The Consensus Security Vulnerability Alert

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

An unusual "shy z-wasp" phishing

Published: 2025-01-27

Last Updated: 2025-01-27 10:45:52 UTC

by Jan Kopriva (Version: 1)

Threat actors who send out phishing messages have long ago learned that zero-width characters and unrendered HTML entities can be quite useful to them. Inserting a zero-width character into a hyperlink can be used to bypass some URL security checks without any negative impact on the function of the link, while any unrendered entities can be used to break up any suspicious words or sentences that might lead to the message being classified as a potential phishing, without the recipient being aware of their inclusion.

One of the better-known techniques that depend on the use of zero-width characters (e.g., a Zero-Width Space – ​ a Zero-Width Non-Joiner – ‌ a Zero-Width Joiner – ‍ etc.) was named Z-WASP by the researchers in Avanan who first discovered it being used to bypass O365 security filters in 2018 [1]. Nevertheless, the aforementioned practice of using “invisible” characters in phishing messages is far older – for example, the soft hyphen or “SHY” html entity (­) has been used by threat actors at least since 2010[2].

Both of these techniques are relevant to the topic of today’s diary – an interesting phishing message that arrived in our hander mailbox late last week.

At first glance, it looked like any other run of the mill phishing message (apart from the use of an unusually small font and a somewhat difficult to see red spot under the “KEEP MY PASSWORD” link) ...

Read the full entry: https://isc.sans.edu/diary/An+unusual+shy+zwasp+phishing/31626/

[Guest Diary] How Access Brokers Maintain Persistence

Published: 2025-01-24

Last Updated: 2025-01-24 00:42:06 UTC

by Joseph Flint, SANS.edu BACS Student (Version: 1)

[This is a Guest Diary by Joseph Flint, an ISC intern as part of the SANS.edu BACS program]

Access brokers are groups referred to that obtain initial access in compromised environments, establish persistence through different methods, and sell this access to secondary bad actor groups who contribute to follow up attacks.

CrowdStrike wrote an article outlining desired targets typically involved with compromises that were shown to come from an access broker group. They broke down the top 10 targeted sectors for access brokers by percentage and found the following:

21% Academic

15% Government

13% Technology

9% Financial Services

9% Healthcare

8% Energy

7% Manufacturing

7% Industrials & Engineering

6% Legal

5% Insurance

Is your organization, or an organizations security posture you manage a part of this profile? For most Cybersecurity professionals the answer will be an overwhelming yes due to several factors including budgets for internal companies and for various audit requirements. These findings directly put environments related to these fields at risk as bad actors are looking to buy access to these environments.

Proofpoint outlined some commonly observed persistence mechanisms that are utilized by cyber criminals including a SystemBC botnet which is observed routinely in different environments I have personally worked on and across honeypot systems. Many botnets are observed scanning the internet for previously infected hosts. One of these examples comes from my own honeypot. Observed traffic from a Digital Ocean hosted IP shows web URL requests looking for this previously mentioned SystemBC directories ...

Read the full entry: https://isc.sans.edu/diary/Guest+Diary+How+Access+Brokers+Maintain+Persistence/31600/

From PowerShell to a Python Obfuscation Race! (2025.01.29)

https://isc.sans.edu/diary/From+PowerShell+to+a+Python+Obfuscation+Race/31634/

Fileless Python InfoStealer Targeting Exodus (2025.01.28)

https://isc.sans.edu/diary/Fileless+Python+InfoStealer+Targeting+Exodus/31630/

XSS Attempts via E-Mail (2025.01.23)

https://isc.sans.edu/diary/XSS+Attempts+via+EMail/31620/

Catching CARP: Fishing for Firewall States in PFSync Traffic (2025.01.22)

https://isc.sans.edu/diary/Catching+CARP+Fishing+for+Firewall+States+in+PFSync+Traffic/31616/

The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

CVE-2025-23006 - SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC) are susceptible to pre-authentication deserialization vulnerability allowing remote attackers to execute arbitrary OS commands.

Product: SonicWall SMA8200V

CVSS Score: 9.8

** KEV since 2025-01-24 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-23006

ISC Podcast: https://isc.sans.edu/podcastdetail/9294

NVD References: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0002

CVE-2024-50050 - Llama Stack used pickle for socket communication serialization, enabling potential remote code execution before switching to JSON.

