The Consensus Security Vulnerability Alert

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

Apple Patches Everything, Again

Published: 2025-11-04

Last Updated: 2025-11-04 12:10:29 UTC

by Johannes Ullrich (Version: 1)

Apple released its expected set of operating system upgrades. This is a minor feature upgrade that also includes fixes for 110 different vulnerabilities. As usual for Apple, many of the vulnerabilities affect multiple operating systems. None of the vulnerabilities is marked as already exploited. Apple only offers very sparse vulnerability descriptions. Here are some vulnerabilities that may be worth watching:

CVE-2025-43338, CVE-2025-43372: A memory corruption vulnerability in ImageIO. ImageIO is responsible for rendering images, and vulnerabilities like this have been exploited in the past for remote code execution. CVE-2025-43400, a vulnerability affecting FontParser, could have a similar impact.

CVE-2025-43431: A memory corruption issue in WebKit. This could be used to execute code via Safari ...

Read the full entry: https://isc.sans.edu/diary/Apple+Patches+Everything+Again/32448/

XWiki SolrSearch Exploit Attempts (CVE-2025-24893) with link to Chicago Gangs/Rappers

Published: 2025-11-03

Last Updated: 2025-11-03 14:20:05 UTC

by Johannes Ullrich (Version: 1)

XWiki describes itself as "The Advanced Open-Source Enterprise Wiki" and considers itself an alternative to Confluence and MediaWiki. In February, XWiki released an advisory (and patch) for an arbitrary remote code execution vulnerability. Affected was the SolrSearch component, which any user, even with minimal "Guest" privileges, can use. The advisory included PoC code, so it is a bit odd that it took so long for the vulnerability to be widely exploited.

NIST added the vulnerability to its "Known Exploited Vulnerabilities" list this past Friday. Our data shows some reconnaissance scans starting in July, but actual exploit attempts did not commence until yesterday ...

Read the full entry: https://isc.sans.edu/diary/XWiki+SolrSearch+Exploit+Attempts+CVE202524893+with+link+to+Chicago+GangsRappers/32444/

Updates to Domainname API

Published: 2025-11-05

Last Updated: 2025-11-05 16:17:17 UTC

by Johannes Ullrich (Version: 1)

For several years, we have offered a "new domain" list of recently registered (or, more accurately, recently discovered) domains. This list is offered via our API (https://isc.sans.edu/api). However, the size of the list has been causing issues, resulting in a "cut-off" list being returned. To resolve this issue, I updated the API call. It is sort of backward compatible, but it will not allow you to retrieve the full list. Additionally, we offer a simple "static file" containing the complete list. This file should be used whenever possible instead of the API ...

I have not decided yet how long to keep these historic lists. The same data can be retrieved via the API request below. Likely, I will keep the last week as a "precompiled" list.

For the API, you may now retrieve partial copies of the list ...

Read the full entry: https://isc.sans.edu/diary/Updates+to+Domainname+API/32452/

Scans for Port 8530/8531 (TCP). Likely related to WSUS Vulnerability CVE-2025-59287 (2025.11.02)

https://isc.sans.edu/diary/Scans+for+Port+85308531+TCP+Likely+related+to+WSUS+Vulnerability+CVE202559287/32440/

X-Request-Purpose: Identifying "research" and bug bounty related scans? (2025.10.30)

https://isc.sans.edu/diary/XRequestPurpose+Identifying+research+and+bug+bounty+related+scans/32436/

The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

CVE-2025-59287 - Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.

Product: Microsoft Windows Server Update Service

CVSS Score: 0

** KEV since 2025-10-24 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-59287

ISC Diary: https://isc.sans.edu/diary/32440

ISC Podcast: https://isc.sans.edu/podcastdetail/9682

CVE-2025-24893 - XWiki Platform is vulnerable to arbitrary remote code execution through a request to `SolrSearch`, impacting the confidentiality, integrity, and availability of the installation.

