The Consensus Security Vulnerability Alert

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

Crypto Wallet Scam

Published: 2025-02-03

Last Updated: 2025-02-03 09:10:15 UTC

by Didier Stevens (Version: 1)

Johannes noticed a SPAM comment on his YouTube channel ...

It was clear to us that this was a scam, but it wasn't clear to us how it worked.

The seed phrase allows you to derive the private keys of the wallets, and gives you full control over the wallet. And as security professionals, we know you must never share private keys. So the scammer wants us to think that they shared their private keys without understanding the risk. And thus creating a (false) opportunity for dishonest people wanting to appropriate the content of the wallet. Because you have the private keys, you can move the funds out of the wallet to your own wallet.

So one could install wallet software and use the private key to control the wallet.

But let's do this a bit differently.

Mnemonic Code Converter is an online/offline HTML page that takes seed phrases and converts them to a seed (BIP39) and addresses (BIP44).

Doing this for the scammer's seed phrase give this ...

Read the full entry: https://isc.sans.edu/diary/Crypto+Wallet+Scam/31646/

Some updates to our data feeds

Published: 2025-02-04

Last Updated: 2025-02-04 16:01:03 UTC

by Johannes Ullrich (Version: 1)

We have offered several different data feeds via our API or other means. However, we are often not very good at documenting what these feeds are all about. Currently, I am in the process of fixing the documentation around these data feeds.

These data feeds are used to augment our data, but may also be helpful to add "color to your logs", which is how I see most of this data being used. Many data feeds do not contain lists of IPs that should be classified as malicious. For example, we attempt to collect IP addresses of public NTP servers. These are usually part of "pool.ntp.org". We are collecting them because they have triggered false positives. Knowing that an IP address is associated with a public NTP server in case you see odd traffic from or to port 123 is helpful.

Just last week, I came across another resource that I found helpful: rosti.bin.re extracts IoCs from various sources like news articles and blog posts. I added this data to our "IP Info" page to provide this useful context in case you are searching for an IP.

The data we produce is published under a "Creative Commons" license. You may use the data for free if you acknowledge the source and do not resell the data. We do not offer commercial licenses, but if you ask nicely and do not play stupid vendor tricks, we will sometimes allow commercial use. Using the data to help you secure your network is always okay, even if the network is commercial. All data is provided "as is" and we are not responsible if you break your network, lose your job, or start a nuclear war by replacing your dead man switch with our API.

So why do we not make these lists simple "blocklists" for your firewall? In my opinion, most of these lists are stupid, and ours would not be any better. I am not able to tell you what IPs you should block. Many of these IPs exploit well-known vulnerabilities. Spend your time fixing the vulnerability. We will never have a list of all IPs exploiting a particular vulnerability, and the list will never be free of false positives. Consume the data responsibly. We are not going to help you waste time or money. If you need help with that, please contact your enterprise security vendor.

We do, however, always like your data :). The best way to say "Thank You" is to run a honeypot and feed us data. We also appreciate feedback and suggestions for other data sources. Please use our contact page to provide feedback. We would particularly like to hear how you use our data ...

Read the full entry: https://isc.sans.edu/diary/Some+updates+to+our+data+feeds/31650/

To Simulate or Replicate: Crafting Cyber Ranges (2025.01.31)

https://isc.sans.edu/diary/To+Simulate+or+Replicate+Crafting+Cyber+Ranges/31642/

PCAPs or It Didn't Happen: Exposing an Old Netgear Vulnerability Still Active in 2025 [Guest Diary] (2025.01.30)

https://isc.sans.edu/diary/PCAPs+or+It+Didnt+Happen+Exposing+an+Old+Netgear+Vulnerability+Still+Active+in+2025+Guest+Diary/31638/

The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

CVE-2024-55591 - FortiOS and FortiProxy versions 7.0.0 through 7.0.16 and 7.2.0 through 7.2.12 are vulnerable to an Authentication Bypass Using an Alternate Path or Channel (CWE-288) that allows remote attackers to gain super-admin privileges via crafted requests to Node.js websocket module.

Product: Fortinet FortiOS

CVSS Score: 0

** KEV since 2025-01-14 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55591

ISC Podcast: https://isc.sans.edu/podcastdetail/9298

CVE-2025-24085 - visionOS, iOS, iPadOS, macOS Sequoia, watchOS, and tvOS versions before 2.3, 18.3, 18.3, 15.3, 11.3, and 18.3 respectively are vulnerable to a use after free issue that can allow a malicious application to elevate privileges.