Product: Llama Stack prior to revision 7a8aa775e5a267cf8660d83140011a0b7f91e005

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50050

ISC Podcast: https://isc.sans.edu/podcastdetail/9296

CVE-2024-55591 - FortiOS and FortiProxy versions 7.0.0 through 7.0.16 and 7.2.0 through 7.2.12 are vulnerable to an Authentication Bypass Using an Alternate Path or Channel (CWE-288) that allows remote attackers to gain super-admin privileges via crafted requests to Node.js websocket module.

Product: Fortinet FortiOS

CVSS Score: 0

** KEV since 2025-01-14 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55591

ISC Podcast: https://isc.sans.edu/podcastdetail/9298

CVE-2024-32555 - Easy Real Estate has an Incorrect Privilege Assignment vulnerability allowing Privilege Escalation in versions up to 2.2.6.

Product: Easy Real Estate

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-32555

NVD References: https://patchstack.com/database/wordpress/plugin/easy-real-estate/vulnerability/wordpress-easy-real-estate-plugin-2-2-6-privilege-escalation-vulnerability?_s_id=cve

CVE-2024-49655 - ARPrice is vulnerable to SQL Injection in versions up to 4.0.3, allowing for improper neutralization of special elements in SQL commands.

Product: ARPrice

Active Installations: unknown

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49655

NVD References: https://patchstack.com/database/wordpress/plugin/arprice/vulnerability/wordpress-arprice-plugin-4-0-3-unauthenticated-sql-injection-vulnerability?_s_id=cve

CVE-2024-49688 - Deserialization of Untrusted Data vulnerability in ARPrice allows Object Injection. This issue affects ARPrice: from n/a through 4.0.3.

Product: ARPrice

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49688

NVD References: https://patchstack.com/database/wordpress/plugin/arprice/vulnerability/wordpress-arprice-plugin-4-0-3-unauthenticated-php-object-injection-vulnerability?_s_id=cve

CVE-2024-51818 - Fancy Product Designer through version 6.4.3 is vulnerable to SQL Injection, allowing attackers to manipulate database queries and potentially extract sensitive information.

Product: Fancy Product Designer

Active Installations: unknown

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51818

NVD References: https://patchstack.com/database/wordpress/plugin/fancy-product-designer/vulnerability/wordpress-fancy-product-designer-plugin-6-4-3-unauthenticated-sql-injection-vulnerability?_s_id=cve

CVE-2024-51919 - Fancy Product Designer allows for unrestricted upload of dangerous file types, impacting versions from n/a to 6.4.3.

Product: Fancy Product Designer

Active Installations: unknown

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51919

NVD References: https://patchstack.com/database/wordpress/plugin/fancy-product-designer/vulnerability/wordpress-fancy-product-designer-plugin-6-4-3-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-51888 - Homey Login Register from n/a through 2.4.0 is vulnerable to Incorrect Privilege Assignment, allowing for Privilege Escalation.

Product: Homey Login Register

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51888

NVD References: https://patchstack.com/database/wordpress/plugin/homey-login-register/vulnerability/wordpress-homey-login-register-plugin-2-4-0-privilege-escalation-vulnerability?_s_id=cve

CVE-2025-22553 - Multiple Carousel version n/a through 2.0 is vulnerable to SQL Injection due to improper neutralization of special elements in SQL commands.

Product: Multiple Carousel

Active Installations: unknown

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22553

NVD References: https://patchstack.com/database/wordpress/plugin/multicarousel/vulnerability/wordpress-multiple-carousel-plugin-2-0-sql-injection-vulnerability?_s_id=cve

CVE-2025-22723 - UkrSolution Barcode Scanner with Inventory & Order Manager allows attackers to upload a web shell to a web server due to unrestricted file type upload vulnerability.

Product: UkrSolution Barcode Scanner with Inventory & Order Manager

Active Installations: unknown

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22723

NVD References: https://patchstack.com/database/wordpress/plugin/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/vulnerability/wordpress-barcode-scanner-and-inventory-manager-plugin-1-6-7-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-54794 - The script input feature of SpagoBI 3.5.1 allows arbitrary code execution.

Product: SpagoBI

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54794

NVD References: https://github.com/MarioTesoro/CVE-2024-54794

CVE-2024-42936 - Ruijie RG-EW300N with firmware ReyeeOS 1.300.1422 is vulnerable to Remote Code Execution through a modified MQTT broker message.

Product: Ruijie RG-EW300N

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42936

NVD References: https://gist.github.com/smrx86/2008111b12ab47882b3928d0cbc9e415

CVE-2025-24024 - Mjolnir v1.9.0 allows unauthorized users to access server administration components if enabled, posing a security risk that is addressed in versions 1.9.1 and 1.9.2.

