The Consensus Security Vulnerability Alert

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

Njrat Campaign Using Microsoft Dev Tunnels

Published: 2025-02-27

Last Updated: 2025-02-27 08:54:32 UTC

by Xavier Mertens (Version: 1)

I spotted new Njrat samples that (ab)use the Microsoft dev tunnels service to connect to their C2 servers. This is a service that allows developers to expose local services to the Internet securely for testing, debugging, and collaboration. It provides temporary, public, or private URLs that will enable remote access to a development environment without deploying code to production. Dev tunnels create a secure, temporary URL that maps to a local service running on your machine, they work across firewalls and NAT, and their access can be restricted. This is a service similar to the good old ngrok.

Here are two samples ...

They use different dev tunnel URLs but their ImpHash (Import Hash) is the same ...

This is the code where the malware will send its status to the C2 server ...

Read the full entry: https://isc.sans.edu/diary/Njrat+Campaign+Using+Microsoft+Dev+Tunnels/31724/

Mark of the Web: Some Technical Details

Published: 2025-03-03

Last Updated: 2025-03-03 10:29:03 UTC

by Didier Stevens (Version: 1)

The Mark of the Web (MoTW) is file metadata in Windows that marks a file that was obtained from an untrusted source.

When a file is downloaded from the Internet, browsers will not only write the file to disk, but also include metadata with the origin of the file. This also applies when an email attachment is saved to disk with Outlook.

This metadata (MoTW) is used by several applications to activate extra precautions when a file from an untrusted source is opened. For exampe, Microsoft Office will open a document downloaded from the Internet in Protected View (indicated by the yellow banner), SmartScreen will prompt you before a file is launched, ...

The metadata/MoTW is stored in an Alternate Data Stream on NTFS disks. The name of this ADS is Zone.Identifier.

You can view this with Notepad, for example. Say that you downloaded a file from the Internet called invoice.docx, then you can view the MoTW with this command ...

Read the full entry: https://isc.sans.edu/diary/Mark+of+the+Web+Some+Technical+Details/31732/

Romanian Distillery Scanning for SMTP Credentials

Published: 2025-03-04

Last Updated: 2025-03-04 15:53:21 UTC

by Johannes Ullrich (Version: 1)

Lately, attackers have gotten more creative and aggressive in trying to find various credential files on exposed web servers. Our "First Seen" page each day shows many new versions of scans for secrets files like ".env".

Yesterday, I noted a couple of requests that stuck out a bit ...

The same attacker scanned for variations ...

Read the full entry: https://isc.sans.edu/diary/Romanian+Distillery+Scanning+for+SMTP+Credentials/31736/

Tool update: mac-robber.py (2025.03.04)

https://isc.sans.edu/diary/Tool+update+macrobberpy/31738/

Wireshark 4.4.5 Released (2025.03.02)

https://isc.sans.edu/diary/Wireshark+445+Released/31728/

[Guest Diary] Malware Source Servers: The Threat of Attackers Using Ephemeral Ports as Service Ports to Upload Data (2025.02.26)

https://isc.sans.edu/diary/Guest+Diary+Malware+Source+Servers+The+Threat+of+Attackers+Using+Ephemeral+Ports+as+Service+Ports+to+Upload+Data/31710/

The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

CVE-2025-1723 - Zohocorp ManageEngine ADSelfService Plus versions 6510 and below allows valid account holders to potentially exploit a session mishandling vulnerability for account takeover.

Product: ManageEngine ADSelfService Plus

CVSS Score: 8.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1723

ISC Podcast: https://isc.sans.edu/podcastdetail/9350

NVD References: https://www.manageengine.com/products/self-service-password/advisory/CVE-2025-1723.html

CVE-2025-22224 - VMware ESXi and Workstation are vulnerable to a TOCTOU issue that allows a local admin on a virtual machine to execute code on the host.