Product: XWiki Platform

CVSS Score: 0

** KEV since 2025-10-30 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24893

ISC Diary: https://isc.sans.edu/diary/32444

ISC Podcast: https://isc.sans.edu/podcastdetail/9684

CVE-2023-20198 - Cisco IOS XE Web UI Privilege Escalation Vulnerability

Product: Cisco IOS XE

CVSS Score: 0

** KEV since 2023-10-16 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-20198

ISC Podcast: https://isc.sans.edu/podcastdetail/9682

CVE-2025-48703 - CWP Control Web Panel OS Command Injection Vulnerability. CWP Control Web Panel (formerly CentOS Web Panel) contains an OS command Injection vulnerability that allows unauthenticated remote code execution via shell metacharacters in the t_total parameter in a filemanager changePerm request. A valid non-root username must be known.

Product: CWP Control Web Panel

CVSS Score: 9.0 ** KEV since 2025-11-04 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48703

ISC Podcast: https://isc.sans.edu/podcastdetail/9506

NVD References: https://fenrisk.com/rce-centos-webpanel

CVE-2025-12380 - Firefox versions prior to 144.0.2 are vulnerable to a use-after-free exploit in the GPU or browser process, triggered by compromised child processes using WebGPU-related IPC calls.

Product: Mozilla Firefox

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-12380

NVD References: https://www.mozilla.org/security/advisories/mfsa2025-86/

CVE-2025-61043 - Monkey's Audio 11.31 is susceptible to an out-of-bounds read vulnerability in CAPECharacterHelper::GetUTF16FromUTF8 function which could lead to a crash or data exposure.

Product: Monkey's Audio 11.31

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-61043

CVE-2025-61128 - WAVLINK QUANTUM D3G/WL-WN530HG3 firmware M30HG3_V240730 and other models have a stack-based buffer overflow vulnerability allowing attackers to execute arbitrary code through a crafted POST request to login.cgi.

Product: WAVLINK QUANTUM D3G/WL-WN530HG3 firmware M30HG3_V240730

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-61128

CVE-2025-36386 - IBM Maximo Application Suite versions 9.0.0 through 9.1.4 could allow remote attackers to bypass authentication and gain unauthorized access.

Product: IBM Maximo Application Suite

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-36386

NVD References: https://www.ibm.com/support/pages/node/7249416

CVE-2025-60355 - zhangyd-c OneBlog before 2.3.9 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.

Product: zhangyd-c OneBlog

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-60355

CVE-2025-61235 - Dataphone A920 v2025.07.161103 allows a custom crafted packet to bypass authentication and trigger functionality due to lack of validation.

Product: Dataphone A920

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-61235

CVE-2025-62368 - Taiga is vulnerable to remote code execution in versions 6.8.3 and earlier due to unsafe data deserialization, with a fix available in version 6.9.0.

Product: Taiga API

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-62368

CVE-2025-64095 - DNN (formerly DotNetNuke) version prior to 10.1.1 allows unauthenticated file uploads and images to overwrite existing files, leading to possible website defacement and XSS injection vulnerabilities.

Product: DNNsoftware (DotNetNuke)

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-64095

CVE-2024-45162 - A stack-based buffer overflow issue was discovered in the phddns client in Blu-Castle BCUM221E 1.0.0P220507 via the password field.

Product: Blu-Castle BCUM221E

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45162

CVE-2025-10932 - Progress MOVEit Transfer (AS2 module) versions before 2025.0.3, 2024.1.7, and 2023.1.16 are prone to uncontrolled resource consumption.

Product: Progress MOVEit Transfer

CVSS Score: 8.2

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-10932

ISC Podcast: https://isc.sans.edu/podcastdetail/9680

NVD References: https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-CVE-2025-10932-October-29-2025

CVE-2025-63622 - Online Complaint Site 1.0 is vulnerable to SQL injection through the manipulation of the argument category in /cms/admin/subcategory.php.

Product: Fabian Online Complaint Site

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-63622

CVE-2025-64102 - Zitadel prior to versions 4.6.0, 3.4.3, and 2.71.18 allows online brute-force attacks on OTP, TOTP, and passwords, with mitigation strategies not fully implemented in recent APIs.