Product: Matrix Mjolnir

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24024

NVD References:

- https://github.com/matrix-org/mjolnir/commit/b437fa16b5425985715df861987c836affd51eea

- https://github.com/matrix-org/mjolnir/commit/d0ef527a9e3eb45e17143d5295a64b775ccaa23d

- https://github.com/matrix-org/mjolnir/security/advisories/GHSA-3jq6-xc85-m394

CVE-2024-55959 - Northern.tech Mender Client 4.x before 4.0.5 has Insecure Permissions.

Product: Northern.tech Mender Client

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55959

NVD References:

- https://Northern.tech

- https://mender.io/blog/cve-2024-55959

CVE-2025-21524 - The vulnerability in JD Edwards EnterpriseOne Tools product of Oracle JD Edwards allows an unauthenticated attacker to compromise the system.

Product: Oracle JD Edwards EnterpriseOne

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21524

NVD References: https://www.oracle.com/security-alerts/cpujan2025.html

CVE-2025-21535 - The Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core) is vulnerable to an easily exploitable vulnerability that allows unauthenticated attackers with network access via T3, IIOP to compromise the server and potentially take over.

Product: Oracle WebLogic Server

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21535

NVD References: https://www.oracle.com/security-alerts/cpujan2025.html

CVE-2025-21547 - Oracle Hospitality OPERA 5 product is vulnerable to an easily exploitable issue that allows unauthenticated attackers to compromise the system, resulting in unauthorized access to critical data and potential denial of service (DOS) attacks.

Product: Oracle Hospitality OPERA 5

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21547

NVD References: https://www.oracle.com/security-alerts/cpujan2025.html

CVE-2025-21556 - The vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain allows a low privileged attacker to compromise the framework via HTTP, potentially leading to a complete takeover with a CVSS score of 9.9.

Product: Oracle Agile PLM Framework

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21556

NVD References: https://www.oracle.com/security-alerts/cpujan2025.html

CVE-2023-27112 & CVE-2023-27113- pearProjectApi v2.8.10 was discovered to contain SQL injection vulnerabilities

Product: pearProjectApi

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-27112

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-27113

NVD References:

- https://github.com/a54552239/pearProjectApi/issues/32

- https://github.com/a54552239/pearProjectApi/issues/31

CVE-2024-45479 - Apache Ranger UI in Apache Ranger Version 2.4.0 is vulnerable to SSRF, users should upgrade to Apache Ranger 2.5.0.

Product: Apache Ranger

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45479

NVD References:

- https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger

- http://www.openwall.com/lists/oss-security/2025/01/21/4

CVE-2024-24421 - Magma <= 1.8.0 is vulnerable to a type confusion in the nas_message_decode function, allowing attackers to execute arbitrary code or cause a DoS via a crafted NAS packet.

Product: Magma

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-24421

NVD References: https://cellularsecurity.org/ransacked

CVE-2024-49747 - gatt_sr.cc in the GATTS service is vulnerable to out of bounds write, potentially leading to remote code execution without requiring additional privileges or user interaction.

Product: Google Android OS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49747

NVD References: https://source.android.com/security/bulletin/2025-01-01

CVE-2024-49748 - The vulnerable product has an out of bounds write vulnerability in gatts_process_primary_service_req, allowing for remote code execution without user interaction.

Product: Google Android

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49748

NVD References: https://source.android.com/security/bulletin/2025-01-01

CVE-2024-13091 - The WPBot Pro Wordpress Chatbot plugin is vulnerable to arbitrary file uploads leading to potential remote code execution.

Product: WPBot Pro Wordpress Chatbot plugin

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13091

NVD References:

- https://www.wordfence.com/threat-intel/vulnerabilities/id/0f9b6979-2662-4d2f-9656-b880dd80832c?source=cve

- https://www.wpbot.pro/

CVE-2024-12857 - The AdForest theme for WordPress is susceptible to an authentication bypass allowing unauthenticated attackers to impersonate any user if OTP login by phone number is enabled.

Product: Scriptsbundle AdForest theme

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12857

NVD References:

- https://themeforest.net/item/adforest-classified-wordpress-theme/19481695

- https://www.wordfence.com/threat-intel/vulnerabilities/id/4ff3b4f1-dd36-43d0-b472-55a940907437?source=cve

CVE-2025-23918 - Smallerik File Browser allows unrestricted upload of dangerous files, allowing for the upload of a web shell and potentially compromising a web server.