Product: VMware ESXi

CVSS Score: 9.3

** KEV since 2025-03-04 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22224

NVD References: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390

CVE-2025-22225 - VMware ESXi is vulnerable to an arbitrary write exploit that could allow a malicious actor to escape the sandbox.

Product: VMware ESXi

CVSS Score: 8.2

** KEV since 2025-03-04 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22225

NVD References: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390

CVE-2025-22226 - VMware ESXi, Workstation, and Fusion are vulnerable to an information disclosure flaw in HGFS, allowing an attacker with admin privileges to extract memory from the vmx process.

Product: VMware ESXi

CVSS Score: 7.1

** KEV since 2025-03-04 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22226

NVD References: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390

CVE-2023-34192 - Zimbra ZCS v.8.8.15 is vulnerable to cross-site scripting, enabling remote authenticated attackers to execute arbitrary code by manipulating a script in the /h/autoSaveDraft function.

Product: Zimbra Collaboration 8.8.15

CVSS Score: 0

** KEV since 2025-02-25 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-34192

CVE-2023-25574 - `jupyterhub-ltiauthenticator` version 1.3.0 allows unauthorized forged requests due to lack of JWT signature validation in LTI13Authenticator.

Product: JupyterHub jupyterhub-ltiauthenticator

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-25574

NVD References:

- https://github.com/jupyterhub/ltiauthenticator/blob/3feec2e81b9d3b0ad6b58ab4226af640833039f3/ltiauthenticator/lti13/validator.py#L122-L164

- https://github.com/jupyterhub/ltiauthenticator/blob/main/CHANGELOG.md#140---2023-03-01

- https://github.com/jupyterhub/ltiauthenticator/security/advisories/GHSA-mcgx-2gcr-p3hp

CVE-2025-25516, CVE-2025-25517, CVE-2025-25519, CVE-2025-25520, CVE-2025-25521 - SeaCMS <=13.3 is vulnerable to SQL Injection.

Product: SeaCMS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-25516

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-25517

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-25519

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-25520

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-25521

NVD References:

- https://github.com/Colorado-all/cve/blob/main/seacms/seacms%20V13.3-sql-2.md

- https://github.com/Colorado-all/cve/blob/main/seacms/seacms%20V13.3-sql-7.md

- https://github.com/Colorado-all/cve/blob/main/seacms/seacms%20V13.3-sql-8.md

- https://github.com/Colorado-all/cve/blob/main/seacms/seacms%20V13.3-sql-4.md

- https://github.com/Colorado-all/cve/blob/main/seacms/seacms%20V13.3-sql-3.md

CVE-2024-47051 - Mautic versions before 5.2.3 have critical vulnerabilities that allow authenticated users to execute remote code and delete files on the host system.

Product: Mautic

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47051

NVD References:

- https://github.com/mautic/mautic/security/advisories/GHSA-73gx-x7r9-77x2

- https://owasp.org/www-community/attacks/Code_Injection

- https://owasp.org/www-community/attacks/Path_Traversal

CVE-2025-25783 - Emlog Pro v2.5.3 is vulnerable to arbitrary file uploads in admin\plugin.php, enabling attackers to execute malicious code by uploading a specially crafted Zip file.

Product: Emlog Pro

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-25783

NVD References:

- http://emlogpro.com

- https://github.com/Ka7arotto/emlog/blob/main/emlog-3.md

- https://www.emlog.net/

- https://github.com/Ka7arotto/emlog/blob/main/emlog-3.md

CVE-2024-50685, CVE-2024-50686, CVE-2024-50687, CVE-2024-50689, CVE-2024-50693 - SunGrow iSolarCloud is vulnerable to insecure direct object references (IDOR).

Product: SunGrow iSolarCloud

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50685

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50686

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50687

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50689

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50693

NVD References:

- https://en.sungrowpower.com/security-notice-detail-2/6118

- https://en.sungrowpower.com/security-notice-detail-2/6112

- https://en.sungrowpower.com/security-notice-detail-2/6114

- https://en.sungrowpower.com/security-notice-detail-2/6116

- https://en.sungrowpower.com/security-notice-detail-2/6120

CVE-2024-50688 - SunGrow iSolarCloud Android application V2.1.6.20241017 and prior stores hardcoded credentials, sharing the same MQTT details for device telemetry across all user accounts and cloud interactions.

