SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
Exploit Attempts Against Older Hikvision Camera Vulnerability
Published: 2025-09-24
Last Updated: 2025-09-24 15:11:36 UTC
by Johannes Ullrich (Version: 1)
I notice a new URL showing up in our web honeypot logs, which looked a bit interesting ...
The auth" string caught my attention, in particular as it was followed by a base64 encoded string. The string decodes to admin:11.
This "auth" string has been around for a while for a number of Hikvision-related URLs. Until this week, the particular URL never hit our threshold to be included in our reports. So far, the "configurationFile" URL has been the most popular. It may give access to additional sensitive information ...
Read the full entry: https://isc.sans.edu/diary/Exploit+Attempts+Against+Older+Hikvision+Camera+Vulnerability/32316/
[Guest Diary] Distracting the Analyst for Fun and Profit
Published: 2025-09-23
Last Updated: 2025-09-23 12:55:18 UTC
by Jesse La Grew (Version: 1)
[This is a Guest Diary by Taylor House, an ISC intern as part of the SANS.edu Bachelor's Degree in Applied Cybersecurity (BACS) program.]
Distributed denial of service (DDoS) attacks are a type of cyber-attack where the threat actor attempts to disrupt a service by flooding the target with a ton of requests to overload system resources and prevent legitimate traffic from reaching it. From March 31st until April 20th of this year, my honeypot went under a constant barrage of TCP SYN packets over port 443. This post seeks to go over this attack and share observations proving how looks can be deceiving.
In total, this attack sent 2389339 packets from 6039 hosts. The attack came over a series of three waves, with no relation other than the destination port and the flag that was set. A sample was taken from the first of these waves, and each packet was found to have these properties:
* A total length of 60 bytes.
* Targeted port 443 using the TCP protocol.
* Had the SYN flag and no other flags set.
* Had a window size of 32768.
* Had a maximum segment size of 1460 bytes.
* A trailer in the Ethernet header containing 2 bytes of padding ...
Read the full entry: https://isc.sans.edu/diary/Guest+Diary+Distracting+the+Analyst+for+Fun+and+Profit/32308/
Exploring Uploads in a Dshield Honeypot Environment [Guest Diary]
Published: 2025-09-18
Last Updated: 2025-09-18 00:49:09 UTC
by Guy Bruneau (Version: 1)
[This is a Guest Diary by Nathan Smisson, an ISC intern as part of the SANS.edu BACS program]
The goal of this project is to test the suitability of various data entry points within the dshield ecosystem to determine which metrics are likely to yield consistently interesting results. This article explores analysis of files uploaded to the cowrie honeypot server. Throughout this project, a number of tools have been developed to aid in improving workflow efficiency for analysts conducting research using a cowrie honeypot. Here, a relatively simple tool called upload-stats is used to enumerate basic information about the files in the default cowrie ‘downloads’ directory ...
The configuration of my honeypot is intentionally very typical, closely following the installation and setup guide on https://github.com/DShield-ISC/dshield/tree/main. The node in use for the purposes of this article is was set up on an EC2 instance in the AWS us-east-1 zone, which is old and very large, even by AWS standards.
Part 1: Identified Shell Script Investigation
The upload-stats tool works by enumerating some basic information about the files present in the downloads directory and printing it along with any corresponding information discovered in the honeypot event logs. If the logs are still present on the system, it will automatically identify information such as source IP, time of upload, and other statistics that can aid in further exploration of interesting-looking files.
Given no arguments, the tool produces a quick summary of the files available on the system ...
Read the full entry: https://isc.sans.edu/diary/Exploring+Uploads+in+a+Dshield+Honeypot+Environment+Guest+Diary/32296/
Help Wanted: What are these odd requests about? (2025.09.21)
https://isc.sans.edu/diary/Help+Wanted+What+are+these+odd+requests+about/32302/
Apple Updates Everything - iOS/macOS 26 Edition (2025.09.15)
https://isc.sans.edu/diary/Apple+Updates+Everything+iOSmacOS+26+Edition/32286/
Microsoft Patch Tuesday September 2025 (2025.09.09)
https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+September+2025/32270/
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.
CVE-2025-26399 - SolarWinds Web Help Desk is vulnerable to a remote code execution flaw that allows unauthenticated attackers to run commands on the host machine through an unauthenticated AjaxProxy deserialization.