Product: Smallerik File Browser

Active Installations: This plugin has been closed as of January 8, 2025 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-23918

NVD References: https://patchstack.com/database/wordpress/plugin/smallerik-file-browser/vulnerability/wordpress-smallerik-file-browser-plugin-1-1-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2025-23921 - Multi Uploader for Gravity Forms allows attackers to upload a web shell to a web server due to an unrestricted upload of file with dangerous type vulnerability.

Product: Multi Uploader for Gravity Forms

Active Installations: unknown

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-23921

NVD References: https://patchstack.com/database/wordpress/plugin/gf-multi-uploader/vulnerability/wordpress-multi-uploader-for-gravity-forms-plugin-1-1-3-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2025-23931 - WordPress Local SEO allows Blind SQL Injection from version n/a through 2.3.

Product: WordPress Local SEO

Active Installations: unknown

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-23931

NVD References: https://patchstack.com/database/wordpress/plugin/dh-local-seo/vulnerability/wordpress-wordpress-local-seo-plugin-2-3-sql-injection-vulnerability?_s_id=cve

CVE-2025-23932 - Quick Count is vulnerable to deserialization of untrusted data, allowing for object injection from version n/a through 3.00.

Product: Quick Count

Active Installations: This plugin has been closed as of January 2, 2025 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-23932

NVD References: https://patchstack.com/database/wordpress/plugin/quick-count/vulnerability/wordpress-quick-count-plugin-3-00-php-object-injection-vulnerability?_s_id=cve

CVE-2025-23942 - NgocCode WP Load Gallery allows unrestricted upload of dangerous files that can lead to uploading a web shell to the web server, affecting versions from n/a through 2.1.6.

Product: NgocCode WP Load Gallery

Active Installations: unknown

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-23942

NVD References: https://patchstack.com/database/wordpress/plugin/wp-load-gallery/vulnerability/wordpress-wp-load-gallery-plugin-2-1-6-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2025-23953 - Innovative Solutions user files allows unrestricted upload of dangerous file types, potentially leading to the upload of a web shell on a web server.

Product: Innovative Solutions user files

Active Installations: unknown

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-23953

NVD References: https://patchstack.com/database/wordpress/plugin/user-files/vulnerability/wordpress-user-files-plugin-2-4-2-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2025-23914 - Muzaara Google Ads Report is vulnerable to object injection through deserialization of untrusted data, impacting versions from n/a through 3.1.

Product: Muzaara Google Ads Report

Active Installations: unknown

CVSS Score: 9.8

NVD: https://patchstack.com/database/wordpress/plugin/muzaara-adwords-optimize-dashboard/vulnerability/wordpress-muzaara-google-ads-report-plugin-3-1-php-object-injection-vulnerability?_s_id=cvehttps://nvd.nist.gov/vuln/detail/CVE-2025-23914

NVD References: https://patchstack.com/database/wordpress/plugin/muzaara-adwords-optimize-dashboard/vulnerability/wordpress-muzaara-google-ads-report-plugin-3-1-php-object-injection-vulnerability?_s_id=cve

CVE-2025-20156 - Cisco Meeting Management's REST API vulnerability allows a remote attacker with low privileges to elevate their access to administrator level on affected devices.

Product: Cisco Meeting Management

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-20156

NVD References:

- https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html

- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-ole2-H549rphA

- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmm-privesc-uy2Vf8pc

CVE-2024-52975 - Fleet Server exposed sensitive information in log files due to a configuration issue.

Product: Elastic Fleet Server

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52975

NVD References: https://discuss.elastic.co/t/fleet-server-8-15-0-security-update-esa-2024-31/373522

CVE-2024-52325 - ECOVACS robot lawnmowers and vacuums are vulnerable to command injection via SetNetPin() over an unauthenticated BLE connection.

Product: ECOVACS robot lawnmowers

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52325

NVD References:

- https://dontvacuum.me/talks/DEFCON32/DEFCON32_reveng_hacking_ecovacs_robots.pdf

- https://www.ecovacs.com/global/userhelp/dsa20241119

- https://www.ecovacs.com/global/userhelp/dsa20241130001

- https://youtu.be/_wUsM0Mlenc?t=2041

CVE-2025-0637 - Beta10 software contains a vulnerability that allows unauthorized users to access private areas without authentication.

