The Consensus Security Vulnerability Alert

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

Crypto Wallet Scam

Published: 2025-02-03

Last Updated: 2025-02-03 09:10:15 UTC

by Didier Stevens (Version: 1)

Johannes noticed a SPAM comment on his YouTube channel ...

It was clear to us that this was a scam, but it wasn't clear to us how it worked.

The seed phrase allows you to derive the private keys of the wallets, and gives you full control over the wallet. And as security professionals, we know you must never share private keys. So the scammer wants us to think that they shared their private keys without understanding the risk. And thus creating a (false) opportunity for dishonest people wanting to appropriate the content of the wallet. Because you have the private keys, you can move the funds out of the wallet to your own wallet.

So one could install wallet software and use the private key to control the wallet.

But let's do this a bit differently.

Mnemonic Code Converter is an online/offline HTML page that takes seed phrases and converts them to a seed (BIP39) and addresses (BIP44).

Doing this for the scammer's seed phrase give this ...

Read the full entry: https://isc.sans.edu/diary/Crypto+Wallet+Scam/31646/

Some updates to our data feeds

Published: 2025-02-04

Last Updated: 2025-02-04 16:01:03 UTC

by Johannes Ullrich (Version: 1)

We have offered several different data feeds via our API or other means. However, we are often not very good at documenting what these feeds are all about. Currently, I am in the process of fixing the documentation around these data feeds.

These data feeds are used to augment our data, but may also be helpful to add "color to your logs", which is how I see most of this data being used. Many data feeds do not contain lists of IPs that should be classified as malicious. For example, we attempt to collect IP addresses of public NTP servers. These are usually part of "pool.ntp.org". We are collecting them because they have triggered false positives. Knowing that an IP address is associated with a public NTP server in case you see odd traffic from or to port 123 is helpful.

Just last week, I came across another resource that I found helpful: rosti.bin.re extracts IoCs from various sources like news articles and blog posts. I added this data to our "IP Info" page to provide this useful context in case you are searching for an IP.

The data we produce is published under a "Creative Commons" license. You may use the data for free if you acknowledge the source and do not resell the data. We do not offer commercial licenses, but if you ask nicely and do not play stupid vendor tricks, we will sometimes allow commercial use. Using the data to help you secure your network is always okay, even if the network is commercial. All data is provided "as is" and we are not responsible if you break your network, lose your job, or start a nuclear war by replacing your dead man switch with our API.

So why do we not make these lists simple "blocklists" for your firewall? In my opinion, most of these lists are stupid, and ours would not be any better. I am not able to tell you what IPs you should block. Many of these IPs exploit well-known vulnerabilities. Spend your time fixing the vulnerability. We will never have a list of all IPs exploiting a particular vulnerability, and the list will never be free of false positives. Consume the data responsibly. We are not going to help you waste time or money. If you need help with that, please contact your enterprise security vendor.

We do, however, always like your data :). The best way to say "Thank You" is to run a honeypot and feed us data. We also appreciate feedback and suggestions for other data sources. Please use our contact page to provide feedback. We would particularly like to hear how you use our data ...

Read the full entry: https://isc.sans.edu/diary/Some+updates+to+our+data+feeds/31650/

To Simulate or Replicate: Crafting Cyber Ranges (2025.01.31)

https://isc.sans.edu/diary/To+Simulate+or+Replicate+Crafting+Cyber+Ranges/31642/

PCAPs or It Didn't Happen: Exposing an Old Netgear Vulnerability Still Active in 2025 [Guest Diary] (2025.01.30)

https://isc.sans.edu/diary/PCAPs+or+It+Didnt+Happen+Exposing+an+Old+Netgear+Vulnerability+Still+Active+in+2025+Guest+Diary/31638/

The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

Product: Fortinet FortiOS

CVSS Score: 0

** KEV since 2025-01-14 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55591

ISC Podcast: https://isc.sans.edu/podcastdetail/9298

Product: Multiple Apple products

CVSS Score: 7.8

** KEV since 2025-01-29 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24085

NVD References:

- https://support.apple.com/en-us/122066

- https://support.apple.com/en-us/122068

- https://support.apple.com/en-us/122071

- https://support.apple.com/en-us/122072

- https://support.apple.com/en-us/122073

Product: NETGEAR DGN1000

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12847

ISC Diary: https://isc.sans.edu/diary/31638

Product: ThimPress FundPress

Active Installations: 300+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24601

NVD References: https://patchstack.com/database/wordpress/plugin/fundpress/vulnerability/wordpress-fundpress-plugin-2-0-6-php-object-injection-vulnerability?_s_id=cve