Product: SunGrow iSolarCloud Android application

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50688

NVD References: https://en.sungrowpower.com/security-notice-detail-2/6122

CVE-2024-53573 - Unifiedtransform v2.X is vulnerable to Incorrect Access Control, allowing unauthorized users to access and manipulate administrative endpoints such as teacher/edit/{id}.

Product: Unifiedtransform v2.X

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-53573

NVD References:

- https://drive.google.com/file/d/14Or6QIpOeLEqdFm1mwxdE_NNCOwMmcFc/view

- https://www.getastra.com/blog/vulnerability/improper-access-control-in-school-management-system-unifiedtransform/

- https://drive.google.com/file/d/14Or6QIpOeLEqdFm1mwxdE_NNCOwMmcFc/view

CVE-2024-57040 - TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 have a hardcoded password for the root account vulnerable to brute force attacks.

Product: TP-Link TL-WR845N

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57040

NVD References: https://security.iiita.ac.in/iot/hashed_password.pdf

CVE-2025-1751 - Ciges 2.15.5 from ATISoluciones is vulnerable to SQL Injection, allowing attackers to manipulate the database via the $idServicio parameter in /modules/ajaxBloqueaCita.php endpoint.

Product: ATISoluciones Ciges

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1751

NVD References: https://www.atisoluciones.com/incidentes-cve

CVE-2024-13148 - Yukseloglu Filter B2B Login Platform is vulnerable to SQL Injection before 16.01.2025.

Product: Yukseloglu Filter B2B Login Platform

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13148

NVD References: https://www.usom.gov.tr/bildirim/tr-25-0045

CVE-2024-53944 - Tuoshi/Dionlink LT15D and LT21B 4G Wi-Fi devices are vulnerable to command injection, allowing unauthenticated attackers to execute arbitrary OS commands with root privileges via the /goform/formJsonAjaxReq endpoint.

Product: Tuoshi Dionlink

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-53944

NVD References:

- http://www.tuoshi.net/productview.asp?id=218

- http://www.tuoshi.net/productview.asp?id=226

- https://github.com/actuator/cve/blob/main/Tuoshi/CVE-2024-53944-Whitepaper.pdf

- https://github.com/actuator/cve/blob/main/Tuoshi/CVE-2024-53944.txt

- https://github.com/actuator/cve/blob/main/Tuoshi/Firmware-M7628NNxISPv2xUI_v1.0.1802.10.08_P4-Blind-CMD-Injection-unauth-WAN.gif

- https://github.com/actuator/cve/blob/main/Tuoshi/CVE-2024-53944-Whitepaper.pdf

CVE-2025-22952 - Elestio memos v0.23.0 is susceptible to Server-Side Request Forgery (SSRF) through inadequate validation of user-provided URLs, enabling potential attacks.

Product: Elestio memos

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22952

NVD References:

- https://elest.io/open-source/memos

- https://github.com/usememos/memos

- https://github.com/usememos/memos/issues/4413

- https://github.com/usememos/memos/pull/4428

- https://github.com/usememos/memos/issues/4413

CVE-2024-41334 - Draytek devices Vigor 165/166, Vigor 2620/LTE200, Vigor 2860/2925, Vigor 2862/2926, Vigor 2133/2762/2832, Vigor 2135/2765/2766, Vigor 2865/2866/2927, Vigor 2962/3910, Vigor 3912, and Vigor 2925 up to v3.9.6 have a vulnerability that allows attackers to upload malicious modules from non-official servers and execute arbitrary code due to a lack of certificate verification.