Product: Beta10

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-0637

NVD References: https://www.incibe.es/en/incibe-cert/notices/aviso/inadequate-access-control-beta10

CVE-2024-53923 - Centreon Web versions 24.10.x before 24.10.3, 24.04.x before 24.04.9, 23.10.x before 23.10.19, and 23.04.x before 23.04.24 allows a user with high privileges to perform SQL injection via a form for uploading media.

Product: Centreon Web

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-53923

NVD References:

- https://github.com/centreon/centreon/releases

- https://thewatch.centreon.com/latest-security-bulletins-64/cve-2024-53923-centreon-web-critical-severity-4265

CVE-2024-55573 - Centreon centreon-web before versions 24.10.3, 24.04.9, 23.10.19, and 23.04.24 allows high privileged users to inject SQL in the form for virtual metric creation.

Product: Centreon Web

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55573

NVD References:

- https://github.com/centreon/centreon/releases

- https://thewatch.centreon.com/latest-security-bulletins-64/cve-2024-55573-centreon-web-critical-severity-4264

CVE-2024-55194 - OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via the component /OpenImageIO/fmath.h.

Product: OpenImageIO

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55194

NVD References:

- https://github.com/AcademySoftwareFoundation/OpenImageIO/issues/4552

- https://github.com/AcademySoftwareFoundation/OpenImageIO/issues/4552

CVE-2024-57328 - Online Food Ordering System v1.0 login form is vulnerable to SQL Injection due to lack of proper input sanitization, enabling unauthorized access through malicious queries.

Product: Online Food Ordering System v1.0

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57328

NVD References: https://github.com/fatihtuzunn/CVEs/tree/main/CVE-2024-57328

CVE-2024-13545 - The Bootstrap Ultimate theme for WordPress is vulnerable to Local File Inclusion in all versions up to 1.4.9, allowing unauthenticated attackers to include PHP files on the server and potentially execute code.

Product: WordPress Bootstrap Ultimate theme

Active Installations: 7,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13545

NVD References:

- https://themes.trac.wordpress.org/browser/bootstrap-ultimate/1.4.9/docs/index.php#L8

- https://www.wordfence.com/threat-intel/vulnerabilities/id/ae07af10-e5fc-4f28-a343-f56c0e2bc324?source=cve

CVE-2025-22609, CVE-2025-22611, CVE-2025-22612 - Coolify allows any authenticated user to attach any existing private key on a coolify instance to his own server, leading to potential remote code execution on the victim's server.

Product: Coolify

CVSS Scores: 9.9 - 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22609

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22611

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22612

NVD References:

- https://github.com/coollabsio/coolify/security/advisories/GHSA-3w2c-jfr2-9pg9

- https://github.com/coollabsio/coolify/security/advisories/GHSA-9w72-9qww-qj6g

- https://github.com/coollabsio/coolify/security/advisories/GHSA-wg8x-cgq4-vjxj

CVE-2024-56404 - One Identity Identity Manager 9.x before 9.3 is vulnerable to an insecure direct object reference (IDOR) flaw that enables privilege escalation in On-Premise installations.

Product: One Identity Identity Manager

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-56404

NVD References:

- https://support.oneidentity.com/product-notification/noti-00001678

- https://support.oneidentity.com/technical-documents/identity-manager/9.3/release-notes/

- https://www.oneidentity.com/community/identity-manager/

CVE-2025-24650 - Themefic Tourfic allows the unrestricted upload of dangerous file types, potentially enabling the upload of a web shell to a web server, affecting versions up to 2.15.3.

Product: Themefic Tourfic

Active Installations 1,000+

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24650

NVD References: https://patchstack.com/database/wordpress/plugin/tourfic/vulnerability/wordpress-tourfic-plugin-2-15-3-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2025-24601 - Deserialization of Untrusted Data vulnerability in ThimPress FundPress allows Object Injection. This issue affects FundPress: from n/a through 2.0.6.

Product: ThimPress FundPress

Active Installations: 300+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24601

NVD References: https://patchstack.com/database/wordpress/plugin/fundpress/vulnerability/wordpress-fundpress-plugin-2-0-6-php-object-injection-vulnerability?_s_id=cve

CVE-2025-24612 - MORKVA Shipping for Nova Poshta up to version 1.19.6 is vulnerable to SQL Injection, allowing attackers to manipulate SQL commands.

