SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense, Artificial Intelligence
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
VOLUME 25ISSUE 7
The Consensus Security Vulnerability Alert
Internet Storm Center Spotlight
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
ModelScan - Protection Against Model Serialization Attacks
Published: 2025-02-17
Last Updated: 2025-02-18 00:37:10 UTC
by Russ McRee (Version: 1)
Protect AI’s OSS portfolio includes tools aimed at improving security of AI/ML software. These tools are meant for a wide range of engineering, security and ML practitioners including developers, security engineers/researchers, ML engineers, LLM engineers and prompt engineers, and data scientists.
Of particular interest in light of model serialization attacks is ModelScan.
Headlines as recent as 6 FEB 2025 remind us that the popular Python Pickle serialization format, common for distributing AI models, offers attackers opportunities to inject malicious code to be executed when loading models with PyTorch. See Malicious ML models discovered on Hugging Face platform. Post training, model’s mathematical representations can be stored in a variety of data serialization formats to be shared and reused without the need for additional model training. Pickle is a popular Python module used for serializing and deserializing ML model data. While easy to use, Pickle is considered an unsafe data format, as it allows Python code to be executed during ML model deserialization.
As you can imagine, even as protective measures are being implemented, safety scanning is still recommended. ModelScan offers such capabilities with ease and convenience. ModelScan is incredibly well documented and include notebooks to aid experimentation and adoption.
I’ll share my quick setup steps, modify to your liking and preferences. These assume you’re building from scratch including Jupyter ...
Read the full entry: https://isc.sans.edu/diary/ModelScan+Protection+Against+Model+Serialization+Attacks/31692/
XWorm Cocktail: A Mix of PE data with PowerShell Code
Published: 2025-02-19
Last Updated: 2025-02-19 07:39:49 UTC
by Xavier Mertens (Version: 1)
While hunting, I spent some time trying to deobfuscate a malicious file discovered on VT. It triggered my PowerShell rule. At the end, I found two files that look close together ...
They are identified as “data files,” and their upload names are, respectively, “XClient<.>exe” and “XingCode Unblocker 2025<.>exe". XignCode is anti-cheat software primarily used in online games to prevent cheating, hacking, and the use of unauthorized third-party tools. Note the typo in the file name!
When you open the file, you see this:
Read the full entry: https://isc.sans.edu/diary/XWorm+Cocktail+A+Mix+of+PE+data+with+PowerShell+Code/31700/
Internet Storm Center Entries
The Danger of IP Volatility (2025.02.15)
https://isc.sans.edu/diary/The+Danger+of+IP+Volatility/31688/
Fake BSOD Delivered by Malicious Python Script (2025.02.14)
https://isc.sans.edu/diary/Fake+BSOD+Delivered+by+Malicious+Python+Script/31686/
DShield SIEM Docker Updates (2025.02.13)
https://isc.sans.edu/diary/DShield+SIEM+Docker+Updates/31680/
Recent CVEs
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.
CVE-2025-21391 - Windows Storage Elevation of Privilege Vulnerability
Product: Microsoft Windows 10 1507
CVSS Score: 7.1
** KEV since 2025-02-11 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21391
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21391
CVE-2025-21418 - Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Product: Microsoft Windows 10 1607
CVSS Score: 7.8
** KEV since 2025-02-11 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21418
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21418
CVE-2025-24200 - iPadOS, iOS, and iPadOS are vulnerable to an authorization issue due to poor state management, potentially allowing a physical attack to disable USB Restricted Mode and Apple is investigating reports of exploitation in sophisticated attacks against specific individuals.
Product: Apple iPadOS
CVSS Score: 6.1
** KEV since 2025-02-12 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24200
NVD References:
- https://support.apple.com/en-us/122173
- https://support.apple.com/en-us/122174
CVE-2025-24016 - Wazuh platform prior to version 4.9.1 is vulnerable to remote code execution due to an unsafe deserialization issue in DistributedAPI parameters serialization.
Product: Wazuh
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24016
NVD References: https://github.com/wazuh/wazuh/security/advisories/GHSA-hcrc-79hj-m3qh
CVE-2025-1144 - Quanxun's School Affairs System exposes sensitive information, allowing unauthenticated attackers to access specific pages and obtain database information and plaintext administrator credentials.