Product: Zitadel

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-64102

CVE-2025-64103 - Zitadel prior to version 4.6.0, 3.4.3, and 2.71.18 does not properly enforce multi factor authentication which allows attackers to bypass the more secure factor with a targeted TOTP code attack.

Product: Zitadel

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-64103

CVE-2025-11200 - MLflow Weak Password Requirements Authentication Bypass Vulnerability allows remote attackers to bypass authentication by exploiting weak password requirements in MLflow installations.

Product: LFprojects MLflow

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-11200

CVE-2025-11201 - MLflow Tracking Server allows remote attackers to execute arbitrary code by exploiting a directory traversal vulnerability in model creation, without requiring authentication.

Product: LFprojects MLflow

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-11201

CVE-2025-54469 - NeuVector vulnerability was identified due to unvalidated environment variables allowing for potential command injection within the enforcer container.

Product: NeuVector enforcer container

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54469

CVE-2025-50739 - iib0011 omni-tools v0.4.0 is vulnerable to remote code execution via unsafe JSON deserialization.

Product: iib0011 omni-tools

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-50739

CVE-2025-43027 - Security Center's ALPR Manager role has a critical vulnerability that may grant attackers administrative access to the Genetec Security Center system.

Product: Genetec Security Center

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43027

CVE-2025-62712 - JumpServer versions prior to v3.10.20-lts and v4.10.11-lts allow an authenticated, non-privileged user to retrieve connection tokens of other users, potentially leading to unauthorized access and privilege escalation.

Product: JumpServer

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-62712

CVE-2025-48983 - Veeam Backup & Replication is vulnerable to remote code execution on Backup infrastructure hosts by authenticated domain users through the Mount service.

Product: Veeam Backup & Replication

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48983

CVE-2025-52665 - UniFi Access Application (Version 3.3.22 through 3.4.31) exposed a management API without proper authentication, allowing malicious actors to exploit a misconfiguration until fixed in Version 4.0.21.

Product: UniFi Access

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-52665

CVE-2025-6520 - Abis Technology BAPSIS software before 202510271606 allows Blind SQL Injection via improper neutralization of special elements in SQL commands.

Product: Abis Technology BAPSIS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-6520

CVE-2025-57108 - Kitware VTK through 9.5.0 has a heap use-after-free vulnerability in vtkGLTFDocumentLoader, triggered by accessing freed memory during mesh object copy operations with corrupted GLTF files.

Product: Kitware VTK (Visualization Toolkit)

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-57108

CVE-2025-29270 - Deep Sea Electronics devices DSE855 v1.1.0 to v1.1.26 are vulnerable to incorrect access control in the realtime.cgi endpoint, enabling unauthorized access to the admin panel and device control by attackers.

Product: Deep Sea Electronics DSE855

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-29270

CVE-2025-0987 - CVLand is vulnerable to authorization bypass through user-controlled key, allowing parameter injection from version 2.1.0 through 20251103.

Product: CB Project Ltd. Co. CVLand

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-0987

CVE-2025-63451, CVE-2025-63452, & CVE-2025-63453 - Car-Booking-System-PHP v.1.0 SQL Injection vulnerabilities.

Product: Car-Booking-System-PHP carlux

CVSS Scores: 9.4 - 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-63451

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-63452

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-63453

CVE-2025-11953 - The Metro Development Server, opened by the React Native Community CLI, is vulnerable to OS command injection through an exposed endpoint, allowing for unauthenticated network attackers to run arbitrary executables and shell commands on Windows.

Product: React Native Community Metro Development Server

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-11953

CVE-2025-12463 - Geutebruck G-Cam E-Series Cameras are vulnerable to unauthenticated SQL Injection via the `Group` parameter in the `/uapi-cgi/viewer/Param.cgi` script on EFD-2130 cameras with firmware version 1.12.0.19.

