The Consensus Security Vulnerability Alert

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

Scanning Webserver with /$(pwd)/ as a Starting Path

Published: 2026-01-25

Last Updated: 2026-01-26 00:59:32 UTC

by Guy Bruneau (Version: 1)

Based on the sensors reporting to ISC, this activity started on the 13 Jan 2026. My own sensor started seeing the first scan on the 21 Jan 2026 with limited probes. So far, this activity has been limited to a few scans based on the reports available in ISC ...

Read the full entry: https://isc.sans.edu/diary/Scanning+Webserver+with+pwd+as+a+Starting+Path/32654/

Initial Stages of Romance Scams [Guest Diary]

Published: 2026-01-27

Last Updated: 2026-01-27 02:10:52 UTC

by Faris Azhari (Version: 3)

[This is a Guest Diary by Fares Azhari, an ISC intern as part of the SANS.edu BACS program]

Romance scams are a form of social-engineering fraud that causes both financial and emotional harm. They vary in technique and platform, but most follow the same high-level roadmap: initial contact, relationship building, financial exploitation. In this blog post I focus on the initial stages of the romance scam: how scammers make contact, build rapport, and prime victims for later financial requests.

I was contacted by two separate romance scammers on WhatsApp. I acted like a victim falling for their scam and spent around two weeks texting each one. This allowed me to observe the first few phases, which we discuss below. I was not able to reach the monetization phase, as that often takes months and I could not maintain the daily time investment needed to convince the scammers I was fully falling for it ...

Phase 1: Initial contact

Both conversations began the same way: the sender claimed they had messaged the wrong person ...

Read the full entry: https://isc.sans.edu/diary/Initial+Stages+of+Romance+Scams+Guest+Diary/32650/

Odd WebLogic Request. Possible CVE-2026-21962 Exploit Attempt or AI Slop?

Published: 2026-01-28

Last Updated: 2026-01-28 16:02:30 UTC

by Johannes Ullrich (Version: 1)

I was looking for possible exploitation of CVE-2026-21962, a recently patched WebLogic vulnerability. While looking for related exploit attempts in our data, I came across the following request ...

According to write-ups about CVE-2026-21962, this request is related. However, the vulnerability also matched an earlier "AI Slop" PoC. Another write-up, that also sounds very AI-influenced, suggests a very different exploit mechanism that does not match the request above.

The source IP is ... . Our data shows sporadic HTTP scans for this IP address, and it appears to be located in Russia. Not terribly remarkable at that. In the past, the IP has used the "Claudbot" user-agent. But it does not have any actual affiliation with Anthropic (not to be confused with the recent news about clawdbot).

The exploit is a bit odd. First of all, it does use the loopback address as an "X-Forwarded-For" address. This is a common trick to bypass access restrictions (I would think that Oracle is a bit better than to fall for a simple issue like that). There is an option to list multiple IPs, but they should be delimited by a comma, not a semicolon ...

Read the full entry: https://isc.sans.edu/diary/Odd+WebLogic+Request+Possible+CVE202621962+Exploit+Attempt+or+AI+Slop/32662/

Is AI-Generated Code Secure? (2026.01.22)

https://isc.sans.edu/diary/Is+AIGenerated+Code+Secure/32648/

January 2026 Microsoft Patch Tuesday Summary (2026.01.13)

https://isc.sans.edu/diary/January+2026+Microsoft+Patch+Tuesday+Summary/32624/

CVE-2026-21509 - Microsoft Office is vulnerable due to reliance on untrusted inputs, allowing unauthorized attackers to bypass security features locally.

Product: Microsoft 365 Apps

CVSS Score: 7.8

** KEV since 2026-01-26 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-21509

ISC Podcast: https://isc.sans.edu/podcastdetail/9782

NVD References:

- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21509

- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21509

CVE-2026-24061 - telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.

Product: GNU Inetutils

CVSS Score: 9.8

** KEV since 2026-01-26 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-24061

NVD References:

- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-24061

- https://www.labs.greynoise.io/grimoire/2026-01-22-f-around-and-find-out-18-hours-of-unsolicited-houseguests/index.html

CVE-2026-23760 - SmarterTools SmarterMail versions prior to build 9511 have an authentication bypass vulnerability in the password reset API, allowing unauthenticated attackers to reset system administrator accounts.

Product: SmarterTools SmarterMail

CVSS Score: 9.8

** KEV since 2026-01-26 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-23760

NVD References:

- https://labs.watchtowr.com/attackers-with-decompilers-strike-again-smartertools-smartermail-wt-2026-0001-auth-bypass/

- https://www.smartertools.com/smartermail/release-notes/current

- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-23760

- https://www.huntress.com/blog/smartermail-account-takeover-leading-to-rce

CVE-2026-24858 - Fortinet FortiAnalyzer, FortiManager, and FortiOS allow unauthorized access to devices registered to other accounts by exploiting an Authentication Bypass vulnerability when FortiCloud SSO authentication is enabled.