Product: MORKVA Shipping for Nova Poshta

Active Installations 500+

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24612

NVD References: https://patchstack.com/database/wordpress/plugin/nova-poshta-ttn/vulnerability/wordpress-shipping-for-nova-poshta-plugin-1-19-6-sql-injection-vulnerability?_s_id=cve

CVE-2024-57590 - TRENDnet TEW-632BRP v1.010B31 devices are vulnerable to OS command injections via the "ntp_sync.cgi" interface, allowing remote hackers to execute arbitrary commands.

Product: TRENDnet TEW-632BRP

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57590

NVD References: https://github.com/IdaJea/IOT_vuln_1/blob/master/tew632/ntp_sync.md

CVE-2024-57595 - DLINK DIR-825 REVB 2.03 devices are vulnerable to OS command injection via the "wps_pin" parameter in the apc_client_pin.cgi interface, allowing remote attackers to execute arbitrary commands.

Product: DLINK DIR-825 REVB 2.03

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57595

NVD References:

- https://github.com/IdaJea/IOT_vuln_1/blob/master/DIR825/wps_pin.md

- https://www.dlink.com/en/security-bulletin/

CVE-2025-24671 - Pdfcrowd Save as PDF plugin by Pdfcrowd is vulnerable to a Deserialization of Untrusted Data issue allowing Object Injection from versions n/a through 4.4.0.

Product: Pdfcrowd Save as PDF plugin

Active Installations: 1,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24671

NVD References: https://patchstack.com/database/wordpress/plugin/save-as-pdf-by-pdfcrowd/vulnerability/wordpress-save-as-pdf-plugin-by-pdfcrowd-plugin-4-4-0-php-object-injection-vulnerability?_s_id=cve

CVE-2025-22604 - Cacti is vulnerable to authenticated users injecting malformed OIDs in responses, leading to a command execution flaw fixed in version 1.2.29.

Product: Cacti

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22604

NVD References:

- https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0

- https://github.com/Cacti/cacti/security/advisories/GHSA-c5j8-jxj3-hh36

CVE-2024-48841 - Network access can be used to execute arbitrary code with elevated privileges.

This issue affects FLXEON 9.3.4 and older.

Product: FLXEON

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48841

NVD References: https://search.abb.com/library/Download.aspx?DocumentID=9AKK108470A5684&LanguageCode=en&DocumentPartId=PDF&Action=Launch

CVE-2024-54530 - macOS Sequoia, watchOS, visionOS, iOS, and iPadOS versions 15.2, 11.2, 2.2, 18.2, and 18.2 allow password autofill to fill in passwords after failing authentication due to improved checks.

Product: Multiple Apple products

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54530

NVD References:

- https://support.apple.com/en-us/121837

- https://support.apple.com/en-us/121839

- https://support.apple.com/en-us/121843

- https://support.apple.com/en-us/121845

CVE-2025-24093 - macOS Ventura and macOS Sonoma versions 13.7.3 and 14.7.3 resolved a permissions issue allowing apps to access removable volumes without user consent.

Product: Apple macOS Ventura and macOS Sonoma

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24093

NVD References:

- https://support.apple.com/en-us/122069

- https://support.apple.com/en-us/122070

CVE-2025-24102 - iPadOS, macOS Sequoia, macOS Sonoma, and macOS Ventura versions 17.7.4, 15.3, 14.7.3, and 13.7.3 respectively fixed an issue where an app could determine a user's current location by implementing improved checks.

Product: Multiple Apple products

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24102

NVD References:

- https://support.apple.com/en-us/122067

- https://support.apple.com/en-us/122068

- https://support.apple.com/en-us/122069

- https://support.apple.com/en-us/122070

CVE-2025-24106 - macOS Ventura, macOS Sequoia, and macOS Sonoma versions 13.7.3, 15.3, and 14.7.3 are susceptible to unexpected app termination when parsing certain files.

Product: Apple macOS Ventura, macOS Sequoia, and macOS Sonoma

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24106

NVD References:

- https://support.apple.com/en-us/122068

- https://support.apple.com/en-us/122069

- https://support.apple.com/en-us/122070

---

CVE-2025-24109 - macOS Ventura, macOS Sequoia, and macOS Sonoma were fixed for a downgrade issue that allowed apps to access sensitive user data through additional code-signing restrictions.

Product: Apple macOS Ventura, macOS Sequoia, and macOS Sonoma

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24109

NVD References:

- https://support.apple.com/en-us/122068

- https://support.apple.com/en-us/122069

- https://support.apple.com/en-us/122070

CVE-2025-24118 - iPadOS, macOS Sequoia, and macOS Sonoma versions 17.7.4, 15.3, and 14.7.3 respectively exhibit improved memory handling to prevent unexpected system termination or kernel memory writing by malicious apps.