Product: Quanxun School Affairs System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1144
NVD References:
CVE-2025-26410 - Wattsense Bridge devices have a security flaw with hard-coded credentials that can be easily recovered, allowing unauthorized access to the device.
Product: Wattsense Bridge
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26410
NVD References:
- https://r.sec-consult.com/wattsense
- https://support.wattsense.com/hc/en-150/articles/13366066529437-Release-Notes
CVE-2024-12366 - PandasAI is vulnerable to prompt injection, allowing attackers to execute arbitrary Python code and potentially achieve Remote Code Execution (RCE).
Product: PandasAI
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12366
NVD References:
- https://docs.getpanda.ai/v3/privacy-security
CVE-2024-10644 - Ivanti Connect Secure and Ivanti Policy Secure are vulnerable to code injection attacks, permitting remote code execution by an authenticated attacker with admin privileges.
CVE-2024-47908 - Ivanti CSA before version 5.0.5 is vulnerable to OS command injection in the admin web console, allowing remote authenticated attackers with admin privileges to achieve remote code execution.
Product: Ivanti CSA
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47908
NVD References:
CVE-2024-47908 - CVE-2024-11771
CVE-2025-22467 - Ivanti Connect Secure before version 22.7R2.6 has a stack-based buffer overflow vulnerability, enabling a remote authenticated attacker to execute code.
CVE-2025-24973 - Concorde, formerly known as Nexkey, is vulnerable to session hijacking due to an improper logout process that allows authentication credentials to remain in cookies, posing a risk of token theft for users, especially those with admin privileges on shared devices.
Product: Misskey Concorde
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24973
NVD References:
- https://github.com/nexryai/concorde/commit/1f6ac9b289906083b132e4f9667a31a60ef83e4e
- https://github.com/nexryai/concorde/security/advisories/GHSA-2369-p2wh-7cc2
CVE-2025-1126 - A Reliance on Untrusted Inputs in a Security Decision vulnerability has been identified in the Lexmark Print Management Client.
Product: Lexmark Print Management Client
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1126
NVD References: https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html
CVE-2025-21198 - Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability
Product: Microsoft High Performance Compute (HPC) Pack
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21198
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21198
CVE-2025-24434 - Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are susceptible to an Improper Authorization flaw that may lead to Privilege escalation and unauthorized access without user interaction, allowing for session takeover and increasing confidentiality and integrity risks.
Product: Adobe Commerce
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24434
NVD References: https://helpx.adobe.com/security/products/magento/apsb25-08.html
CVE-2025-1100 - Q-Free MaxTime version 2.11.0 and below is vulnerable to a CWE-259, allowing an unauthenticated remote attacker to execute arbitrary code with root privileges via SSH.
Product: Q-Free MaxTime
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1100
NVD References: https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-1100
CVE-2025-26339 - Q-Free MaxTime version 2.11.0 and below is vulnerable to a CWE-306, allowing unauthenticated remote attackers to impact device security through crafted HTTP requests.
Product: Q-Free MaxTime
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26339
NVD References: https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26339
CVE-2025-26341 - Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to reset arbitrary user passwords via crafted HTTP requests.
Product: Q-Free MaxTime
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26341
NVD References: https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26341
CVE-2025-26342 - Q-Free MaxTime versions less than or equal to 2.11.0 allows unauthenticated remote attackers to create arbitrary users, including administrators.
Product: Q-Free MaxTime
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26342
NVD References: https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26342
CVE-2025-26344 - Q-Free MaxTime less than or equal to version 2.11.0 is vulnerable to CWE-306, allowing unauthenticated remote attackers to enable passwordless guest mode via crafted HTTP requests.
Product: Q-Free MaxTime
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26344
NVD References: https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26344
CVE-2025-26345 - Q-Free MaxTime less than or equal to version 2.11.0 is vulnerable to an unauthenticated remote attacker editing user group permissions via crafted HTTP requests in maxprofile/menu/routes.lua, identified as CWE-306 "Missing Authentication for Critical Function."