Product: Geutebruck G-Cam E-Series Cameras

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-12463

CVE-2025-54863 - Radiometrics VizAir is vulnerable to remote exposure of its REST API key, enabling attackers to manipulate weather data, disrupt airport operations, and engage in denial-of-service attacks.

Product: Radiometrics VizAir

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54863

CVE-2025-61945 - Radiometrics VizAir is vulnerable to remote attackers through unauthorized access to the admin panel, allowing manipulation of critical weather parameters and potentially endangering aircraft safety.

Product: Radiometrics VizAir

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-61945

CVE-2025-61956 - Radiometrics VizAir lacks authentication mechanisms, enabling attackers to manipulate settings, mislead air traffic control, pilots, and forecasters.

Product: Radiometrics VizAir

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-61956

CVE-2025-43338 - macOS Sonoma 14.8.2, iOS 26, and iPadOS 26 are susceptible to unexpected app termination or corrupt process memory due to an out-of-bounds access issue when processing malicious media files.

Product: Multiple Apple products

CVSS Score: 7.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43338

ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43372 - Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory in ImageIO

Product: ImageIO

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43372

ISC Diary: https://isc.sans.edu/diary/32448

ISC Podcast: https://isc.sans.edu/podcastdetail/9686

CVE-2025-43431 - Safari 26.1, visionOS 26.1, watchOS 26.1, iOS 26.1, iPadOS 26.1, and tvOS 26.1 are vulnerable to memory corruption via processing maliciously crafted web content, fixed with improved memory handling.

Product: Multiple Apple products

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43431

ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43350 - iOS 26.1 and iPadOS 26.1 addressed a permissions issue, but an attacker may still access restricted content from the lock screen.

Product: Apple iOS and iPadOS

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43350

ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43361 - macOS Sequoia 15.7.2 is vulnerable to a malicious app potentially able to read kernel memory due to an out-of-bounds read issue fixed in the latest update.

Product: Multiple Apple products

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43361

ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43364 - macOS Sonoma and macOS Sequoia versions 14.8 and 15.7 fix a race condition vulnerability that could allow an app to break out of its sandbox.

Product: Apple macOS

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43364

ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43373 - macOS Sonoma and macOS Sequoia versions 14.8.2 and 15.7.2 have fixed a vulnerability where an app could cause unexpected system termination or corrupt kernel memory.

Product: Apple macOS

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43373

ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43387 - macOS Sequoia 15.7.2 fixed a permissions issue allowing a malicious app to gain root privileges.

Product: Apple macOS

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43387

ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43389 - iOS 26.1, iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, and visionOS 26.1 fixed a privacy issue allowing apps to access sensitive user data by removing vulnerable code.

Product: Multiple Apple Products

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43389

ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43399 - macOS Sequoia 15.7.2 is vulnerable to data exposure due to inadequate redaction of sensitive information, allowing an app to access protected user data.

Product: Apple macOS

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43399

ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43401 - macOS Sonoma 14.8.2 and macOS Sequoia 15.7.2 allow remote attackers to cause a denial-of-service due to a validated denial-of-service issue.

Product: Apple macOS

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43401

ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43405 - macOS Sonoma 14.8.2 and macOS Sequoia 15.7.2 contain a vulnerability where an app may access user-sensitive data due to an addressed permissions issue with additional sandbox restrictions.

Product: Apple macOS

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43405

ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43407 - visionOS 26.1, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, iOS 26.1, iPadOS 26.1, and tvOS 26.1 are now protected against an app potentially breaking out of its sandbox through improved entitlements.

Product: Multiple Apple products

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43407

ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43409 - macOS Sequoia 15.7.2 fixed a permissions issue with additional sandbox restrictions, preventing apps from accessing sensitive user data.

Product: Apple macOS

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43409

ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43413 - visionOS, macOS, watchOS, iOS, iPadOS, and tvOS were vulnerable to sandboxed apps potentially being able to observe system-wide network connections, but the issue is fixed in the latest updates.

Product: Multiple Apple products

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43413

ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43424 - iOS and iPadOS 26.1 are vulnerable to unexpected process crashes caused by a malicious HID device due to lack of proper bounds checks.