Product: Multiple Apple products

CVSS Score: 7.8

** KEV since 2025-01-29 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24085

NVD References:

- https://support.apple.com/en-us/122066

- https://support.apple.com/en-us/122068

- https://support.apple.com/en-us/122071

- https://support.apple.com/en-us/122072

- https://support.apple.com/en-us/122073

CVE-2024-12847 - NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability, allowing remote attackers to execute arbitrary OS commands as root through crafted HTTP requests to setup.cgi endpoint.

Product: NETGEAR DGN1000

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12847

ISC Diary: https://isc.sans.edu/diary/31638

CVE-2025-24601 - Deserialization of Untrusted Data vulnerability in ThimPress FundPress allows Object Injection. This issue affects FundPress: from n/a through 2.0.6.

Product: ThimPress FundPress

Active Installations: 300+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24601

NVD References: https://patchstack.com/database/wordpress/plugin/fundpress/vulnerability/wordpress-fundpress-plugin-2-0-6-php-object-injection-vulnerability?_s_id=cve

CVE-2025-24612 - MORKVA Shipping for Nova Poshta up to version 1.19.6 is vulnerable to SQL Injection, allowing attackers to manipulate SQL commands.

Product: MORKVA Shipping for Nova Poshta

Active Installations: 500+

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24612

NVD References: https://patchstack.com/database/wordpress/plugin/nova-poshta-ttn/vulnerability/wordpress-shipping-for-nova-poshta-plugin-1-19-6-sql-injection-vulnerability?_s_id=cve

CVE-2024-57590 - TRENDnet TEW-632BRP v1.010B31 devices are vulnerable to OS command injections via the "ntp_sync.cgi" interface, allowing remote hackers to execute arbitrary commands.

Product: TRENDnet TEW-632BRP

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57590

NVD References: https://github.com/IdaJea/IOT_vuln_1/blob/master/tew632/ntp_sync.md

CVE-2024-57595 - DLINK DIR-825 REVB 2.03 devices are vulnerable to OS command injection via the "wps_pin" parameter in the apc_client_pin.cgi interface, allowing remote attackers to execute arbitrary commands.

Product: DLINK DIR-825 REVB 2.03

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57595

NVD References:

- https://github.com/IdaJea/IOT_vuln_1/blob/master/DIR825/wps_pin.md

- https://www.dlink.com/en/security-bulletin/

CVE-2025-24664 - Eniture Technology LTL Freight Quotes – Worldwide Express Edition is vulnerable to SQL Injection, allowing malicious actors to inject and execute unauthorized SQL commands affecting versions n/a through 5.0.20.

Product: Eniture Technology LTL Freight Quotes - Worldwide Express Edition

Active Installations: 100+

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24664

NVD References: https://patchstack.com/database/wordpress/plugin/ltl-freight-quotes-worldwide-express-edition/vulnerability/wordpress-ltl-freight-quotes-plugin-5-0-20-sql-injection-vulnerability?_s_id=cve

CVE-2025-24671 - Pdfcrowd Save as PDF plugin by Pdfcrowd is vulnerable to a Deserialization of Untrusted Data issue allowing Object Injection from versions n/a through 4.4.0.

Product: Pdfcrowd Save as PDF plugin

Active Installations: 1,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24671

NVD References: https://patchstack.com/database/wordpress/plugin/save-as-pdf-by-pdfcrowd/vulnerability/wordpress-save-as-pdf-plugin-by-pdfcrowd-plugin-4-4-0-php-object-injection-vulnerability?_s_id=cve

CVE-2025-22604 - Cacti is vulnerable to authenticated users injecting malformed OIDs in responses, leading to a command execution flaw fixed in version 1.2.29.

Product: Cacti

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22604

NVD References:

- https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0

- https://github.com/Cacti/cacti/security/advisories/GHSA-c5j8-jxj3-hh36

CVE-2024-48841 - Network access can be used to execute arbitrary code with elevated privileges. This issue affects FLXeon 9.3.4 and older.

Product: FLXeon

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48841

NVD References: https://search.abb.com/library/Download.aspx?DocumentID=9AKK108470A5684&LanguageCode=en&DocumentPartId=PDF&Action=Launch

CVE-2024-48849 - FLXeon allows unauthorized HTTPS requests due to inadequate session management, affecting versions up to 9.3.4.

