disclosure-policy/security-advisories

CVE-2025-10226 - AxxonSoft Axxon One 2.0.8 and earlier on Windows and Linux is vulnerable to privilege escalation, arbitrary code execution, and denial-of-service attacks due to a dependency on vulnerable third-party components in the PostgreSQL backend.

Product: AxxonSoft Axxon One

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-10226

NVD References: https://www.axxonsoft.com/legal/axxonsoft-vulnerability-disclosure-policy/security-advisories

CVE-2025-54123 - Hoverfly is vulnerable to command injection at `/api/v2/hoverfly/middleware` endpoint in versions 1.11.3 and prior, allowing remote code execution on any system running the service.

Product: Hoverfly API simulation tool

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54123

CVE-2025-58321 - Delta Electronics DIALink has an Directory Traversal Authentication Bypass Vulnerability.

Product: Delta Electronics DIALink

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-58321

CVE-2025-40687, CVE-2025-40689 through CVE-2025-40692 - Online Fire Reporting System v1.2 by PHPGurukul contains multiple SQL Injection vulnerabilities

Product: Phpgurukul Online Fire Reporting System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-40687

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-40689

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-40690

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-40691

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-40692

CVE-2025-57118 - An issue in PHPGurukul Online-Library-Management-System v3.0 allows an attacker to escalate privileges via the index.php

Product: PHPGurukul Online-Library-Management-System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-57118

CVE-2025-27466, CVE-2025-58142, & CVE-2025-58143 - The viridian code has multiple vulnerabilities related to guest memory page handling and access.

Product Name: Viridian code

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27466

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-58142

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-58143

CVE-2025-59053 - AIRI is vulnerable to cross-site scripting (XSS) and arbitrary command execution via the Tauri API in versions prior to v0.7.2-beta.3.

Product: AIRI Grok Companion

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-59053

CVE-2025-10264 - Digiever NVR models have an Exposure of Sensitive Information vulnerability, enabling unauthorized remote access to plaintext credentials.

Product: Digiever NVR (Network Video Recorder)

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-10264

NVD References: https://www.twcert.org.tw/en/cp-139-10376-a057c-2.html

CVE-2025-10266 - NUP Pro by NewType Infortech is vulnerable to SQL Injection, enabling unauthorized attackers to manipulate database data with injected SQL commands.

Product: NewType Infortech NUP Pro

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-10266

NVD References: https://www.twcert.org.tw/en/cp-139-10378-4fd0d-2.html

CVE-2025-8699 - KioSoft's "Stored Value" Unattended Payment Solutions are vulnerable to NFC card manipulation, allowing attackers to alter card balances and generate money up to $655.35.

Product: KioSoft Stored Value Unattended Payment Solutions

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-8699

CVE-2025-9556 - Langchaingo is vulnerable to a server side template injection allowing attackers to read the "etc/passwd" file by inserting statements into prompts.

Product: Langchaingo Gonja

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-9556

CVE-2025-55835 - File Upload vulnerability in SueamCMS v.0.1.2 allows a remote attacker to execute arbitrary code via the lack of filtering.

Product: SueamCMS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-55835

CVE-2024-45434 - OpenSynergy BlueSDK (aka Blue SDK) through 6.x is vulnerable to a Use-After-Free in the Bluetooth stack, allowing remote code execution by leveraging the lack of object validation before performing operations.

Product: OpenSynergy BlueSDK

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45434

CVE-2025-58434 - Flowise exposes sensitive information in the `forgot-password` endpoint, allowing for unauthorized password resets and potential account takeovers.

Product: Flowise

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-58434

CVE-2025-45583 - Audi UTR 2.0 Universal Traffic Recorder 2.0 has incorrect access control in its FTP protocol, enabling attackers to authenticate with any username and password.

Product: Audi UTR 2.0 Universal Traffic Recorder 2.0

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-45583

CVE-2025-10392 - Mercury KM08-708H GiGA WiFi Wave2 1.1.14 is vulnerable to a remote stack-based buffer overflow via manipulation of the Host argument in the HTTP Header Handler component, with a public exploit now available.

Product: Mercury KM08-708H GiGA WiFi Wave2

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-10392

CVE-2025-10452 - Gotac's Statistical Database System has a Missing Authentication vulnerability that enables unauthenticated remote attackers to access, modify, and delete database contents with elevated privileges.

Product: Gotac Statistical Database System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-10452

NVD References: https://www.twcert.org.tw/en/cp-139-10380-1ce73-2.html

CVE-2025-59359, CVE-2025-59360, CVE-2025-59361 - Chaos Controller Manager has multiple OS command injection vulnerabilities.