Product: Q-Free MaxTime
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26345
NVD References: https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26345
CVE-2025-26347 - Q-Free MaxTime version less than or equal to 2.11.0 is vulnerable to CWE-306, allowing unauthenticated attackers to edit user permissions through crafted HTTP requests in maxprofile/menu/routes.lua.
Product: Q-Free MaxTime
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26347
NVD References: https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26347
CVE-2025-26359 - Q-Free MaxTime less than or equal to version 2.11.0 is vulnerable to CWE-306, allowing an unauthenticated remote attacker to reset user PINs via crafted HTTP requests in maxprofile/accounts/routes.lua.
Product: Q-Free MaxTime
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26359
NVD References: https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26359
CVE-2025-26361 - Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to factory reset the device via crafted HTTP requests.
Product: Q-Free MaxTime
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26361
NVD References: https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26361
CVE-2025-25349 & CVE-2025-25351 - PHPGurukul Daily Expense Tracker System v1.1 is vulnerable to SQL Injection.
Product: PHPGurukul Daily Expense Tracker System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-25349
CVE-2025-25388 & CVE-2025-25389 - PHPGurukul Land Record System v1.0 is susceptible to a SQL Injection vulnerability.
Product: PHPGurukul Land Record System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-25388
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-25389
NVD References: https://github.com/Santoshcyber1/CVE-wirteup/blob/main/Phpgurukul/Land%20record/SQL%20Injection%20p%20editid.pdf
CVE-2025-25182 - Stroom is vulnerable to authentication bypass and server-side request forgery in versions prior to 7.2.24, 7.3-beta.22, 7.4.4, and 7.5-beta.2, potentially leading to code execution or privilege escalation.
Product: Stroom
CVSS Score: 9.4
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-25182
NVD References:
- https://github.com/gchq/stroom/pull/4320
- https://github.com/gchq/stroom/security/advisories/GHSA-x489-xx2m-vc43
CVE-2025-1146 - The Falcon sensor for Linux, Falcon Kubernetes Admission Controller, and Falcon Container Sensor have a validation logic error that could potentially allow a man-in-the-middle (MiTM) attack due to incorrect processing of server certificate validation.
Product: CrowdStrike Falcon Sensor
CVSS Score: 8.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1146
ISC Podcast: https://isc.sans.edu/podcastdetail/9324
NVD References: https://www.crowdstrike.com/security-advisories/cve-2025-1146/
CVE-2022-31631 - PHP versions 8.0.* to 8.2.* when using PDO::quote() for SQLite are vulnerable to SQL injection due to incorrect data quoting.
Product: PHP PDO
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-31631
NVD References:
- https://bugs.php.net/bug.php?id=81740
CVE-2024-57604 - An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the token component.
Product: MaysWind ezBookkeeping
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57604
NVD References:
CVE-2024-7102 - GitLab CE/EE versions 16.4 through 17.4.0 allow attackers to trigger pipelines as another user.
Product: GitLab CE/EE
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7102
NVD References:
CVE-2025-25286 - Crayfish, an Islandora 8 microservices collection, may be vulnerable to remote code execution in Homarus prior to version 4.1.0, which can be mitigated by preventing general access from the Internet or implementing stronger authentication configurations.
Product: Crayfish Homarus FFmpeg library
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-25286
NVD References:
- https://github.com/Islandora/Crayfish/commit/64cb4cec688928798cc40e6f0a0e863d7f69fd89
- https://github.com/Islandora/Crayfish/security/advisories/GHSA-mm6v-68qp-f9fw
CVE-2025-0896 - Orthanc server prior to version 1.5.8 is vulnerable to unauthorized access by attackers due to the lack of default basic authentication when remote access is enabled.
Product: Orthanc Server
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-0896
NVD References: https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-037-02
CVE-2025-1094 - PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() improperly neutralize quoting syntax, allowing for SQL injection in certain usage patterns.
Product: PostgreSQL
CVSS Score: 8.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1094
ISC Podcast: https://isc.sans.edu/podcastdetail/9326
NVD References:
- https://www.postgresql.org/support/security/CVE-2025-1094/
- http://www.openwall.com/lists/oss-security/2025/02/16/3
- https://lists.debian.org/debian-lts-announce/2025/02/msg00015.html
CVE-2025-1270 - Anapi Group's h6web is vulnerable to an IDOR flaw that enables an authenticated attacker to access and impersonate other users by manipulating parameters in the "ha_datos_hermano.php" endpoint.