Product: FLXeon

CVSS Score: 9.4

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48849

NVD References: https://search.abb.com/library/Download.aspx?DocumentID=9AKK108470A5684&LanguageCode=en&DocumentPartId=PDF&Action=Launch

CVE-2024-48852 - FLXeon may improperly disclose sensitive information through https access due to insertion of data into log files.

Product: FLXeon

CVSS Score: 9.4

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48852

NVD References: https://search.abb.com/library/Download.aspx?DocumentID=9AKK108470A5684&LanguageCode=en&DocumentPartId=PDF&Action=Launch

CVE-2024-54512 - watchOS, iOS, and iPadOS versions 11.2 and 18.2 were vulnerable to a system binary that could be exploited to fingerprint a user's Apple Account but the issue has been fixed by removing relevant flags.

Product: Multiple Apple products

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54512

NVD References:

- https://support.apple.com/en-us/121837

- https://support.apple.com/en-us/121843

CVE-2024-54530 - macOS Sequoia, watchOS, visionOS, iOS, and iPadOS versions 15.2, 11.2, 2.2, 18.2, and 18.2 allow password autofill to fill in passwords after failing authentication due to improved checks.

Product: Multiple Apple products

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54530

NVD References:

- https://support.apple.com/en-us/121837

- https://support.apple.com/en-us/121839

- https://support.apple.com/en-us/121843

- https://support.apple.com/en-us/121845

CVE-2025-24093 - macOS Ventura and macOS Sonoma versions 13.7.3 and 14.7.3 resolved a permissions issue allowing apps to access removable volumes without user consent.

Product: Apple macOS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24093

NVD References:

- https://support.apple.com/en-us/122069

- https://support.apple.com/en-us/122070

CVE-2025-24102 - iPadOS, macOS Sequoia, macOS Sonoma, and macOS Ventura versions 17.7.4, 15.3, 14.7.3, and 13.7.3 respectively fixed an issue where an app could determine a user's current location by implementing improved checks.

Product: Multiple Apple products

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24102

NVD References:

- https://support.apple.com/en-us/122067

- https://support.apple.com/en-us/122068

- https://support.apple.com/en-us/122069

- https://support.apple.com/en-us/122070

CVE-2025-24106 - macOS Ventura, macOS Sequoia, and macOS Sonoma versions 13.7.3, 15.3, and 14.7.3 are susceptible to unexpected app termination when parsing certain files.

Product: Apple macOS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24106

NVD References:

- https://support.apple.com/en-us/122068

- https://support.apple.com/en-us/122069

- https://support.apple.com/en-us/122070

CVE-2025-24109 - macOS Ventura, macOS Sequoia, and macOS Sonoma were fixed for a downgrade issue that allowed apps to access sensitive user data through additional code-signing restrictions.

Product: Apple macOS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24109

NVD References:

- https://support.apple.com/en-us/122068

- https://support.apple.com/en-us/122069

- https://support.apple.com/en-us/122070

CVE-2025-24118 - iPadOS, macOS Sequoia, and macOS Sonoma versions 17.7.4, 15.3, and 14.7.3 respectively exhibit improved memory handling to prevent unexpected system termination or kernel memory writing by malicious apps.

Product: Multiple Apple products

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24118

NVD References:

- https://support.apple.com/en-us/122067

- https://support.apple.com/en-us/122068

- https://support.apple.com/en-us/122069

CVE-2025-24123 & CVE-2025-24124 - Parsing a file in various Apple products may lead to an unexpected app termination but has been fixed in recent updates.

Product: Multiple Apple products

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24123

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24124

NVD References:

- https://support.apple.com/en-us/122066

- https://support.apple.com/en-us/122067

- https://support.apple.com/en-us/122068

- https://support.apple.com/en-us/122069

- https://support.apple.com/en-us/122070

- https://support.apple.com/en-us/122071

- https://support.apple.com/en-us/122072

- https://support.apple.com/en-us/122073

CVE-2025-24126 - visionOS 2.3, iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, and tvOS 18.3 fixed an input validation issue, which could allow a local network attacker to terminate the system or corrupt process memory.