Product: Chaos Controller Manager

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-59359

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-59360

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-59361

CVE-2025-52053 - TOTOLINK X6000R V9.4.0cu.1360_B20241207 is vulnerable to command injection via the file_name parameter, allowing unauthenticated attackers to execute arbitrary commands.

Product: TOTOLINK X6000R

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-52053

CVE-2025-57174 - Siklu Communications Etherhaul 8010TX and 1200FX devices are vulnerable to attacks due to hardcoded static AES encryption keys in the rfpiped service, allowing attackers to execute arbitrary commands without authentication.

Product: Siklu Communications Etherhaul 8010TX and 1200FX devices

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-57174

CVE-2025-4688 - SINAV.LINK Exam Result Module before 1.2 is vulnerable to SQL Injection due to improper neutralization of special elements in SQL commands.

Product: BGS Interactive SINAV.LINK Exam Result Module

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4688

CVE-2025-7743 - Cleartext Transmission of Sensitive Information vulnerability in Dolusoft Omaspot allows Interception, Privilege Escalation.This issue affects Omaspot: before 12.09.2025.

Product: Dolusoft Omaspot

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-7743

CVE-2025-7744 - Dolusoft Omaspot is vulnerable to SQL Injection before 12.09.2025.

Product: Dolusoft Omaspot

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-7744

CVE-2025-55109 - Control-M/Agent is vulnerable to an authentication bypass when using empty or default kdb keystore or default PKCS#12 keystore, allowing a remote attacker with access to a signed third-party or demo certificate to bypass the need for organization's certificate authority during authentication.

Product: BMC Control-M/Agent

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-55109

CVE-2025-55113 - Control-M/Agent vulnerability in ACL enforcement allows attackers to bypass configured ACLs by exploiting NULL byte in email address in client certificate verification.

Product: BMC Software Control-M/Agent

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-55113

CVE-2025-8276 - Patika Global Technologies HumanSuite before 53.21.0 is vulnerable to various types of injection attacks, allowing for input data manipulation, code injection, and reflection injection.

Product: Patika Global Technologies HumanSuite

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-8276

CVE-2024-13149 - Arma Store Armalife allows SQL Injection, exposing sensitive information to unauthorized actors through 20250916.

Product: Arma Store Armalife

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13149

CVE-2025-41243 - Spring Cloud Gateway Server Webflux is vulnerable to Spring Environment property modification if certain conditions are met.

Product: Spring Cloud Gateway Server Webflux

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-41243

CVE-2025-59334 - Linkr allows arbitrary file injection and potential remote code execution due to lack of manifest file integrity verification in versions through 2.0.0, but version 2.0.1 and later includes a manifest integrity check to prevent this vulnerability.

Product: Linkr

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-59334

CVE-2025-10134 - The Goza - Nonprofit Charity WordPress Theme for WordPress allows unauthenticated attackers to delete arbitrary files on the server, leading to potential remote code execution.

Product: Goza Nonprofit Charity WordPress Theme

Active Installations: Unknown. Update to version 3.2.3, or a newer patched version

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-10134

NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/73efd9ad-9515-4ca8-bfb3-1d478f39c2b9?source=cve

CVE-2025-47569 - WooCommerce Ultimate Gift Card - Create, Sell and Manage Gift Cards with Customized Email Templates is vulnerable to SQL Injection from version n/a through 2.8.10.

Product: WPSwings WooCommerce Ultimate Gift Card

Active Installations: 7,000+

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47569

NVD References: https://patchstack.com/database/wordpress/plugin/woocommerce-ultimate-gift-card/vulnerability/wordpress-woocommerce-ultimate-gift-card-plugin-2-8-10-sql-injection-vulnerability?_s_id=cve

CVE-2025-47579 - Deserialization of Untrusted Data vulnerability in ThemeGoods Photography. This issue affects Photography: from n/a through 7.5.2.

Product: ThemeGoods Photography

Active Installations: Unknown

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47579

NVD References: https://patchstack.com/database/wordpress/theme/photography/vulnerability/wordpress-photography-theme-7-5-2-unauthenticated-php-object-injection-vulnerability?_s_id=cve

CVE-2025-58997 - Cross-Site Request Forgery (CSRF) vulnerability in Frenify Mow allows Code Injection. This issue affects Mow: from n/a through 4.10.

Product: Frenify Mow

Unknown

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-58997

NVD References: https://patchstack.com/database/wordpress/theme/mow/vulnerability/wordpress-mow-theme-4-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

CVE-2025-8570 - The BeyondCart Connector plugin for WordPress is vulnerable to Privilege Escalation allowing unauthenticated attackers to assume any user’s identity.

Product: Beyond Security BeyondCart Connector plugin for WordPress

Active Installations: This plugin has been closed as of September 10, 2025 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-8570

NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/d0dd4fc0-1c6a-4556-b219-893563a27a69?source=cve