Product: Multiple Apple products

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24118

NVD References:

- https://support.apple.com/en-us/122067

- https://support.apple.com/en-us/122068

- https://support.apple.com/en-us/122069

CVE-2025-24123 & CVE-2025-24124 - Parsing a file in various Apple products may lead to an unexpected app termination but has been fixed in recent updates.

Product: Multiple Apple products

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24123

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24124

NVD References:

- https://support.apple.com/en-us/122066

- https://support.apple.com/en-us/122067

- https://support.apple.com/en-us/122068

- https://support.apple.com/en-us/122069

- https://support.apple.com/en-us/122070

- https://support.apple.com/en-us/122071

- https://support.apple.com/en-us/122072

- https://support.apple.com/en-us/122073

CVE-2025-24126 - visionOS 2.3, iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, and tvOS 18.3 fixed an input validation issue, which could allow a local network attacker to terminate the system or corrupt process memory.

Product: Multiple Apple products

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24126

NVD References:

- https://support.apple.com/en-us/122066

- https://support.apple.com/en-us/122068

- https://support.apple.com/en-us/122071

- https://support.apple.com/en-us/122072

- https://support.apple.com/en-us/122073

CVE-2025-24130 - macOS Ventura, macOS Sequoia, and macOS Sonoma are vulnerable to an issue where an app may be able to modify protected parts of the file system, but it has been fixed with improved checks in versions 13.7.3, 15.3, and 14.7.3.

Product: Apple macOS Ventura, macOS Sequoia, and macOS Sonoma

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24130

NVD References:

- https://support.apple.com/en-us/122068

- https://support.apple.com/en-us/122069

- https://support.apple.com/en-us/122070

CVE-2025-24135 - macOS Sequoia 15.3 allows an app to gain elevated privileges due to improved message validation issues.

Product: Apple macOS Sequoia

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24135

NVD References: https://support.apple.com/en-us/122068

CVE-2025-24139 - macOS is vulnerable to unexpected app termination when parsing a maliciously crafted file, fixed in recent updates.

Product: Apple macOS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24139

NVD References:

- https://support.apple.com/en-us/122068

- https://support.apple.com/en-us/122069

- https://support.apple.com/en-us/122070

CVE-2025-24146 - macOS Messages may expose user contact information in system logging when deleting a conversation.

Product: Apple macOS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24146

NVD References:

- https://support.apple.com/en-us/122068

- https://support.apple.com/en-us/122069

- https://support.apple.com/en-us/122070

CVE-2025-24151 - macOS Ventura, macOS Sequoia, and macOS Sonoma are vulnerable to an app being able to cause unexpected system termination or corrupt kernel memory due to poor memory handling.

Product: Apple macOS Ventura, macOS Sequoia, and macOS Sonoma

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24151

NVD References:

- https://support.apple.com/en-us/122068

- https://support.apple.com/en-us/122069

- https://support.apple.com/en-us/122070

CVE-2025-24154 - macOS, visionOS, iOS, and iPadOS are vulnerable to an out-of-bounds write issue that could allow an attacker to cause unexpected system termination or corrupt kernel memory, which has been fixed in the latest updates.

Product: Multiple Apple products

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24154

NVD References:

- https://support.apple.com/en-us/122066

- https://support.apple.com/en-us/122068

- https://support.apple.com/en-us/122069

- https://support.apple.com/en-us/122070

- https://support.apple.com/en-us/122073

CVE-2025-24162 - visionOS, Safari, iOS, iPadOS, macOS Sequoia, watchOS, and tvOS versions 2.3, 18.3, 18.3, 18.3, 15.3, 11.3, and 18.3, may crash unexpectedly due to processing maliciously crafted web content.

Product: Multiple Apple products

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24162

NVD References:

- https://support.apple.com/en-us/122066

- https://support.apple.com/en-us/122068

- https://support.apple.com/en-us/122071

- https://support.apple.com/en-us/122072

- https://support.apple.com/en-us/122073

- https://support.apple.com/en-us/122074

CVE-2025-24163 - iPadOS, macOS, visionOS, iOS, iPadOS, macOS, watchOS, and tvOS versions 17.7.4, 14.7.3, 2.3, 18.3, 18.3, 15.3, 11.3, and 18.3 may experience unexpected app termination when parsing a file, but has been fixed with improved checks.