Product: Multiple Apple products

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24126

NVD References:

- https://support.apple.com/en-us/122066

- https://support.apple.com/en-us/122068

- https://support.apple.com/en-us/122071

- https://support.apple.com/en-us/122072

- https://support.apple.com/en-us/122073

CVE-2025-24130 - macOS Ventura, macOS Sequoia, and macOS Sonoma are vulnerable to an issue where an app may be able to modify protected parts of the file system, but it has been fixed with improved checks in versions 13.7.3, 15.3, and 14.7.3.

Product: Apple macOS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24130

NVD References:

- https://support.apple.com/en-us/122068

- https://support.apple.com/en-us/122069

- https://support.apple.com/en-us/122070

CVE-2025-24135 - macOS Sequoia 15.3 allows an app to gain elevated privileges due to improved message validation issues.

Product: Apple macOS Sequoia

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24135

NVD References: https://support.apple.com/en-us/122068

CVE-2025-24139 - macOS is vulnerable to unexpected app termination when parsing a maliciously crafted file, fixed in recent updates.

Product: Apple macOS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24139

NVD References:

- https://support.apple.com/en-us/122068

- https://support.apple.com/en-us/122069

- https://support.apple.com/en-us/122070

CVE-2025-24146 - macOS Messages may expose user contact information in system logging when deleting a conversation.

Product: Apple macOS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24146

NVD References:

- https://support.apple.com/en-us/122068

- https://support.apple.com/en-us/122069

- https://support.apple.com/en-us/122070

CVE-2025-24151 - macOS Ventura, macOS Sequoia, and macOS Sonoma are vulnerable to an app being able to cause unexpected system termination or corrupt kernel memory due to poor memory handling.

Product: Apple macOS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24151

NVD References:

- https://support.apple.com/en-us/122068

- https://support.apple.com/en-us/122069

- https://support.apple.com/en-us/122070

CVE-2025-24154 - macOS, visionOS, iOS, and iPadOS are vulnerable to an out-of-bounds write issue that could allow an attacker to cause unexpected system termination or corrupt kernel memory, which has been fixed in the latest updates.

Product: Multiple Apple products

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24154

NVD References:

- https://support.apple.com/en-us/122066

- https://support.apple.com/en-us/122068

- https://support.apple.com/en-us/122069

- https://support.apple.com/en-us/122070

- https://support.apple.com/en-us/122073

CVE-2025-24162 - visionOS, Safari, iOS, iPadOS, macOS Sequoia, watchOS, and tvOS versions 2.3, 18.3, 18.3, 18.3, 15.3, 11.3, and 18.3, may crash unexpectedly due to processing maliciously crafted web content.

Product: Multiple Apple products

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24162

NVD References:

- https://support.apple.com/en-us/122066

- https://support.apple.com/en-us/122068

- https://support.apple.com/en-us/122071

- https://support.apple.com/en-us/122072

- https://support.apple.com/en-us/122073

- https://support.apple.com/en-us/122074

CVE-2025-24163 - iPadOS, macOS, visionOS, iOS, iPadOS, macOS, watchOS, and tvOS versions 17.7.4, 14.7.3, 2.3, 18.3, 18.3, 15.3, 11.3, and 18.3 may experience unexpected app termination when parsing a file, but has been fixed with improved checks.

Product: Multiple Apple products

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24163

NVD References:

- https://support.apple.com/en-us/122066

- https://support.apple.com/en-us/122067

- https://support.apple.com/en-us/122068

- https://support.apple.com/en-us/122069

- https://support.apple.com/en-us/122071

- https://support.apple.com/en-us/122072

- https://support.apple.com/en-us/122073

CVE-2025-24174 - macOS Ventura, macOS Sequoia, and macOS Sonoma have vulnerabilities that allow apps to bypass Privacy preferences, fixed in versions 13.7.3, 15.3, and 14.7.3 respectively.

Product: Apple macOS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24174

NVD References:

- https://support.apple.com/en-us/122068

- https://support.apple.com/en-us/122069

- https://support.apple.com/en-us/122070

CVE-2024-57052 - YoudianCMS v.9.5.20 and before allows a remote attacker to escalate privileges via the sessionID parameter in the index.php file.

Product: YoudianCMS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57052

NVD References: https://gist.github.com/yahaha9/720fb45bbebda62dc198568c8d275df8

CVE-2024-57548 - CMSimple 5.16 allows the user to edit log.php file via print page.