Product: Apple iOS and iPadOS

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43424

ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43436 - watchOS, iOS, iPadOS, tvOS, visionOS 26.1 had a permissions issue where an app was able to enumerate a user's installed apps but this has been fixed with additional restrictions.

Product: Multiple Apple products

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43436

ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43439 - iOS 26.1, iPadOS 26.1, and visionOS 26.1 have fixed a privacy issue where an app could potentially fingerprint the user.

Product: Multiple Apple products

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43439

ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43442 - iOS and iPadOS versions prior to 26.1 may allow apps to identify other apps installed by the user due to a permissions issue that has been resolved.

Product: Apple iOS and iPadOS

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43442

ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43449 - iOS and iPadOS versions 26.1 fixed a vulnerability where a malicious app could track users between installs by improving cache handling.

Product: Apple iOS and iPadOS

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43449

ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43450 - iOS and iPadOS versions prior to 26.1 allowed an app to learn information about the current camera view before being granted camera access.

Product: Apple iOS and iPadOS

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43450

ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43452 - iOS 26.1 and iPadOS 26.1 display sensitive keyboard suggestions on the lock screen.

Product: Apple iOS and iPadOS

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43452

ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43454 - iOS and iPadOS versions 26.1 may allow a device to persistently fail to lock due to improved state management.

Product: Apple iOS and iPadOS

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43454

ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43462 - watchOS 26.1, iOS 26.1, iPadOS 26.1, tvOS 26.1, and visionOS 26.1 are vulnerable to an issue that could allow an app to cause unexpected system termination or corrupt kernel memory.

Product: Multiple Apple products

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43462

ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43468 - Intel-based Mac computers may have a vulnerability that allows apps to access sensitive user data.

Product: Apple macOS

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43468

ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43469 - macOS Sonoma 14.8.2 and macOS Sequoia 15.7.2 have fixed a permissions issue allowing apps to potentially access sensitive user data.

Product: Apple macOS

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43469

ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43472 - macOS was vulnerable to an issue that allowed an app to gain root privileges, fixed in versions 14.8.2 and 15.7.2 with improved input sanitization.

Product: Apple macOS

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43472

ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43474 - macOS is vulnerable to an out-of-bounds read which may allow an app to cause unexpected system termination or read kernel memory.

Product: Apple macOS

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43474

ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43476 - macOS Sonoma 14.8.2 and macOS Sequoia 15.7.2 may allow an app to break out of its sandbox due to a permissions issue that has been fixed with additional restrictions.

Product: Apple macOS

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43476

ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43480 - Safari 26.1, visionOS 26.1, watchOS 26.1, iOS 26.1, iPadOS 26.1, and tvOS 26.1 are now protected from data exfiltration by malicious websites with improved checks.

Product: Multiple Apple products

CVSS Score: 8.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43480

ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43496 - watchOS, iOS, iPadOS, macOS, and visionOS versions prior to 26.1, 15.7.2, and 26.1, respectively, allow remote content loading despite 'Load Remote Images' being disabled.

Product: Multiple Apple products

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43496

ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43500 - watchOS 26.1, iOS 26.1, iPadOS 26.1, and visionOS 26.1 allow an app to access sensitive user data due to improved handling of user preferences.

Product: Multiple Apple products

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43500

ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43502 - Safari 26.1 addressed a privacy issue by removing sensitive data, fixing the problem in iOS 26.1 and iPadOS 26.1 as well, but an app could still bypass certain privacy preferences.

Product: Apple Safari

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43502

ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43505 - Xcode 26.1 is vulnerable to an out-of-bounds write issue that could lead to heap corruption when processing a maliciously crafted file.

Product: Apple Xcode

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43505

ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43400 - macOS, visionOS, iOS, and iPadOS were affected by an out-of-bounds write issue when processing maliciously crafted fonts, potentially leading to unexpected app termination or memory corruption.

Product: Multiple Apple products

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43400

ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-4665 - WordPress plugin Contact Form CFDB7 versions up to and including 1.3.2 is vulnerable to pre-authentication SQL injection and insecure deserialization, allowing for remote exploitation without authentication through crafted input.