Product: SolarWinds Web Help Desk
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26399
ISC Podcast: https://isc.sans.edu/podcastdetail/9626
NVD References:
- https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26399
CVE-2024-28986 - SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
Product: Solarwinds Web_Help_Desk 12.8.3
CVSS Score: 0
** KEV since 2024-08-15 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28986
ISC Podcast: https://isc.sans.edu/podcastdetail/9626
NVD References: https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28986
CVE-2024-28988 - SolarWinds Web Help Desk is susceptible to a Java Deserialization Remote Code Execution vulnerability, allowing attackers to run commands on the host machine.
Product: SolarWinds Web Help Desk
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28988
ISC Podcast: https://isc.sans.edu/podcastdetail/9626
CVE-2019-0211 - Apache HTTP Server Privilege Escalation Vulnerability
Product: Oracle Retail_Xstore_Point_Of_Service 7.1
CVSS Score: 0
** KEV since 2021-11-03 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2019-0211
ISC Diary: https://isc.sans.edu/diary/32308
CVE-2025-10585 - Google Chromium contains a type confusion vulnerability in the V8 JavaScript and WebAssembly engine.
Product: Google Chromium V8
CVSS Score: 8.8
** KEV since 2025-09-23 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-10585
References:
- https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_17.html
- https://thehackernews.com/2025/09/google-patches-chrome-zero-day-cve-2025.html
CVE-2025-4688 - SINAV.LINK Exam Result Module before 1.2 is vulnerable to SQL Injection due to improper neutralization of special elements in SQL commands.
Product: BGS Interactive SINAV.LINK Exam Result Module
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4688
CVE-2025-7743 - Cleartext Transmission of Sensitive Information vulnerability in Dolusoft Omaspot allows Interception, Privilege Escalation.This issue affects Omaspot: before 12.09.2025.
Product: Dolusoft Omaspot
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-7743
CVE-2025-7744 - Dolusoft Omaspot is vulnerable to SQL Injection before 12.09.2025.
Product: Dolusoft Omaspot
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-7744
CVE-2025-55109 - Control-M/Agent is vulnerable to an authentication bypass when using empty or default kdb keystore or default PKCS#12 keystore, allowing a remote attacker with access to a signed third-party or demo certificate to bypass the need for organization's certificate authority during authentication.
Product: BMC Control-M/Agent
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-55109
NVD References:
- https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000441963
- https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000442099
CVE-2025-55113 - Control-M/Agent vulnerability in ACL enforcement allows attackers to bypass configured ACLs by exploiting NULL byte in email address in client certificate verification.
Product: BMC Control-M/Agent
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-55113
NVD References:
- https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000441967
- https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000442099
CVE-2025-57119 - Online Library Management System v.3.0 is vulnerable to privilege escalation through the adminlogin.php component and the Login function.
Product: PHPGurukul Online Library Management System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-57119
CVE-2025-56074 - PHPGurukul Park Ticketing Management System v2.0 is vulnerable to SQL Injection via the fromdate parameter in a POST request.
Product: PHPGurukul Park Ticketing Management System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-56074
CVE-2025-8276 - Patika Global Technologies HumanSuite before 53.21.0 is vulnerable to various types of injection attacks, allowing for input data manipulation, code injection, and reflection injection.
Product: Patika Global Technologies HumanSuite
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-8276
CVE-2024-13149 - Arma Store Armalife allows SQL Injection, exposing sensitive information to unauthorized actors through 20250916.
Product: Arma Store Armalife
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13149
CVE-2025-41243 - Spring Cloud Gateway Server Webflux is vulnerable to Spring Environment property modification if certain conditions are met.
Product: Spring Cloud Gateway Server Webflux
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-41243
NVD References: https://spring.io/security/cve-2025-41243
CVE-2025-59334 - Linkr allows arbitrary file injection and potential remote code execution due to lack of manifest file integrity verification in versions through 2.0.0, but version 2.0.1 and later includes a manifest integrity check to prevent this vulnerability.
Product: Linkr
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-59334
CVE-2025-56557 - Tuya Smart Life App 5.6.1 allows attackers to unprivileged control Matter devices through the Matter protocol.