Product: Anapi Group h6webCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1270NVD References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-anapi-group-h6webCVE-2025-1127 - The vulnerability in the product allows attackers to execute arbitrary code and modify filesystem data.Product: LexmarkCVSS Score: 9.1 AtRiskScore 30NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1127NVD References: https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.htmlCVE-2023-34399 - Mercedes-Benz head-unit NTG6 is vulnerable to integer overflow due to a boost library vulnerability in the profile settings import/export function over USB.Product: Mercedes-Benz head-unit NTG6CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-34399NVD References: https://securelist.com/mercedes-benz-head-unit-security-research/115218/CVE-2025-1283 - The Dingtian DT-R0 Series is vulnerable to an exploit that allows attackers to bypass login requirements.Product: Dingtian DT-R0 SeriesCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1283NVD References: - https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-18- https://www.dingtian-tech.com/en_us/aboutus.html?tab=contact_usCVE-2025-24865 - The mySCADA myPRO Manager administrative web interface allows unauthorized access, putting sensitive information at risk.Product: mySCADA myPRO ManagerCVSS Score: 10.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24865NVD References: - https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-16- https://www.myscada.org/contacts/- https://www.myscada.org/downloads/mySCADAPROManager/CVE-2025-25067 - mySCADA myPRO Manager is vulnerable to OS command injection, allowing remote attackers to execute arbitrary commands.Product: mySCADA myPRO ManagerCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-25067NVD References: - https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-16- https://www.myscada.org/contacts/- https://www.myscada.org/downloads/mySCADAPROManager/CVE-2024-13152 - Mobuy Online Machinery Monitoring Panel: before 2.0 is vulnerable to authorization bypass through user-controlled SQL primary key, allowing SQL injection.Product: BSS Software Mobuy Online Machinery Monitoring PanelCVSS Score: 10.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13152NVD References: https://www.usom.gov.tr/bildirim/tr-25-0033CVE-2025-0867 - MEAC applications are vulnerable to privilege escalation due to stored administrator credentials, allowing the EPC2 user to execute commands with administrative privileges.Product: MEAC EPC2 CVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-0867NVD References: - https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF- https://sick.com/psirt- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices- https://www.first.org/cvss/calculator/3.1- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0001.json- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0001.pdfCVE-2025-1302 - jsonpath-plus before version 10.3.0 is vulnerable to Remote Code Execution (RCE) through unsafe default usage of eval='safe' mode, allowing attackers to execute arbitrary code on the system.Product: npmjs jsonpath-plusCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1302NVD References: - https://gist.github.com/nickcopi/11ba3cb4fdee6f89e02e6afae8db6456- https://github.com/JSONPath-Plus/JSONPath/blob/8e4acf8aff5f446aa66323e12394ac5615c3b260/src/Safe-Script.js%23L127- https://github.com/JSONPath-Plus/JSONPath/commit/30942896d27cb8a806b965a5ca9ef9f686be24ee- https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-8719585CVE-2024-57971 - Knowage Server in KNOWAGE before 8.1.30 allows attackers to bypass security measures by not enforcing proper JNDI naming conventions in DataSourceResource.java.Product: Knowage ServerCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57971NVD References: - https://github.com/KnowageLabs/Knowage-Server/commit/f7d0362f737e1b0db1cc9cc95b1236d62d83dd0c- https://github.com/KnowageLabs/Knowage-Server/compare/v8.1.29...v8.1.30- https://spagobi.readthedocs.ioCVE-2025-1387 - Orca HCM from LEARNING DIGITAL is vulnerable to unauthorized logins due to an Improper Authentication flaw.Product: LEARNING DIGITAL Orca HCMCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1387NVD References: - https://www.twcert.org.tw/en/cp-139-8428-59a9a-2.html- https://www.twcert.org.tw/tw/cp-132-8427-daea8-1.htmlCVE-2025-22630 - MarketingFire Widget Options is vulnerable to OS Command Injection through improper neutralization of special elements used in a command.Product: MarketingFire Widget OptionsActive Installations: 100,000+CVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22630NVD References: https://patchstack.com/database/wordpress/plugin/widget-options/vulnerability/wordpress-widget-options-plugin-4-1-0-arbitrary-code-execution…
CVE-2023-34399 - Mercedes-Benz head-unit NTG6 is vulnerable to integer overflow due to a boost library vulnerability in the profile settings import/export function over USB.