Product: MORKVA Shipping for Nova Poshta

Active Installations: 500+

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24612

NVD References: https://patchstack.com/database/wordpress/plugin/nova-poshta-ttn/vulnerability/wordpress-shipping-for-nova-poshta-plugin-1-19-6-sql-injection-vulnerability?_s_id=cve

Product: TRENDnet TEW-632BRP

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57590

NVD References: https://github.com/IdaJea/IOT_vuln_1/blob/master/tew632/ntp_sync.md

Product: DLINK DIR-825 REVB 2.03

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57595

NVD References:

- https://github.com/IdaJea/IOT_vuln_1/blob/master/DIR825/wps_pin.md

- https://www.dlink.com/en/security-bulletin/

Product: Eniture Technology LTL Freight Quotes - Worldwide Express Edition

Active Installations: 100+

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24664

NVD References: https://patchstack.com/database/wordpress/plugin/ltl-freight-quotes-worldwide-express-edition/vulnerability/wordpress-ltl-freight-quotes-plugin-5-0-20-sql-injection-vulnerability?_s_id=cve

Product: Pdfcrowd Save as PDF plugin

Active Installations: 1,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24671

NVD References: https://patchstack.com/database/wordpress/plugin/save-as-pdf-by-pdfcrowd/vulnerability/wordpress-save-as-pdf-plugin-by-pdfcrowd-plugin-4-4-0-php-object-injection-vulnerability?_s_id=cve

Product: Cacti

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22604

NVD References:

- https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0

- https://github.com/Cacti/cacti/security/advisories/GHSA-c5j8-jxj3-hh36

Product: FLXeon

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48841

NVD References: https://search.abb.com/library/Download.aspx?DocumentID=9AKK108470A5684&LanguageCode=en&DocumentPartId=PDF&Action=Launch

Product: FLXeon

CVSS Score: 9.4

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48849

NVD References: https://search.abb.com/library/Download.aspx?DocumentID=9AKK108470A5684&LanguageCode=en&DocumentPartId=PDF&Action=Launch

Product: FLXeon

CVSS Score: 9.4

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48852

NVD References: https://search.abb.com/library/Download.aspx?DocumentID=9AKK108470A5684&LanguageCode=en&DocumentPartId=PDF&Action=Launch

Product: Multiple Apple products

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54512

NVD References:

- https://support.apple.com/en-us/121837

- https://support.apple.com/en-us/121843

Product: Multiple Apple products

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54530

NVD References:

- https://support.apple.com/en-us/121837

- https://support.apple.com/en-us/121839

- https://support.apple.com/en-us/121843

- https://support.apple.com/en-us/121845

Product: Apple macOS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24093

NVD References:

- https://support.apple.com/en-us/122069

- https://support.apple.com/en-us/122070

Product: Multiple Apple products

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24102

NVD References:

- https://support.apple.com/en-us/122067

- https://support.apple.com/en-us/122068

- https://support.apple.com/en-us/122069

- https://support.apple.com/en-us/122070

Product: Apple macOS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24106

NVD References:

- https://support.apple.com/en-us/122068

- https://support.apple.com/en-us/122069

- https://support.apple.com/en-us/122070

Product: Apple macOS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24109

NVD References:

- https://support.apple.com/en-us/122068

- https://support.apple.com/en-us/122069

- https://support.apple.com/en-us/122070

Product: Multiple Apple products

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24118

NVD References:

- https://support.apple.com/en-us/122067

- https://support.apple.com/en-us/122068

- https://support.apple.com/en-us/122069

Product: Multiple Apple products

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24123

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24124

NVD References:

- https://support.apple.com/en-us/122066

- https://support.apple.com/en-us/122067

- https://support.apple.com/en-us/122068

- https://support.apple.com/en-us/122069

- https://support.apple.com/en-us/122070

- https://support.apple.com/en-us/122071

- https://support.apple.com/en-us/122072

- https://support.apple.com/en-us/122073

Product: Multiple Apple products

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24126

NVD References:

- https://support.apple.com/en-us/122066

- https://support.apple.com/en-us/122068

- https://support.apple.com/en-us/122071

- https://support.apple.com/en-us/122072

- https://support.apple.com/en-us/122073

Product: Apple macOS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24130

NVD References:

- https://support.apple.com/en-us/122068

- https://support.apple.com/en-us/122069

- https://support.apple.com/en-us/122070

Product: Apple macOS SequoiaCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24135NVD References: https://support.apple.com/en-us/122068CVE-2025-24139 - macOS is vulnerable to unexpected app termination when parsing a maliciously crafted file, fixed in recent updates.Product: Apple macOSCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24139NVD References: - https://support.apple.com/en-us/122068- https://support.apple.com/en-us/122069- https://support.apple.com/en-us/122070CVE-2025-24146 - macOS Messages may expose user contact information in system logging when deleting a conversation.Product: Apple macOSCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24146NVD References: - https://support.apple.com/en-us/122068- https://support.apple.com/en-us/122069- https://support.apple.com/en-us/122070CVE-2025-24151 - macOS Ventura, macOS Sequoia, and macOS Sonoma are vulnerable to an app being able to cause unexpected system termination or corrupt kernel memory due to poor memory handling.Product: Apple macOSCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24151NVD References: - https://support.apple.com/en-us/122068- https://support.apple.com/en-us/122069- https://support.apple.com/en-us/122070CVE-2025-24154 - macOS, visionOS, iOS, and iPadOS are vulnerable to an out-of-bounds write issue that could allow an attacker to cause unexpected system termination or corrupt kernel memory, which has been fixed in the latest updates.Product: Multiple Apple productsCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24154NVD References: - https://support.apple.com/en-us/122066- https://support.apple.com/en-us/122068- https://support.apple.com/en-us/122069- https://support.apple.com/en-us/122070- https://support.apple.com/en-us/122073CVE-2025-24162 - visionOS, Safari, iOS, iPadOS, macOS Sequoia, watchOS, and tvOS versions 2.3, 18.3, 18.3, 18.3, 15.3, 11.3, and 18.3, may crash unexpectedly due to processing maliciously crafted web content.Product: Multiple Apple productsCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24162NVD References: - https://support.apple.com/en-us/122066- https://support.apple.com/en-us/122068- https://support.apple.com/en-us/122071- https://support.apple.com/en-us/122072- https://support.apple.com/en-us/122073- https://support.apple.com/en-us/122074CVE-2025-24163 - iPadOS, macOS, visionOS, iOS, iPadOS, macOS, watchOS, and tvOS versions 17.7.4, 14.7.3, 2.3, 18.3, 18.3, 15.3, 11.3, and 18.3 may experience unexpected app termination when parsing a file, but has been fixed with improved checks.Product: Multiple Apple productsCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24163NVD References: - https://support.apple.com/en-us/122066- https://support.apple.com/en-us/122067- https://support.apple.com/en-us/122068- https://support.apple.com/en-us/122069- https://support.apple.com/en-us/122071- https://support.apple.com/en-us/122072- https://support.apple.com/en-us/122073CVE-2025-24174 - macOS Ventura, macOS Sequoia, and macOS Sonoma have vulnerabilities that allow apps to bypass Privacy preferences, fixed in versions 13.7.3, 15.3, and 14.7.3 respectively.Product: Apple macOSCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24174NVD References: - https://support.apple.com/en-us/122068- https://support.apple.com/en-us/122069- https://support.apple.com/en-us/122070CVE-2024-57052 - YoudianCMS v.9.5.20 and before allows a remote attacker to escalate privileges via the sessionID parameter in the index.php file.Product: YoudianCMSCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57052NVD References: https://gist.github.com/yahaha9/720fb45bbebda62dc198568c8d275df8CVE-2024-57548 - CMSimple 5.16 allows the user to edit log.php file via print page.Product: CMSimpleCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57548NVD References: - https://gist.github.com/h4ckr4v3n/afbb87b5a05f283dbee705709c2769eb- https://github.com/h4ckr4v3n/cmsimple5.16_research/blob/main/CMSimple%205.16%20Broken%20Access%20Control%20to%20log.php.mdCVE-2022-3365 - Remote Mouse Server by Emote Interactive allows for injection of OS commands due to weak encryption and default password usage.Product: Emote Interactive Remote Mouse ServerCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-3365NVD References: https://github.com/rapid7/metasploit-framework/pull/17067CVE-2024-12647, CVE-2024-12648, CVE-2024-12649 - Satera MF656Cdw/Satera MF654Cdw Small Office Multifunction Printers and Laser Printers may be susceptible to buffer overflow vulnerabilities, leading to potential network unresponsiveness or arbitrary code execution.Product: Canon Small Office Multifunction Printers and Laser PrintersCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12647NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12648NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12649NVD References: - https://canon.jp/support/support-info/25…

Product: Apple macOS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24146

NVD References:

- https://support.apple.com/en-us/122068

- https://support.apple.com/en-us/122069

- https://support.apple.com/en-us/122070

Product: Apple macOS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24151

NVD References:

- https://support.apple.com/en-us/122068

- https://support.apple.com/en-us/122069

- https://support.apple.com/en-us/122070

Product: Multiple Apple products

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24154

NVD References:

- https://support.apple.com/en-us/122066

- https://support.apple.com/en-us/122068

- https://support.apple.com/en-us/122069

- https://support.apple.com/en-us/122070

- https://support.apple.com/en-us/122073

Product: Multiple Apple products

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24162

NVD References:

- https://support.apple.com/en-us/122066

- https://support.apple.com/en-us/122068

- https://support.apple.com/en-us/122071

- https://support.apple.com/en-us/122072

- https://support.apple.com/en-us/122073

- https://support.apple.com/en-us/122074

Product: Multiple Apple products

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24163

NVD References:

- https://support.apple.com/en-us/122066

- https://support.apple.com/en-us/122067

- https://support.apple.com/en-us/122068

- https://support.apple.com/en-us/122069

- https://support.apple.com/en-us/122071

- https://support.apple.com/en-us/122072

- https://support.apple.com/en-us/122073

Product: Apple macOS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24174

NVD References:

- https://support.apple.com/en-us/122068

- https://support.apple.com/en-us/122069

- https://support.apple.com/en-us/122070

Product: YoudianCMS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57052

NVD References: https://gist.github.com/yahaha9/720fb45bbebda62dc198568c8d275df8

Product: CMSimple

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57548

NVD References:

- https://gist.github.com/h4ckr4v3n/afbb87b5a05f283dbee705709c2769eb

- https://github.com/h4ckr4v3n/cmsimple5.16_research/blob/main/CMSimple%205.16%20Broken%20Access%20Control%20to%20log.php.md

Product: Emote Interactive Remote Mouse Server

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-3365

NVD References: https://github.com/rapid7/metasploit-framework/pull/17067

Product: Canon Small Office Multifunction Printers and Laser Printers

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12647

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12648

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12649

NVD References:

- https://canon.jp/support/support-info/250127vulnerability-response

- https://psirt.canon/advisory-information/cp2025-001/

- https://www.canon-europe.com/support/product-security/#news

- https://www.usa.canon.com/support/canon-product-advisories/service-notice-regarding-vulnerability-measure-against-buffer-overflow-for-laser-printers-and-small-office-multifunctional-printers

Product: ThemeREX Addons

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13448

NVD References:

- https://themeforest.net/item/qwery-multipurpose-business-wordpress-theme/29678687

- https://www.wordfence.com/threat-intel/vulnerabilities/id/7c1372bd-821d-439c-9b11-dfa5f08dd0dd?source=cve

Product: TeamViewer Clients

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-0065

ISC Podcast: https://isc.sans.edu/podcastdetail/9300

NVD References: https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1001/

Product: Tandoor Recipes Jinja2

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-23211

NVD References:

- https://github.com/TandoorRecipes/recipes/blob/4f9bff20c858180d0f7376de443a9fe4c123a50c/cookbook/helper/template_helper.py#L95

- https://github.com/TandoorRecipes/recipes/commit/e6087d5129cc9d0c24278948872377e66c2a2c20

- https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-r6rj-h75w-vj8v

- https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-r6rj-h75w-vj8v

Product: VMware Avi Load Balancer

CVSS Score: 8.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22217

ISC Podcast: https://isc.sans.edu/podcastdetail/9302

NVD References: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25346

Product: mySCADA myPRO

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-20014

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-20061

NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-25-023-01

Product: Celk Saúde 3.1.252.1

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48761

NVD References:

- https://github.com/gabriel-bri/vulnerability-research/tree/main/CVE-2024-48761

Product: Safety production process management system v1.0

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57395

NVD References:

- http://www.hzzcka.com/

- https://github.com/qtxz54/Vul/blob/main/WeakPasswd/Safety-production-process-management-system.md

Product: Deep Java Library (DJL)

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-0851

NVD References:

- https://aws.amazon.com/security/security-bulletins/AWS-2025-003/

- https://github.com/deepjavalibrary/djl/security/advisories/GHSA-jcrp-x7w3-ffmg

Product: JFinalCMS Content

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57665

NVD References:

- https://github.com/Nbccccc/vulnerability_discovery/blob/main/JFinalCMS/JFinalCms%20SQL%20Injection.md

- https://github.com/Nbccccc/vulnerability_discovery/blob/main/JFinalCMS/JFinalCms%20SQL%20Injection.md

Product: Microsoft Azure AI Face Service

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21415

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21415

Product: UserPro Media Manager

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12822

NVD References:

- https://codecanyon.net/item/media-manager-for-userpro/8664618

- https://www.wordfence.com/threat-intel/vulnerabilities/id/a57b2afa-b943-419f-9819-d7b6835c4d10?source=cve

Product: iControlWP

Active Installations: 1,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13742