Product: Multiple Apple products

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24163

NVD References:

- https://support.apple.com/en-us/122066

- https://support.apple.com/en-us/122067

- https://support.apple.com/en-us/122068

- https://support.apple.com/en-us/122069

- https://support.apple.com/en-us/122070

- https://support.apple.com/en-us/122071

- https://support.apple.com/en-us/122072

- https://support.apple.com/en-us/122073

CVE-2025-24174 - macOS Ventura, macOS Sequoia, and macOS Sonoma have vulnerabilities that allow apps to bypass Privacy preferences, fixed in versions 13.7.3, 15.3, and 14.7.3 respectively.

Product: Apple macOS Ventura, macOS Sequoia, and macOS Sonoma

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24174

NVD References:

- https://support.apple.com/en-us/122068

- https://support.apple.com/en-us/122069

- https://support.apple.com/en-us/122070

CVE-2024-57052 - Youdiancms v.9.5.20 and before allows a remote attacker to escalate privileges via the sessionID parameter in the index.php file.

Product: youdiancms

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57052

NVD References: https://gist.github.com/yahaha9/720fb45bbebda62dc198568c8d275df8

CVE-2024-57548 - CMSimple 5.16 allows the user to edit log.php file via print page.

Product: CMSimple

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57548

NVD References:

- https://gist.github.com/h4ckr4v3n/afbb87b5a05f283dbee705709c2769eb

- https://github.com/h4ckr4v3n/cmsimple5.16_research/blob/main/CMSimple%205.16%20Broken%20Access%20Control%20to%20log.php.md

CVE-2022-3365 - Remote Mouse Server by Emote Interactive allows for injection of OS commands due to weak encryption and default password usage.

Product: Emote Interactive Remote Mouse Server

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-3365

NVD References: https://github.com/rapid7/metasploit-framework/pull/17067

CVE-2024-12647, CVE-2024-12648, CVE-2024-12649 - Satera MF656Cdw/Satera MF654Cdw Small Office Multifunction Printers and Laser Printers may be susceptible to buffer overflow vulnerabilities, leading to potential network unresponsiveness or arbitrary code execution.

Product: Canon Small Office Multifunction Printers and Laser Printers

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12647

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12648

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12649

NVD References:

- https://canon.jp/support/support-info/250127vulnerability-response

- https://psirt.canon/advisory-information/cp2025-001/

- https://www.canon-europe.com/support/product-security/#news

- https://www.usa.canon.com/support/canon-product-advisories/service-notice-regarding-vulnerability-measure-against-buffer-overflow-for-laser-printers-and-small-office-multifunctional-printers

CVE-2024-13448 - The ThemeREX Addons WordPress plugin allows unauthenticated attackers to perform arbitrary file uploads, potentially leading to remote code execution.

Product: ThemeREX Addons_PLUGIN

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13448

NVD References:

- https://themeforest.net/item/qwery-multipurpose-business-wordpress-theme/29678687

- https://www.wordfence.com/threat-intel/vulnerabilities/id/7c1372bd-821d-439c-9b11-dfa5f08dd0dd?source=cve

CVE-2025-0065 - TeamViewer Clients prior version 15.62 for Windows allows an attacker to elevate privileges via argument injection.

Product: TeamViewer Clients

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-0065

ISC Podcast: https://isc.sans.edu/podcastdetail/9300

NVD References: https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1001/

CVE-2025-23211 - Tandoor Recipes is an application with a Jinja2 SSTI vulnerability that allows any user to execute commands on the server as root in versions prior to 1.5.24.

Product: Tandoor Recipes Jinja2

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-23211

NVD References:

- https://github.com/TandoorRecipes/recipes/blob/4f9bff20c858180d0f7376de443a9fe4c123a50c/cookbook/helper/template_helper.py#L95

- https://github.com/TandoorRecipes/recipes/commit/e6087d5129cc9d0c24278948872377e66c2a2c20

- https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-r6rj-h75w-vj8v

- https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-r6rj-h75w-vj8v

CVE-2024-52012 - Apache Solr is vulnerable to a Relative Path Traversal issue, allowing arbitrary filepath write-access on Windows systems.

Product: Apache Software Foundation Apache Solr

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52012

ISC Podcast: https://isc.sans.edu/podcastdetail/9298

NVD References:

- https://lists.apache.org/thread/yp39pgbv4vf1746pf5yblz84lv30vfxd

- http://www.openwall.com/lists/oss-security/2025/01/26/2