Product: Mercedes-Benz head-unit NTG6
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-34399
NVD References: https://securelist.com/mercedes-benz-head-unit-security-research/115218/
CVE-2025-1283 - The Dingtian DT-R0 Series is vulnerable to an exploit that allows attackers to bypass login requirements.
Product: Dingtian DT-R0 Series
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1283
NVD References:
- https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-18
- https://www.dingtian-tech.com/en_us/aboutus.html?tab=contact_us
CVE-2025-24865 - The mySCADA myPRO Manager administrative web interface allows unauthorized access, putting sensitive information at risk.
Product: mySCADA myPRO Manager
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24865
NVD References:
- https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-16
CVE-2025-25067 - mySCADA myPRO Manager is vulnerable to OS command injection, allowing remote attackers to execute arbitrary commands.
Product: mySCADA myPRO Manager
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-25067
NVD References:
- https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-16
CVE-2024-13152 - Mobuy Online Machinery Monitoring Panel: before 2.0 is vulnerable to authorization bypass through user-controlled SQL primary key, allowing SQL injection.
Product: BSS Software Mobuy Online Machinery Monitoring Panel
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13152
NVD References: https://www.usom.gov.tr/bildirim/tr-25-0033
CVE-2025-0867 - MEAC applications are vulnerable to privilege escalation due to stored administrator credentials, allowing the EPC2 user to execute commands with administrative privileges.
Product: MEAC EPC2
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-0867
NVD References:
- https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
- https://www.first.org/cvss/calculator/3.1
- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0001.json
- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0001.pdf
CVE-2025-1302 - jsonpath-plus before version 10.3.0 is vulnerable to Remote Code Execution (RCE) through unsafe default usage of eval='safe' mode, allowing attackers to execute arbitrary code on the system.
Product: npmjs jsonpath-plus
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1302
NVD References:
- https://gist.github.com/nickcopi/11ba3cb4fdee6f89e02e6afae8db6456
- https://github.com/JSONPath-Plus/JSONPath/commit/30942896d27cb8a806b965a5ca9ef9f686be24ee
- https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-8719585
CVE-2024-57971 - Knowage Server in KNOWAGE before 8.1.30 allows attackers to bypass security measures by not enforcing proper JNDI naming conventions in DataSourceResource.java.
Product: Knowage Server
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57971
NVD References:
- https://github.com/KnowageLabs/Knowage-Server/commit/f7d0362f737e1b0db1cc9cc95b1236d62d83dd0c
- https://github.com/KnowageLabs/Knowage-Server/compare/v8.1.29...v8.1.30
CVE-2025-1387 - Orca HCM from LEARNING DIGITAL is vulnerable to unauthorized logins due to an Improper Authentication flaw.
Product: LEARNING DIGITAL Orca HCM
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1387
NVD References:
CVE-2025-22630 - MarketingFire Widget Options is vulnerable to OS Command Injection through improper neutralization of special elements used in a command.
Product: MarketingFire Widget Options
Active Installations: 100,000+
CVSS Score: 9.9
CVE-2024-13011 - The WP Foodbakery plugin for WordPress is vulnerable to arbitrary file uploads, allowing unauthenticated attackers to potentially execute remote code on affected sites.
Product: WP Foodbakery WordPress
Active Installations: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13011
NVD References:
- https://themeforest.net/item/food-bakery-restaurant-bakery-responsive-wordpress-theme/18970331
CVE-2025-0180 - The WP Foodbakery plugin for WordPress allows unauthenticated attackers to register as an administrator due to privilege escalation vulnerability.
Product: WordPress WP Foodbakery plugin
Active Installations: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-0180
NVD References:
- https://themeforest.net/item/food-bakery-restaurant-bakery-responsive-wordpress-theme/18970331
CVE-2025-0181 - The WP Foodbakery plugin for WordPress allows unauthenticated attackers to gain administrator access by not properly validating a user's identity.