NVD References:

- https://plugins.trac.wordpress.org/browser/worpit-admin-dashboard-plugin/tags/4.4.5/lib/src/LegacyApi/RequestParameters.php#L42

- https://plugins.trac.wordpress.org/browser/worpit-admin-dashboard-plugin/tags/4.4.5/src/api/RequestParameters.php#L14

- https://www.wordfence.com/threat-intel/vulnerabilities/id/6f25b0cc-60ec-49a0-8356-fd3fba97e987?source=cve

Product: Microsoft Windows Server

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12248

NVD References:

- https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-030-01

- https://www.fda.gov/medical-devices/safety-communications/cybersecurity-vulnerabilities-certain-patient-monitors-contec-and-epsimed-fda-safety-communication

Product: Vendor Sierra Wireless AirLink ES450

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-0680

NVD References:

- https://www.cisa.gov/news-events/ics-advisories/icsa-25-030-02

- https://www.newrocktech.com/ContactUs/index.html

Product: NVIDIA GPU Drivers

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47891

NVD References: https://www.imaginationtech.com/gpu-driver-vulnerabilities/

Product: MultiVendorX The Ultimate WooCommerce Multivendor Marketplace Solution

Active Installations: 5,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-0493

NVD References:

- https://plugins.trac.wordpress.org/browser/dc-woocommerce-multi-vendor/tags/4.2.14/classes/class-mvx-ajax.php#L661

- https://plugins.trac.wordpress.org/browser/dc-woocommerce-multi-vendor/tags/4.2.15/classes/class-mvx-ajax.php#L661

- https://www.wordfence.com/threat-intel/vulnerabilities/id/812029d9-95d6-4bc9-98b2-700f462163b3?source=cve

Product: TeamCal Neo

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-0929

NVD References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-teamcal-neo

Product: Qualisys C++ SDK

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-53320

NVD References: https://github.com/qualisys/qualisys_cpp_sdk/issues/47

Product: SSH Communication Security PrivX

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47857

NVD References:

- https://info.ssh.com/impersonation-vulnerability-privx

- https://ssh.com

Product: OpenPanel v0.3.4

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-53584

NVD References:

- https://openpanel.com/docs/changelog/0.3.5/#%EF%B8%8F-security-fixes

- https://packetstorm.news/files/id/188915/

Product: Macrozheng mall-tiny

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57432

NVD References: https://github.com/peccc/restful_vul/blob/main/mall_tiny_weak_jwt/mall_tiny_weak_jwt.md

Product: ZZCMS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22957

NVD References:

- http://www.zzcms.net/

- https://github.com/youyouiooi/vulnerability-reports/blob/main/CVE-2025-22957/REANDE.md

Product: EasyVirt DCScope

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-53356

NVD References:

- https://github.com/Elymaro/CVE/blob/main/EasyVirt/CVE-2024-53356.md

- https://github.com/Elymaro/CVE/blob/main/EasyVirt/CVE-2024-53356.md

Product: EasyVirt DCScope

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55062

NVD References:

- https://github.com/Elymaro/CVE/blob/main/EasyVirt/CVE-2024-55062.md

- https://github.com/Elymaro/CVE/blob/main/EasyVirt/CVE-2024-55062.md

Product: Dumb Drop file upload application

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24891

NVD References:

- https://github.com/DumbWareio/DumbDrop/commit/cb586316648ccbfb21d27b84e90d72ccead9819d

- https://github.com/DumbWareio/DumbDrop/security/advisories/GHSA-24f2-fv38-3274

Product: Mediatek NR16

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-20634

NVD References: https://corp.mediatek.com/product-security-bulletin/February-2025

Product: MagePeople Team Taxi Booking Manager for WooCommerce

Active Installations: 1,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24661

NVD References: https://patchstack.com/database/wordpress/plugin/ecab-taxi-booking-manager/vulnerability/wordpress-taxi-booking-manager-for-woocommerce-plugin-1-1-8-php-object-injection-vulnerability?_s_id=cve

Product: Microsoft Internet Explorer

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45569

NVD References: https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html

Product: Advantive VeraCore

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57968

NVD References:

- https://advantive.my.site.com/support/s/article/VeraCore-Release-Notes-2024-4-2-1

- https://intezer.com/blog/research/xe-group-exploiting-zero-days/

Product: Apache Software Foundation Apache Solr

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52012

ISC Podcast: https://isc.sans.edu/podcastdetail/9298

NVD References:

- https://lists.apache.org/thread/yp39pgbv4vf1746pf5yblz84lv30vfxd

- http://www.openwall.com/lists/oss-security/2025/01/26/2