Product: CMSimple

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57548

NVD References:

- https://gist.github.com/h4ckr4v3n/afbb87b5a05f283dbee705709c2769eb

- https://github.com/h4ckr4v3n/cmsimple5.16_research/blob/main/CMSimple%205.16%20Broken%20Access%20Control%20to%20log.php.md

CVE-2022-3365 - Remote Mouse Server by Emote Interactive allows for injection of OS commands due to weak encryption and default password usage.

Product: Emote Interactive Remote Mouse Server

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-3365

NVD References: https://github.com/rapid7/metasploit-framework/pull/17067

CVE-2024-12647, CVE-2024-12648, CVE-2024-12649 - Satera MF656Cdw/Satera MF654Cdw Small Office Multifunction Printers and Laser Printers may be susceptible to buffer overflow vulnerabilities, leading to potential network unresponsiveness or arbitrary code execution.

Product: Canon Small Office Multifunction Printers and Laser Printers

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12647

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12648

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12649

NVD References:

- https://canon.jp/support/support-info/250127vulnerability-response

- https://psirt.canon/advisory-information/cp2025-001/

- https://www.canon-europe.com/support/product-security/#news

- https://www.usa.canon.com/support/canon-product-advisories/service-notice-regarding-vulnerability-measure-against-buffer-overflow-for-laser-printers-and-small-office-multifunctional-printers

CVE-2024-13448 - The ThemeREX Addons WordPress plugin allows unauthenticated attackers to perform arbitrary file uploads, potentially leading to remote code execution.

Product: ThemeREX Addons

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13448

NVD References:

- https://themeforest.net/item/qwery-multipurpose-business-wordpress-theme/29678687

- https://www.wordfence.com/threat-intel/vulnerabilities/id/7c1372bd-821d-439c-9b11-dfa5f08dd0dd?source=cve

CVE-2025-0065 - TeamViewer Clients prior version 15.62 for Windows allows an attacker to elevate privileges via argument injection.

Product: TeamViewer Clients

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-0065

ISC Podcast: https://isc.sans.edu/podcastdetail/9300

NVD References: https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1001/

CVE-2025-23211 - Tandoor Recipes is an application with a Jinja2 SSTI vulnerability that allows any user to execute commands on the server as root in versions prior to 1.5.24.

Product: Tandoor Recipes Jinja2

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-23211

NVD References:

- https://github.com/TandoorRecipes/recipes/blob/4f9bff20c858180d0f7376de443a9fe4c123a50c/cookbook/helper/template_helper.py#L95

- https://github.com/TandoorRecipes/recipes/commit/e6087d5129cc9d0c24278948872377e66c2a2c20

- https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-r6rj-h75w-vj8v

- https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-r6rj-h75w-vj8v

CVE-2025-22217 - Avi Load Balancer is vulnerable to unauthenticated blind SQL Injection, allowing a malicious user with network access to gain database access.

Product: VMware Avi Load Balancer

CVSS Score: 8.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22217

ISC Podcast: https://isc.sans.edu/podcastdetail/9302

NVD References: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25346

CVE-2025-20014 & CVE-2025-20061 - mySCADA myPRO is vulnerable to remote code execution.

Product: mySCADA myPRO

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-20014

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-20061

NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-25-023-01

CVE-2024-48761 - Celk Saude 3.1.252.1 is vulnerable to injection attacks as the component processing user input for error messages lacks proper validation or sanitization of the "erro" parameter, allowing attackers to manipulate input and exploit the system.

Product: Celk Saúde 3.1.252.1

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48761

NVD References:

- https://github.com/gabriel-bri/vulnerability-research/tree/main/CVE-2024-48761

CVE-2024-57395 - Safety production process management system v1.0 is vulnerable to remote attackers who can escalate privileges, execute arbitrary code, and access sensitive information through the password and account number parameters.

Product: Safety production process management system v1.0

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57395

NVD References:

- http://www.hzzcka.com/

- https://github.com/qtxz54/Vul/blob/main/WeakPasswd/Safety-production-process-management-system.md

CVE-2025-0851 - Deep Java Library (DJL) is vulnerable to a path traversal issue that allows malicious users to write files to any location.

Product: Deep Java Library (DJL)

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-0851

NVD References:

- https://aws.amazon.com/security/security-bulletins/AWS-2025-003/

- https://github.com/deepjavalibrary/djl/security/advisories/GHSA-jcrp-x7w3-ffmg

CVE-2024-57665 - JFinalCMS 1.0 is vulnerable to SQL Injection in rc/main/java/com/cms/entity/Content.java due to controllable title parameter being concatenated directly into filterSql without filtering.