Product: Draytek Vigor

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41334

NVD References:

- http://draytek.com

- https://medium.com/faraday/advisory-multiple-vulnerabilities-affecting-draytek-routers-78a6cb8b3946

CVE-2024-41339 - Draytek devices Vigor 165/166, Vigor 2620/LTE200, Vigor 2860/2925, Vigor 2862/2926, Vigor 2133/2762/2832, Vigor 2135/2765/2766, Vigor 2865/2866/2927, Vigor 2962/3910, Vigor 3912, and Vigor 2925 are vulnerable to a CGI endpoint issue allowing attackers to upload a crafted kernel module for arbitrary code execution.

Product: Draytek Vigor

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41339

NVD References:

- http://draytek.com

- https://medium.com/faraday/advisory-multiple-vulnerabilities-affecting-draytek-routers-78a6cb8b3946

CVE-2024-51138 - Vigor routers and devices are vulnerable to a stack-based buffer overflow in the URL parsing functionality of the TR069 STUN server, allowing remote attackers to execute arbitrary code with elevated privileges.

Product: DrayTek Vigor Product Series

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51138

NVD References:

- http://draytek.com

- https://medium.com/faraday/advisory-multiple-vulnerabilities-affecting-draytek-routers-78a6cb8b3946

CVE-2024-51139 - Vigor2620/LTE200, Vigor2860/2925, Vigor2862/2926, Vigor2133/2762/2832, Vigor165/166, Vigor2135/2765/2766, Vigor2865/2866/2927, Vigor2962/3910, and Vigor3912 are vulnerable to remote code execution via the CGI parser's handling of the "Content-Length" header of HTTP POST requests.

Product: DrayTek Vigor2620/LTE200

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51139

NVD References:

- http://draytek.com

- https://medium.com/faraday/advisory-multiple-vulnerabilities-affecting-draytek-routers-78a6cb8b3946

CVE-2024-55160 - GFast between v2 to v3.2 was discovered to contain a SQL injection vulnerability via the OrderBy parameter at /system/operLog/list.

Product: GFast

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55160

NVD References:

- http://gfast.com

- https://github.com/SuperDu1/CVE/issues/2

- https://github.com/tiger1103/gfast/blob/os-v3.2/api/v1/system/sys_oper_log.go#L35

- https://github.com/tiger1103/gfast/blob/os-v3.2/internal/app/system/logic/sysOperLog/sys_oper_log.go#L121

- https://github.com/tiger1103/gfast/tree/os-v3.2

- https://github.com/SuperDu1/CVE/issues/2

CVE-2024-38292 - In XIQ-SE before 24.2.11, a missing access control check allows for path traversal and potential privilege escalation.

Product: Xerox XIQ-SE

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38292

NVD References: https://community.extremenetworks.com/t5/security-advisories-formerly/sa-2024-104-xiq-se-path-traversal-privilege-escalation-cve-2024/ba-p/116362

CVE-2025-25570 - Vue Vben Admin 2.10.1 allows unauthorized login to the backend due to an issue with hardcoded credentials.

Product: Vue Vben Admin

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-25570

NVD References: https://github.com/Hackerhan/Vben-Admin

CVE-2025-26325 - ShopXO 6.4.0 is vulnerable to File Upload in ThemeDataService.php.

Product: ShopXO

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26325

NVD References:

- https://github.com/gongfuxiang/shopxo/issues/86

- https://github.com/gongfuxiang/shopxo/issues/86

CVE-2024-36046 - Infoblox NIOS through 8.6.4 executes with more privileges than required.

Product: Infoblox NIOS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-36046

NVD References: https://support.infoblox.com/s/article/000010390

CVE-2024-36047 - Infoblox NIOS through 8.6.4 and 9.x through 9.0.3 has Improper Input Validation.

Product: Infoblox NIOS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-36047

NVD References: https://support.infoblox.com/s/article/000010391

CVE-2024-37566 & CVE-2024-37567 - Infoblox NIOS through 8.6.4 has Improper Authentication for Grids.