Product: WordPress Contact Form CFDB7

Active Installations: 600,000+

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4665

NVD References: https://wordpress.org/plugins/contact-form-cfdb7

CVE-2025-5397 - The Noo JobMonster theme for WordPress is vulnerable to authentication bypass, allowing unauthenticated attackers to access administrative user accounts.

Product: Noo JobMonster theme for WordPress

Active Installations: Unknown. Update to version 4.8.2, or a newer patched version

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-5397

NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/6fa4aa8d-d7f1-4e91-bb2c-c9f80a4bb216?source=cve

CVE-2025-8489 - The King Addons for Elementor plugin for WordPress allows privilege escalation from versions 24.12.92 to 51.1.14 by not properly restricting user roles, enabling unauthenticated attackers to register as administrators.

Product: King Addons for Elementor – Free Elements, Widgets, Templates, and Features for Elementor

Active Installations: 10,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-8489

NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/a1bb2b06-9a3b-4428-8624-26a1202fe3b0?source=cve

CVE-2025-11833 - The Post SMTP plugin for WordPress is vulnerable to unauthorized data access due to a missing capability check on the __construct function.

Product: Post SMTP Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App plugin

Active Installations: 400,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-11833

NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/491f44fc-712c-4f67-b5c2-a7396941afc1?source=cve

CVE-2025-11499 - The Tablesome Table plugin for WordPress is vulnerable to arbitrary file uploads, enabling unauthenticated attackers to potentially execute remote code on the affected site's server.

Product: Tablesome Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent plugin

Active Installations: 9,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-11499

NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/2be770c7-7aa2-430b-981d-5d81fe068bef?source=cve

CVE-2025-8900 - The Doccure Core plugin for WordPress allows unauthenticated attackers to gain elevated privileges through privilege escalation in versions up to, but not including, 1.5.4.

Product: Doccure WordPress plugin

Active Installations: Unknown. Update to version 1.5.4, or a newer patched version.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-8900

NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/49e133c9-5d3b-4a2a-8385-e2db44baa217?source=cve

CVE-2025-11007 & CVE-2025-11008 - The CE21 Suite plugin for WordPress allows unauthenticated attackers to update API settings and create new admin accounts (CVE-2025-11007) and is vulnerable to Sensitive Information Exposure through the log file, allowing unauthenticated attackers to extract sensitive data and potentially take over a site (CVE-2025-11008).

Product: WordPress CE21 Suite plugin

Active Installations: This plugin has been closed as of October 30, 2025 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-11007

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-11008

NVD References:

- https://www.wordfence.com/threat-intel/vulnerabilities/id/5e24feac-1812-45d7-b3c3-27787eed1cf1?source=cve

- https://www.wordfence.com/threat-intel/vulnerabilities/id/91aa86d9-8e42-4deb-b6ca-c3b388fefcb1?source=cve

CVE-2025-12158 - The Simple User Capabilities plugin for WordPress allows unauthenticated attackers to elevate user roles to administrator due to missing capability checks.

Product: WordPress Simple User Capabilities plugin

Active Installations: This plugin has been closed as of October 30, 2025 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-12158

NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/dd75b8ec-1961-4a7a-92e6-1517e638974b?source=cve

CVE-2025-12493 - The ShopLentor plugin for WordPress is vulnerable to Local File Inclusion up to version 3.2.5, allowing unauthenticated attackers to execute arbitrary .php files on the server.

Product: ShopLentor WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution (formerly WooLentor)

Active Installations: 100,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-12493

NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/12bb4bb9-e908-43ad-8fb1-59418580f5e1?source=cve

CVE-2025-12682 - The Easy Upload Files During Checkout plugin for WordPress allows unauthenticated attackers to upload arbitrary JavaScript files, leading to potential remote code execution.

Product: WordPress Easy Upload Files During Checkout plugin

Active Installations: 600+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-12682

NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/6a050764-0ba6-49a4-bd71-f79e3129fc4c?source=cve