Product: JFinalCMS Content

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57665

NVD References:

- https://github.com/Nbccccc/vulnerability_discovery/blob/main/JFinalCMS/JFinalCms%20SQL%20Injection.md

- https://github.com/Nbccccc/vulnerability_discovery/blob/main/JFinalCMS/JFinalCms%20SQL%20Injection.md

CVE-2025-21415 - Authentication bypass by spoofing in Azure AI Face Service allows an authorized attacker to elevate privileges over a network.

Product: Microsoft Azure AI Face Service

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21415

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21415

CVE-2024-12822 - UserPro plugin for WordPress is vulnerable to unauthorized data modification and privilege escalation due to a missing capability check on the add_capto_img() function in versions up to 3.11.0, allowing unauthenticated attackers to update arbitrary options and potentially gain administrative access to a site.

Product: UserPro Media Manager

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12822

NVD References:

- https://codecanyon.net/item/media-manager-for-userpro/8664618

- https://www.wordfence.com/threat-intel/vulnerabilities/id/a57b2afa-b943-419f-9819-d7b6835c4d10?source=cve

CVE-2024-13742 - The iControlWP – Multiple WordPress Site Manager plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.5, potentially allowing unauthenticated attackers to inject a PHP Object via deserialization of untrusted input from the reqpars parameter.

Product: iControlWP

Active Installations: 1,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13742

NVD References:

- https://plugins.trac.wordpress.org/browser/worpit-admin-dashboard-plugin/tags/4.4.5/lib/src/LegacyApi/RequestParameters.php#L42

- https://plugins.trac.wordpress.org/browser/worpit-admin-dashboard-plugin/tags/4.4.5/src/api/RequestParameters.php#L14

- https://www.wordfence.com/threat-intel/vulnerabilities/id/6f25b0cc-60ec-49a0-8356-fd3fba97e987?source=cve

CVE-2024-12248 - The affected product is vulnerable to an out-of-bounds write, allowing remote attackers to execute arbitrary code via specially formatted UDP requests.

Product: Microsoft Windows Server

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12248

NVD References:

- https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-030-01

- https://www.fda.gov/medical-devices/safety-communications/cybersecurity-vulnerabilities-certain-patient-monitors-contec-and-epsimed-fda-safety-communication

CVE-2025-0680 - The affected product allows remote attackers to take control over connected devices due to a vulnerability in the device cloud rpc command handling process.

Product: Vendor Sierra Wireless AirLink ES450

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-0680

NVD References:

- https://www.cisa.gov/news-events/ics-advisories/icsa-25-030-02

- https://www.newrocktech.com/ContactUs/index.html

CVE-2024-47891 - Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.

Product: NVIDIA GPU Drivers

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47891

NVD References: https://www.imaginationtech.com/gpu-driver-vulnerabilities/

CVE-2025-0493 - The MultiVendorX plugin for WordPress is vulnerable to Limited Local File Inclusion up to version 4.2.14, allowing unauthenticated attackers to include PHP files on the server with potential for bypassing access controls or executing malicious code.

Product: MultiVendorX The Ultimate WooCommerce Multivendor Marketplace Solution

Active Installations: 5,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-0493

NVD References:

- https://plugins.trac.wordpress.org/browser/dc-woocommerce-multi-vendor/tags/4.2.14/classes/class-mvx-ajax.php#L661

- https://plugins.trac.wordpress.org/browser/dc-woocommerce-multi-vendor/tags/4.2.15/classes/class-mvx-ajax.php#L661

- https://www.wordfence.com/threat-intel/vulnerabilities/id/812029d9-95d6-4bc9-98b2-700f462163b3?source=cve

CVE-2025-0929 - TeamCal Neo version 3.8.2 is vulnerable to SQL injection, allowing attackers to retrieve, update, and delete database information via the 'abs' parameter in '/teamcal/src/index.php'.

Product: TeamCal Neo

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-0929

NVD References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-teamcal-neo

CVE-2024-53320 - Qualisys C++ SDK commit a32a21a was discovered to contain multiple stack buffer overflows via the GetCurrentFrame, SaveCapture, and LoadProject functions.

Product: Qualisys C++ SDK

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-53320

NVD References: https://github.com/qualisys/qualisys_cpp_sdk/issues/47

CVE-2024-47857 - PrivX versions between 18.0-36.0 have a vulnerability that allows an existing account to impersonate another account and gain unauthorized SSH access.