Product: Infoblox NIOS

CVSS Scores: 9.1 - 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37566

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37567

NVD References:

- https://support.infoblox.com/s/article/000010392

- https://support.infoblox.com/s/article/000010393

CVE-2025-0159 - IBM FlashSystem is vulnerable to a remote attacker bypassing RPCAdapter endpoint authentication through a specifically crafted HTTP request.

Product: IBM Storage Virtualize

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-0159

NVD References: https://www.ibm.com/support/pages/node/7184182

CVE-2025-25379 - 07FLYCMS v.1.3.9 is vulnerable to Cross Site Request Forgery, enabling remote attackers to execute arbitrary code via the id parameter in del.html.

Product: 07FLYCMS v.1.3.9

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-25379

NVD References:

- https://github.com/R2og/Sun-jialiang/tree/main/9/readme.md

- https://github.com/R2og/Sun-jialiang/tree/main/9/readme.md

CVE-2025-27554 - ToDesktop before 2024-10-03, vulnerabilities allow remote attackers to execute arbitrary commands on the build server and deploy updates to any app via a postinstall script in package.json.

Product: Cursor ToDesktop

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27554

NVD References:

- https://kibty.town/blog/todesktop

- https://news.ycombinator.com/item?id=43210858

- https://www.todesktop.com/blog/posts/security-incident-at-todesktop

CVE-2025-20646 - Wlan AP FW is vulnerable to an out of bounds write exploit allowing for remote privilege escalation without user interaction, patched under WCNCR00389074 and identified as MSV-1803.

Product: wlan AP FW Qualcomm

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-20646

NVD References: https://corp.mediatek.com/product-security-bulletin/March-2025

CVE-2025-27590 - Oxidized-web before version 0.15.0 allows unauthenticated users to take control of the Linux user account.

Product: Oxidized-web

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27590

NVD References:

- https://github.com/ytti/oxidized-web/commit/a5220a0ddc57b85cd122bffee228d3ed4901668e

- https://github.com/ytti/oxidized-web/releases/tag/0.15.0

CVE-2024-55532 - Apache Ranger in versions prior to 2.6.0 is vulnerable to improper neutralization of formula elements in its Export CSV feature.

Product: Apache Ranger

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55532

NVD References:

- https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger

- http://www.openwall.com/lists/oss-security/2025/03/03/2

CVE-2025-26206 - Sell done storefront v.1.0 is vulnerable to Cross Site Request Forgery, allowing remote attackers to escalate privileges through the index.html component.

Product: Sell done storefront

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26206

NVD References:

- https://github.com/selldone/storefront/blob/main/index.html

- https://github.com/xibhi/CVE-2025-26206

CVE-2024-48248 - NAKIVO Backup & Replication before 11.0.0.88174 is vulnerable to absolute path traversal, allowing remote code execution via getImageByPath to /c/router due to cleartext credentials in PhysicalDiscovery.

Product: NAKIVO Backup & Replication

CVSS Score: 8.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48248

ISC Podcast: https://isc.sans.edu/podcastdetail/9342

NVD References:

- https://helpcenter.nakivo.com/Release-Notes/Content/Release-Notes.htm

- https://labs.watchtowr.com/the-best-security-is-when-we-all-agree-to-keep-everything-secret-except-the-secrets-nakivo-backup-replication-cve-2024-48248/

- https://github.com/watchtowrlabs/nakivo-arbitrary-file-read-poc-CVE-2024-48248/?ref=labs.watchtowr.com

CVE-2025-1932 - Firefox and Thunderbird versions below 136/128.8 are vulnerable to potentially exploitable out-of-bounds access due to an inconsistent comparator in xslt/txNodeSorter after version 122.

Product: Mozilla Firefox

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1932

NVD References:

- https://bugzilla.mozilla.org/show_bug.cgi?id=1944313

- https://www.mozilla.org/security/advisories/mfsa2025-14/

- https://www.mozilla.org/security/advisories/mfsa2025-16/

- https://www.mozilla.org/security/advisories/mfsa2025-17/

- https://www.mozilla.org/security/advisories/mfsa2025-18/

CVE-2025-1941 - Firefox < 136 allows for potential bypass of authentication in certain user opt-in settings for Focus.