Product: WP Foodbakery WordPress
Active Installations: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-0181
NVD References:
- https://themeforest.net/item/food-bakery-restaurant-bakery-responsive-wordpress-theme/18970331
CVE-2022-3180 - The WPGateway Plugin for WordPress allows unauthenticated attackers to create malicious admin accounts by exploiting privilege escalation up to version 3.5.
Product: WordPress WPGateway Plugin
Active Installations: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-3180
NVD References:
CVE-2024-13421 - The Real Estate 7 WordPress theme for WordPress allows unauthenticated attackers to register new administrative user accounts due to privilege escalation vulnerability.
Product: Real Estate 7 WordPress
Active Installations: unknown. Updated to v3.5.2 on 1/31/2025
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13421
NVD References:
- https://contempothemes.com/changelog/
- https://themeforest.net/item/wp-pro-real-estate-7-responsive-real-estate-wordpress-theme/12473778
CVE-2024-12213 - The WP Job Board Pro plugin for WordPress allows unauthenticated attackers to register as an administrator due to privilege escalation vulnerability.
Product: WordPress WP Job Board Pro
Active Installations: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12213
NVD References:
- https://themeforest.net/item/superio-job-board-wordpress-theme/32180231
CVE-2024-13365 - The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to arbitrary file uploads via .zip archives, allowing unauthenticated attackers to potentially execute remote code.
Product: CleanTalk Security & Malware scan by CleanTalk plugin
Active Installations: 30,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13365
NVD References:
- https://plugins.trac.wordpress.org/changeset/3229205/security-malware-firewall#file527
CVE-2024-10960 - The Brizy – Page Builder plugin for WordPress allows authenticated attackers to upload arbitrary files and potentially execute remote code.
Product: Brizy Page Builder plugin for WordPress
Active Installations: 80,000+
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10960
NVD References:
- https://plugins.trac.wordpress.org/changeset/3222672/brizy/tags/2.6.5/editor/zip/archiver.php
CVE-2024-10763 - The Campress theme for WordPress is vulnerable to Local File Inclusion through the 'campress_woocommerce_get_ajax_products' function, allowing unauthenticated attackers to execute arbitrary files and potentially gain sensitive data or take control of the server.
Product: WordPress Campress theme
Active Installations: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10763
NVD References:
CVE-2024-13182 - The WP Directorybox Manager plugin for WordPress is vulnerable to Authentication Bypass, allowing unauthenticated attackers to log in as any existing user on the site.
Product: WordPress WP Directorybox Manager
Active Installations: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13182
NVD References:
CVE-2024-13513 - The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to sensitive information exposure in versions up to 2.4.2.3, allowing unauthenticated attackers to extract and misuse sensitive data, resulting in potential site takeover.
Product: Oliver POS A WooCommerce Point of Sale (POS)
Active Installations: 1,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13513
NVD References:
CVE-2024-12562 - The s2Member Pro plugin for WordPress is vulnerable to PHP Object Injection, up to version 241216, allowing unauthenticated attackers to inject a PHP Object.
Product: s2Member Pro WordPress
Active Installations: 10,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12562
NVD References:
CVE-2022-3180 - The WPGateway Plugin for WordPress allows unauthenticated attackers to create malicious admin accounts by exploiting privilege escalation up to version 3.5.
Product: WordPress WPGateway Plugin
Active Installations: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-3180
NVD References:
CVE-2024-13421 - The Real Estate 7 WordPress theme for WordPress allows unauthenticated attackers to register new administrative user accounts due to privilege escalation vulnerability.
Product: Real Estate 7 WordPress
Active Installations: unknown. Updated to v3.5.2 on 1/31/2025
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13421
NVD References:
- https://contempothemes.com/changelog/
- https://themeforest.net/item/wp-pro-real-estate-7-responsive-real-estate-wordpress-theme/12473778
CVE-2024-12213 - The WP Job Board Pro plugin for WordPress allows unauthenticated attackers to register as an administrator due to privilege escalation vulnerability.
Product: WordPress WP Job Board Pro
Active Installations: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12213
NVD References:
- https://themeforest.net/item/superio-job-board-wordpress-theme/32180231
CVE-2024-13365 - The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to arbitrary file uploads via .zip archives, allowing unauthenticated attackers to potentially execute remote code.