Product: SSH Communication Security PrivX

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47857

NVD References:

- https://info.ssh.com/impersonation-vulnerability-privx

- https://ssh.com

CVE-2024-53584 - OpenPanel v0.3.4 was discovered to contain an OS command injection vulnerability via the timezone parameter.

Product: OpenPanel v0.3.4

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-53584

NVD References:

- https://openpanel.com/docs/changelog/0.3.5/#%EF%B8%8F-security-fixes

- https://packetstorm.news/files/id/188915/

CVE-2024-57432 - Macrozheng mall-tiny 1.0.1 has hardcoded JWT signing keys, allowing for authentication bypass by forging any user's JWT.

Product: Macrozheng mall-tiny

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57432

NVD References: https://github.com/peccc/restful_vul/blob/main/mall_tiny_weak_jwt/mall_tiny_weak_jwt.md

CVE-2025-22957 - ZZCMS <= 2023 has a SQL injection vulnerability in the front-end that could allow attackers to access the database and extract sensitive information without authentication.

Product: ZZCMS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22957

NVD References:

- http://www.zzcms.net/

- https://github.com/youyouiooi/vulnerability-reports/blob/main/CVE-2025-22957/REANDE.md

CVE-2024-53356 - EasyVirt DCScope <=8.6.0 and CO2Scope <=1.3.0 are vulnerable to privilege escalation due to weak encryption in the password token, allowing for potential brute-force attacks on the password token.

Product: EasyVirt DCScope

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-53356

NVD References:

- https://github.com/Elymaro/CVE/blob/main/EasyVirt/CVE-2024-53356.md

- https://github.com/Elymaro/CVE/blob/main/EasyVirt/CVE-2024-53356.md

CVE-2024-55062 - EasyVirt DCScope 8.6.0 and earlier and co2Scope 1.3.0 and earlier are vulnerable to Command injection.

Product: EasyVirt DCScope

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55062

NVD References:

- https://github.com/Elymaro/CVE/blob/main/EasyVirt/CVE-2024-55062.md

- https://github.com/Elymaro/CVE/blob/main/EasyVirt/CVE-2024-55062.md

CVE-2025-24891 - Dumb Drop allows users to upload files, but a path traversal vulnerability allows attackers to overwrite system files, potentially gaining root access without authentication.

Product: Dumb Drop file upload application

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24891

NVD References:

- https://github.com/DumbWareio/DumbDrop/commit/cb586316648ccbfb21d27b84e90d72ccead9819d

- https://github.com/DumbWareio/DumbDrop/security/advisories/GHSA-24f2-fv38-3274

CVE-2025-20634 - Modem is vulnerable to a possible out of bounds write, allowing remote code execution without any user interaction required.

Product: Mediatek NR16

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-20634

NVD References: https://corp.mediatek.com/product-security-bulletin/February-2025

CVE-2025-24661 - MagePeople Team Taxi Booking Manager for WooCommerce is vulnerable to Object Injection via the Deserialization of Untrusted Data, affecting versions from n/a through 1.1.8.

Product: MagePeople Team Taxi Booking Manager for WooCommerce

Active Installations: 1,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24661

NVD References: https://patchstack.com/database/wordpress/plugin/ecab-taxi-booking-manager/vulnerability/wordpress-taxi-booking-manager-for-woocommerce-plugin-1-1-8-php-object-injection-vulnerability?_s_id=cve

CVE-2024-45569 - Memory corruption while parsing the ML IE due to invalid frame content.

Product: Microsoft Internet Explorer

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45569

NVD References: https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html

CVE-2024-57968 - Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders via upload.aspx, risking exposure to other users during web browsing.

Product: Advantive VeraCore

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57968

NVD References:

- https://advantive.my.site.com/support/s/article/VeraCore-Release-Notes-2024-4-2-1

- https://intezer.com/blog/research/xe-group-exploiting-zero-days/

CVE-2024-52012 - Apache Solr is vulnerable to a Relative Path Traversal issue, allowing arbitrary filepath write-access on Windows systems.

Product: Apache Software Foundation Apache Solr

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52012

ISC Podcast: https://isc.sans.edu/podcastdetail/9298

NVD References:

- https://lists.apache.org/thread/yp39pgbv4vf1746pf5yblz84lv30vfxd

- http://www.openwall.com/lists/oss-security/2025/01/26/2