Product: Mozilla Firefox

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1941

NVD References:

- https://bugzilla.mozilla.org/show_bug.cgi?id=1944665

- https://www.mozilla.org/security/advisories/mfsa2025-14/

CVE-2024-50706 - Uniguest Tripleplay before 24.2.1 is vulnerable to unauthenticated SQL injection, enabling remote attackers to execute unauthorized SQL queries on the backend database.

Product: Uniguest Tripleplay

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50706

NVD References:

- https://uniguest.com/cve-bulletins/

- https://uniguest.com/wp-content/uploads/2025/02/CVE-2024-50706-Vulnerability-Summary.pdf

CVE-2024-50704 & CVE-2024-50707 - Uniguest Tripleplay before version 24.2.1 is vulnerable to unauthenticated remote code execution via specially crafted HTTP POST and HTTP GET requests.

Product: Uniguest Tripleplay

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50704

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50707

NVD References:

- https://uniguest.com/cve-bulletins/

- https://uniguest.com/wp-content/uploads/2025/02/CVE-2024-50704-Vulnerability-Summary.pdf

- https://uniguest.com/wp-content/uploads/2025/02/CVE-2024-50707-Vulnerability-Summary.pdf

CVE-2025-27507 - ZITADEL's Admin API in versions prior to 2.71.0 contains IDOR vulnerabilities that could allow unauthorized users to modify sensitive settings, particularly affecting LDAP configurations.

Product: Zitadel

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27507

NVD References:

- https://github.com/zitadel/zitadel/commit/d9d8339813f1c43d3eb7d8d80f11fdabb2fd2ee4

- https://github.com/zitadel/zitadel/security/advisories/GHSA-f3gh-529w-v32x

CVE-2025-1260 - Arista EOS with OpenConfig configured allows for unauthorized gNOI requests, potentially leading to unexpected switch configuration changes.

Product: Arista Networks Arista EOS

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1260

NVD References: https://www.arista.com/en/support/advisories-notices/security-advisory/21098-security-advisory-0111

CVE-2025-1316 - Edimax IC-7100 is vulnerable to remote code execution due to improper request neutralization.

Product: Edimax IC-7100

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1316

NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-08

CVE-2025-23410 - GMOD Apollo does not check for path traversal when unzipping and inspecting organism or sequence data.

Product: GMOD Apollo

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-23410

NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-07

CVE-2025-24924 - Certain functionality within GMOD Apollo does not require authentication when passed with an administrative username

Product: GMOD Apollo

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24924

NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-07

CVE-2025-27364 - MITRE Caldera is vulnerable to remote code execution via a crafted web request to the server API.

Product: MITRE Caldera

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27364

ISC Podcast: https://isc.sans.edu/podcastdetail/9346

CVE-2025-0912 - The Donations Widget plugin for WordPress is vulnerable to PHP Object Injection, allowing unauthenticated attackers to achieve remote code execution.

Product: WordPress Donations Widget plugin

Active Installations: 100,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-0912

NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/8a8ae1b0-e9a0-4179-970b-dbcb0642547c?source=cve

CVE-2025-1307 - The Newscrunch theme for WordPress allows authenticated attackers to upload arbitrary files and potentially execute remote code due to a missing capability check in all versions up to 1.8.4.1.

Product: WordPress Newscrunch theme

Active Installations: 5,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1307

NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/b55567e9-24e6-4738-b7f7-b95b541e6067?source=cve

CVE-2025-26988 - SMS Alert Order Notifications – WooCommerce is vulnerable to SQL Injection from n/a through 3.7.8.