Product: Tuya Smart Life App
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-56557
CVE-2025-57631 - TDuckCloud v.5.1 is vulnerable to SQL Injection, allowing remote attackers to execute arbitrary code through the Add a file upload module.
Product: TDuckCloud
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-57631
CVE-2025-54391 - Zimbra Collaboration (ZCS) has a vulnerability that allows an attacker to bypass Two-Factor Authentication (2FA) protection with valid user credentials.
Product: Zimbra Collaboration (ZCS)
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54391
NVD References:
- https://wiki.zimbra.com/wiki/Security_Center
- https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
CVE-2025-9971 - Planet Technology's Industrial Cellular Gateway has a Missing Authentication vulnerability that enables unauthenticated remote attackers to manipulate the device through a specific functionality.
Product: Planet Technology Industrial Cellular Gateway
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-9971
NVD References:
- https://www.planet.com.tw/en/support/security-advisory/8
- https://www.twcert.org.tw/en/cp-139-10390-7ce12-2.html
CVE-2025-9972 - N-Reporter, N-Cloud, and N-Probe by N-Partner are vulnerable to OS Command Injection, enabling authenticated remote attackers to execute arbitrary commands on the server.
Product: N-Partner N-Reporter
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-9972
NVD References:
- https://www.planet.com.tw/en/support/security-advisory/8
- https://www.twcert.org.tw/en/cp-139-10390-7ce12-2.html
CVE-2025-10439 - Yordam Library Automation System is vulnerable to SQL Injection in versions 21.5 through 21.6, allowing for improper neutralization of special elements in SQL commands.
Product: Yordam Informatics Yordam Library Automation System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-10439
CVE-2025-8077 - NeuVector versions up to and including 5.4.5 have a vulnerability where the default password for the `admin` account can be exploited by any workload with network access in the cluster.
Product: NeuVector
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-8077
CVE-2025-59304 - Swetrix Web Analytics API 3.1.1 before 7d8b972 is vulnerable to a directory traversal issue that enables Remote Code Execution through a malicious HTTP request.
Product: Swetrix Web Analytics API
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-59304
CVE-2025-58766 - Dyad, a local AI app builder, had a critical security vulnerability in versions v0.19.0 and earlier, allowing attackers to execute arbitrary code through the preview window functionality.
Product: Dyad
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-58766
CVE-2025-59340 - Jinjava is vulnerable to remote code execution prior to version 2.8.1 due to deserializing attacker-controlled input into arbitrary classes, allowing for access to local files and URLs.
Product: Jinja jinjava
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-59340
CVE-2025-59352 - Dragonfly version prior to 2.1.0 is vulnerable to RCE attacks through gRPC and HTTP APIs, allowing peers to access secret data and execute code on the recipient's machine.
Product: Linux Foundation Dragonfly
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-59352
CVE-2025-23316 - NVIDIA Triton Inference Server is vulnerable to remote code execution through manipulation of the model name parameter in the Python backend.
Product: NVIDIA Triton Inference Server
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-23316
NVD References: https://nvidia.custhelp.com/app/answers/detail/a_id/5691
CVE-2024-13151 - Logo Software Diva is vulnerable to Authorization Bypass through User-Controlled SQL Primary Key, allowing for SQL Injection attacks up to version 4.56.00.00.
Product: Logo Software Diva
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13151
CVE-2025-30519 - Dover Fueling Solutions ProGauge MagLink LX4 Devices have default root credentials that cannot be changed, allowing attackers with network access to gain administrative control.
Product: Dover Fueling Solutions ProGauge MagLink LX4 Devices
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30519
NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-25-261-07
CVE-2025-54807 - Device firmware for affected versions Dover Fueling Solutions ProGauge MagLink LX has a hardcoded signing key, allowing attackers to bypass authentication and gain full system access.
Product: Dover Fueling Solutions ProGauge MagLink LX4 Devices
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54807
NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-25-261-07
CVE-2025-10035 - Fortra's GoAnywhere MFT is susceptible to a deserialization vulnerability, which enables an actor to inject commands by deserializing an arbitrary object with a forged license response signature.
Product: Fortra GoAnywhere MFT
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-10035
NVD References: https://www.fortra.com/security/advisories/product-security/fi-2025-012
CVE-2025-57644 - Accela Automation Platform 22.2.3.0.230103 is vulnerable to remote code execution, arbitrary file write, and server-side request forgery, potentially leading to full server compromise and unauthorized access to sensitive data.