Product: CleanTalk Security & Malware scan by CleanTalk plugin
Active Installations: 30,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13365
NVD References:
- https://plugins.trac.wordpress.org/changeset/3229205/security-malware-firewall#file527
CVE-2024-10960 - The Brizy – Page Builder plugin for WordPress allows authenticated attackers to upload arbitrary files and potentially execute remote code.
Product: Brizy Page Builder plugin for WordPress
Active Installations: 80,000+
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10960
NVD References:
- https://plugins.trac.wordpress.org/changeset/3222672/brizy/tags/2.6.5/editor/zip/archiver.php
CVE-2024-10763 - The Campress theme for WordPress is vulnerable to Local File Inclusion through the 'campress_woocommerce_get_ajax_products' function, allowing unauthenticated attackers to execute arbitrary files and potentially gain sensitive data or take control of the server.
Product: WordPress Campress theme
Active Installations: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10763
NVD References:
CVE-2024-13182 - The WP Directorybox Manager plugin for WordPress is vulnerable to Authentication Bypass, allowing unauthenticated attackers to log in as any existing user on the site.
Product: WordPress WP Directorybox Manager
Active Installations: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13182
NVD References:
CVE-2024-13513 - The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to sensitive information exposure in versions up to 2.4.2.3, allowing unauthenticated attackers to extract and misuse sensitive data, resulting in potential site takeover.
Product: Oliver POS A WooCommerce Point of Sale (POS)
Active Installations: 1,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13513
NVD References:
CVE-2024-12562 - The s2Member Pro plugin for WordPress is vulnerable to PHP Object Injection, up to version 241216, allowing unauthenticated attackers to inject a PHP Object.
Product: s2Member Pro WordPress
Active Installations: 10,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12562
NVD References:
CVE-2024-13182 - The WP Directorybox Manager plugin for WordPress is vulnerable to Authentication Bypass, allowing unauthenticated attackers to log in as any existing user on the site.
Product: WordPress WP Directorybox Manager
Active Installations: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13182
NVD References:
CVE-2024-13513 - The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to sensitive information exposure in versions up to 2.4.2.3, allowing unauthenticated attackers to extract and misuse sensitive data, resulting in potential site takeover.
Product: Oliver POS A WooCommerce Point of Sale (POS)
Active Installations: 1,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13513
NVD References:
CVE-2024-12562 - The s2Member Pro plugin for WordPress is vulnerable to PHP Object Injection, up to version 241216, allowing unauthenticated attackers to inject a PHP Object.
Product: s2Member Pro WordPress
Active Installations: 10,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12562
NVD References:
Sponsors
SANS
Survey | 2025 SANS SOC Survey: Facing Top Challenges in Security Operations | The goal of this survey is to collect data and deliver a supporting white paper for those looking to establish a new SOC or increase the efficiency and effectiveness of an existing SOC. Complete the survey by March 24 for a chance to win a $400 Amazon gift card!
Babel Street
Webcast | From Data to Decision: A Look into Babel Street’s Cutting-Edge OSINT Solutions February 24, 12:30 pm ET In this webcast, explore how Babel Street empowers commercial enterprises, defense, intelligence, and law enforcement to harness the full potential of multilingual data from public, commercial, and deep/dark web sources, including ultra rare, hard-to-reach sources. Save your seat today!
Microsoft
Webcast | Securing the Future with Microsoft Defender for Cloud: Best Practices and Insights | March 26, 1:00 ET | Join Dave Shackleford, and Microsoft’s Dick Lake, as they explore practical approaches to securing cloud environments. Gain a deeper understanding of key areas such as cloud security posture management, DevOps security, and detection and response strategies—all tailored to help you future-proof your organization in an ever-changing threat landscape. Save your seat today!
OPSWAT
Webcast: March 4 at 1:00 ET | 2025 ICS Security Budget vs. Modern Risk Webcast: Optimizing Cybersecurity Investments for ICS/OT and Critical Infrastructure | Join Dean Parsons as he explores actionable insights into balancing security budgets with the unique needs and risks of ICS/OT systems in the face of escalating cyber threats.