Product: Cozy Vision SMS Alert Order Notifications - WooCommerce

Active Installations: 5,000+

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26988

NVD References: https://patchstack.com/database/wordpress/plugin/sms-alert/vulnerability/wordpress-sms-alert-order-notifications-woocommerce-plugin-3-7-8-sql-injection-vulnerability?_s_id=cve

CVE-2025-25150 - Stylemix uListing is vulnerable to Blind SQL Injection in versions from n/a through 2.1.6.

Product: Stylemix uListing

Active Installations: 2,000+

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-25150

NVD References: https://patchstack.com/database/wordpress/plugin/ulisting/vulnerability/wordpress-songkick-concerts-and-festivals-plugin-0-9-7-cross-site-request-forgery-csrf-vulnerability-2?_s_id=cve

CVE-2025-26900 - flexmls Flexmls® IDX is vulnerable to Object Injection via Deserialization of Untrusted Data from versions n/a through 3.14.27.

Product: Flexmls® IDX

Active Installations: 1,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26900

NVD References: https://patchstack.com/database/wordpress/plugin/flexmls-idx/vulnerability/wordpress-flexmls-idx-plugin-plugin-3-14-27-php-object-injection-vulnerability?_s_id=cve

CVE-2025-26943 - Easy Quotes allows Blind SQL Injection due to improper neutralization of special elements in SQL commands, affecting versions n/a through 1.2.2.

Product: Jürgen Müller Easy Quotes

Active Installations: 500+

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26943

NVD References: https://patchstack.com/database/wordpress/plugin/easy-quotes/vulnerability/wordpress-easy-quotes-plugin-1-2-2-sql-injection-vulnerability?_s_id=cve

CVE-2025-27270 - Residential Address Detection from n/a through 2.5.4 is vulnerable to Missing Authorization, enabling Privilege Escalation.

Product: Residential Address Detection

Active Installations: 200+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27270

NVD References: https://patchstack.com/database/wordpress/plugin/residential-address-detection/vulnerability/wordpress-residential-address-detection-plugin-2-5-4-arbitrary-option-update-to-privilege-escalation-vulnerability?_s_id=cve

CVE-2024-8420 - The DHVC Form plugin for WordPress is vulnerable to privilege escalation allowing unauthenticated attackers to register as an administrator.

Product: DHVC Form plugin for WordPress

Active Installations: Unknown. Update to version 2.4.8, or a newer patched version.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8420

NVD References:

- https://codecanyon.net/item/dhvc-form-wordpress-form-for-visual-composer/8326593

- https://www.wordfence.com/threat-intel/vulnerabilities/id/e4d51a0c-c625-4732-b345-df02971fbffa?source=cve

CVE-2024-8425 - The WooCommerce Ultimate Gift Card plugin for WordPress allows unauthenticated attackers to upload arbitrary files on the server due to insufficient file type validation in certain functions.

Product: WordPress WooCommerce Ultimate Gift Card plugin

Active Installations: Unknown. No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8425

NVD References:

- https://codecanyon.net/item/woocommerce-ultimate-gift-card/19191057

- https://www.wordfence.com/threat-intel/vulnerabilities/id/6ebffb82-7455-40c9-9ffd-b78e0e73e431?source=cve

CVE-2024-9193 - The WHMpress - WHMCS WordPress Integration Plugin is vulnerable to Local File Inclusion, allowing unauthenticated attackers to execute arbitrary PHP code and potentially gain administrative access to a site.

Product: WHMCS WHMpress

Active Installations: Unknown. Update to version 6.3-revision-1, or a newer patched version.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9193

NVD References:

- https://whmpress.com/docs/change-log/

- https://www.wordfence.com/threat-intel/vulnerabilities/id/5f3b0e75-d2f0-48b7-ba33-75c4e998030e?source=cve

CVE-2024-12824 - The Nokri – Job Board WordPress Theme for WordPress is vulnerable to privilege escalation via account takeover in versions up to 1.6.2 due to improper token value checking, allowing unauthenticated attackers to change passwords and gain access to accounts.