Product: Accela Automation Platform
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-57644
CVE-2025-48703 - CWP before 0.9.8.1205 allows unauthenticated remote code execution via shell metacharacters in a filemanager changePerm request.
Product: CWP (CentOS Web Panel)
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48703
CVE-2025-40925 - Starch versions 0.14 and earlier generate session ids insecurely, potentially allowing attackers to gain access to systems.
Product: Starch versions 0.14
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-40925
CVE-2025-35042 - Airship AI Acropolis has a default administrative account with the same credentials on every installation, leaving instances open to remote attacks if the password is not changed, fixed in versions 10.2.35, 11.0.21, and 11.1.9.
Product: Airship AI Acropolis
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-35042
CVE-2025-57432 - Blackmagic Web Presenter version 3.3 allows remote attackers to manipulate stream settings through an unauthenticated Telnet service on port 9977.
Product: Blackmagic Web Presenter
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-57432
CVE-2025-57437 - The Blackmagic Web Presenter HD firmware version 3.3 exposes sensitive information through an unauthenticated Telnet service, allowing for potential live stream hijacking and network reconnaissance.
Product: Blackmagic Design Blackmagic Web Presenter HD
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-57437
CVE-2025-57441 - The Blackmagic ATEM Mini Pro 2.7 exposes sensitive device and stream configuration information through an unauthenticated Telnet service on port 9990, allowing attackers to plan further attacks.
Product: Blackmagic ATEM Mini Pro
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-57441
CVE-2025-57601 & CVE-2025-57602 - AiKaan Cloud Controller and IoT management platform hardcoded credentials vulnerabilities.
Product: AiKaan Cloud Controller and IoT Management Platform
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-57601
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-57602
CVE-2025-59434 - Flowise had an authenticated vulnerability prior to August 2025 that allowed users on the free tier to access sensitive environment variables from other tenants, resulting in cross-tenant data exposure.
Product: Cloud-Hosted Flowise
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-59434
CVE-2025-59528 - Flowise version 3.0.5 is vulnerable to remote code execution due to insecure handling of user input in the CustomMCP node, allowing attackers to execute JavaScript code with full Node.js runtime privileges.
Product: Flowise
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-59528
CVE-2025-9588 - Iron Mountain Archiving Services Inc. EnVision is vulnerable to OS Command Injection before version 250563.
Product: Iron Mountain Archiving Services Inc enVision
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-9588
CVE-2025-9846 - Inka.Net before 6.7.1 allows for unrestricted upload of files with dangerous types, leading to command injection vulnerabilities in TalentSys Consulting Information Technology Industry Inc.
Product: TalentSys Consulting Information Technology Industry Inc Inka.Net
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-9846
CVE-2025-59545 - DNN (formerly DotNetNuke) allows potential script execution through the Prompt module prior to version 10.1.0.
Product: DNN (DotNetNuke) Prompt module
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-59545
CVE-2025-6198 & CVE-2025-7937 - Supermicro MBD-X13SEM-F and MBD-X12STW Improper Verification of Cryptographic Signature vulnerabilities.
Product: Supermicro MBD-X13SEM-F and MBD-X12STW
CVSS Scores: 6.4 - 6.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-6198
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-7937
ISC Podcast: https://isc.sans.edu/podcastdetail/9626
NVD References: https://www.supermicro.com/en/support/security_BMC_IPMI_Sept_2025
CVE-2025-9242 - WatchGuard Fireware OS is vulnerable to an out-of-bounds write flaw, potentially enabling remote attackers to run arbitrary code.
Product: WatchGuard Fireware OS
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-9242
ISC Podcast: https://isc.sans.edu/podcastdetail/9618
NVD References: https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00015
CVE-2021-44790 - Apache HTTP Server is susceptible to a buffer overflow in the mod_lua multipart parser.
Product: Apache HTTP Server 2.4.51 and earlier
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-44790
ISC Diary: https://isc.sans.edu/diary/32308
CVE-2011-3607 - Apache HTTP Server versions 2.0.x through 2.0.64 and 2.2.x through 2.2.21 allow local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive.
Product: Apache Http_Server 2.2.21
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2011-3607
ISC Diary: https://isc.sans.edu/diary/32308
CVE-2017-9798 - Apache httpd allows remote attackers to read secret data from process memory through a vulnerability known as Optionsbleed, affecting versions 2.2.34 and 2.4.x, by exploiting a use-after-free issue via unauthenticated OPTIONS HTTP requests.
Product: Apache httpd
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2017-9798
ISC Diary: https://isc.sans.edu/diary/32308
CVE-2025-55241 - Azure Entra Elevation of Privilege Vulnerability
Product: Microsoft Azure Entra
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-55241
ISC Podcast: https://isc.sans.edu/podcastdetail/9618
CVE-2025-5305 - The Password Reset with Code for WordPress REST API WordPress plugin lacks secure OTP code generation, posing a risk of account takeovers.
Product: Password Reset with Code WordPress Plugin
Active Installations: 1,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-5305
NVD References: https://wpscan.com/vulnerability/dcf5c003-91b0-4e7d-89f3-7459d8f01153/
CVE-2025-8942 - The WP Hotel Booking WordPress plugin before 2.2.3 allows attackers to manipulate review ratings by intercepting and modifying requests.
Product: WP Hotel Booking WordPress plugin
Active Installations: 8,000+
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-8942
CVE-2025-9083 - The Ninja Forms WordPress plugin before 3.11.1 allows unauthenticated users to perform PHP Object Injection through user input in form fields.
Product: Ninja Forms WordPress plugin
Active Installations: 600,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-9083
CVE-2025-10690 - The Goza - Nonprofit Charity WordPress Theme is vulnerable to unauthorized arbitrary file uploads, allowing attackers to execute remote code by uploading disguised webshells as plugins.
Product: Goza Nonprofit Charity WordPress Theme
Active Installations: Unknown. Update to version 3.2.3, or a newer patched version.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-10690
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/628bfa19-2ffa-426b-8b88-22a0c4d0ba92?source=cve
CVE-2025-5948 - The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation through account takeover, allowing unauthenticated attackers to login as any user, including admins, by exploiting the claim_business AJAX action.
Product: WordPress Service Finder Bookings plugin
Active Installations: Unknown.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-5948
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/7eb018bc-2650-4e0d-8da9-325eac826d45?source=cve
CVE-2025-9321 - The WPCasa plugin for WordPress is vulnerable to Code Injection up to version 1.4.1, allowing unauthenticated attackers to execute arbitrary functions and code.
Product: WPCasa WordPress plugin
Active Installations: 1,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-9321
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/c1001b2b-395a-44ee-827e-6e57f7a50218?source=cve
CVE-2025-10147 - The Podlove Podcast Publisher plugin for WordPress allows unauthenticated attackers to upload arbitrary files, potentially leading to remote code execution.
Product: Podlove Podcast Publisher plugin for WordPress
Active Installations: 4,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-10147
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/093058f1-c717-424f-9bd5-4838df8d20a1?source=cve
CVE-2025-10412 - The Uni CPO (Premium) plugin for WordPress is vulnerable to arbitrary file uploads, allowing unauthenticated attackers to potentially execute remote code.
Product: WooCommerce Uni CPO (Premium) plugin
Active Installations: 1,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-10412
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/1c0c6a45-2c4a-4a23-84e6-7a9759796824?source=cve
Unpatched software is one of the easiest ways attackers get in. ThreatLocker® Patch Management gives you visibility into vulnerabilities across your network and ensures applications stay secure with timely updates. Take control of your attack surface and reduce risk before it’s exploited.
Webcast | 2025 Attack Surface & Vulnerability Management Survey: Hackers Don’t Wait—Why Should We? | Wednesday, October 22, 2025 at 10:30 AM Uncover hidden exposures across your environment and learn practical methods to shrink your attack surface before adversaries exploit it.
Webcast | Fall Cyber Solutions Fest: SOC Track | Wednesday, November 5, 2025 at 9:30AM ET See how leading SOCs are evolving detection, automation, and analyst workflows to outpace modern threats.
Webcast | ICS/OT Survey Webcast & Forum: The State of ICS/OT Cybersecurity | Wednesday, November 19, 2025 at 10:30AM ET Get exclusive benchmarks on how industrial and OT security leaders are defending critical infrastructure in today’s high-risk landscape.