Product: Nokri Job Board WordPress Theme

Active Installations: Unknown. Update to version 1.6.3, or a newer patched version

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12824

NVD References:

- https://themeforest.net/item/nokri-job-board-wordpress-theme/22677241

- https://www.wordfence.com/threat-intel/vulnerabilities/id/60a7cce0-637f-49bd-aa4a-fd7023d99a64?source=cve

CVE-2025-1564 - The SetSail Membership plugin for WordPress allows unauthenticated attackers to log in as any user, including administrators, due to improper user verification.

Product: SetSail Membership plugin

Active Installations: Unknown. Update to version 1.1, or a newer patched version.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1564

NVD References:

- https://themeforest.net/item/setsail-travel-agency-theme/22832625

- https://www.wordfence.com/threat-intel/vulnerabilities/id/c2c2385e-0d1e-435a-9b82-972964084148?source=cve

CVE-2025-1638 - The Alloggio Membership plugin for WordPress allows unauthenticated attackers to bypass authentication and log in as any user.

Product: Alloggio Membership plugin

Active Installations: Unknown. Update to version 1.2, or a newer patched version.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1638

NVD References:

- https://themeforest.net/item/alloggio-hotel-booking-theme/26775539

- https://www.wordfence.com/threat-intel/vulnerabilities/id/60405e54-e869-4623-892c-0821014f887b?source=cve

CVE-2025-1671 - The Academist Membership plugin for WordPress is vulnerable to Privilege Escalation in versions up to 1.1.6 due to inadequate user identity verification, allowing unauthenticated attackers to log in as any user, including administrators.

Product: The Academist Membership plugin for WordPress

Active Installations: Unknown. Update to version 1.2, or a newer patched version.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1671

NVD References:

- https://themeforest.net/item/academist-a-modern-learning-management-system-and-education-theme/22376830

- https://www.wordfence.com/threat-intel/vulnerabilities/id/911a9550-1f62-4f28-9d8c-00d9769949c9?source=cve

CVE-2025-26974 - WP Multi Store Locator is vulnerable to Blind SQL Injection from versions n/a through 2.5.1.

Product: WPExperts.io WP Multi Store Locator

Active Installations: This plugin has been closed as of March 3, 2025 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26974

NVD References: https://patchstack.com/database/wordpress/plugin/wp-multi-store-locator/vulnerability/wordpress-wp-multi-store-locator-plugin-2-5-1-sql-injection-vulnerability?_s_id=cve

CVE-2025-26535 - Bitcoin / AltCoin Payment Gateway for WooCommerce is vulnerable to Blind SQL Injection from n/a through 1.7.6.

Product: Bitcoin / AltCoin Payment Gateway for WooCommerce

Active Installations: This plugin has been closed as of 4 February 2025 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26535

NVD References: https://patchstack.com/database/wordpress/plugin/woo-altcoin-payment-gateway/vulnerability/wordpress-bitcoin-altcoin-payment-gateway-for-woocommerce-multivendor-store-shop-plugin-1-7-6-sql-injection-vulnerability?_s_id=cve

CVE-2025-26966 - Aldo Latino PrivateContent allows for an Authentication Bypass Using an Alternate Path or Channel, impacting versions n/a through 8.11.5.

Product: Aldo Latino PrivateContent

Active Installations: This plugin has been closed as of September 10, 2022 and is not available for download. This closure is permanent. Reason: Author Request.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26966

NVD References: https://patchstack.com/database/wordpress/plugin/private-content/vulnerability/wordpress-privatecontent-plugin-8-11-5-unauthenticated-account-takeover-vulnerability?_s_id=cve

CVE-2025-26970 - Ark Theme Core is vulnerable to Code Injection due to improper control of generation of code, impacting versions from n/a through 1.70.0.

Product: Ark Theme Core

Active Installations: unknown

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26970

NVD References: https://patchstack.com/database/wordpress/plugin/ark-core/vulnerability/wordpress-ark-theme-core-plugin-1-70-0-unauthenticated-remote-code-execution-rce-vulnerability?_s_id=cve