Product: Fortinet FortiAnalyzer

CVSS Score: 9.8

** KEV since 2026-01-27 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-24858

NVD References:

- https://fortiguard.fortinet.com/psirt/FG-IR-26-060

- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-24858

- https://www.fortinet.com/blog/psirt-blogs/analysis-of-sso-abuse-on-fortios

CVE-2025-59718 - Fortinet FortiOS, FortiProxy, and FortiSwitchManager are vulnerable to improper cryptographic signature verification, allowing unauthenticated attackers to bypass FortiCloud SSO login authentication with a crafted SAML response.

Product: Fortinet FortiOS

CVSS Score: 0

** KEV since 2025-12-16 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-59718

ISC Podcast: https://isc.sans.edu/podcastdetail/9776

CVE-2024-37079 - vCenter Server is susceptible to a heap-overflow vulnerability in its DCERPC protocol implementation, allowing remote code execution through specially crafted network packets.

Product: VMware vCenter Server 8.0

CVSS Score: 0

** KEV since 2026-01-23 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37079

ISC Podcast: https://isc.sans.edu/podcastdetail/9780

CVE-2024-37080 - vCenter Server is susceptible to a heap-overflow vulnerability in its DCERPC protocol implementation, allowing remote code execution through specially crafted network packets.

Product: VMware vCenter Server 8.0

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37080

ISC Podcast: https://isc.sans.edu/podcastdetail/9780

CVE-2024-37081 - The vCenter Server has local privilege escalation vulnerabilities allowing non-admin users to gain root privileges.

Product: VMware vCenter Server

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37081

ISC Podcast: https://isc.sans.edu/podcastdetail/9780

CVE-2026-20045 - Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance are vulnerable to remote code execution due to improper validation of user input in HTTP requests.

Product: Cisco Unified Communications Manager

CVSS Score: 8.2

** KEV since 2026-01-21 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-20045

NVD References:

- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b

- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20045

CVE-2026-0905 - Google Chrome prior to 144.0.7559.59 may allow attackers to access potentially sensitive information through a network log file due to insufficient policy enforcement.

Product: Google Chrome

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-0905

NVD References:

- https://chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop_13.html

- https://issues.chromium.org/issues/465466773

CVE-2026-0906 - Google Chrome on Android prior to version 144.0.7559.59 is vulnerable to a remote attacker spoofing the contents of the Omnibox (URL bar) through a crafted HTML page.

Product: Google Chrome

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-0906

NVD References:

- https://chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop_13.html

- https://issues.chromium.org/issues/467448811

CVE-2026-0907 - Google Chrome had an incorrect security UI in Split View, allowing a remote attacker to perform UI spoofing via a crafted HTML page before version 144.0.7559.59.

Product: Google Chrome

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-0907

NVD References:

- https://chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop_13.html

- https://issues.chromium.org/issues/444653104

CVE-2026-1221 - PrismX MX100 AP controller by BROWAN COMMUNICATIONS is vulnerable to unauthenticated remote login due to hardcoded credentials in the firmware.

Product: BROWAN COMMUNICATIONS PrismX MX100 AP controller

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-1221

NVD References: https://www.twcert.org.tw/en/cp-139-10643-2f8d7-2.html

CVE-2026-22844 - Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0 are vulnerable to command injection, allowing remote code execution via network access.

Product: Zoom Video Communications Node Multimedia Routers

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-22844

NVD References: https://www.zoom.com/en/trust/security-bulletin/zsb-26001

CVE-2025-53912 - MedDream PACS Premium 7.3.6.870 is vulnerable to an arbitrary file read through specially crafted HTTP requests, allowing an attacker to retrieve sensitive files.

Product: MedDream PACS Premium

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-53912

NVD References: https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2273

CVE-2025-64087 - Opensagres XDocReport v1.0.0 to v2.1.0 allows arbitrary code execution due to Server-Side Template Injection (SSTI) vulnerability in FreeMarker component.

Product: Opensagres XDocReport

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-64087

CVE-2025-65482 - Opensagres XDocReport v0.9.2 to v2.0.3 is vulnerable to an XXE flaw that lets attackers run malicious code by uploading a specially crafted .docx file.

Product: Opensagres XDocReport

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-65482

CVE-2025-55423 - pTIME routers A2003NS-MU to A604G-skylife were found to have an OS command injection vulnerability through the upnp_relay() function.

Product: ipTIME routers A2003NS-MU

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-55423

CVE-2025-56005 - The PLY (Python Lex-Yacc) library 3.11 is vulnerable to Remote Code Execution (RCE) via the `picklefile` parameter in the `yacc()` function due to undocumented and unsafe features.

Product: Python Software Foundation PLY (Python Lex-Yacc) library

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-56005

CVE-2026-21962 - The vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in allows unauthenticated attackers to compromise critical data and all accessible information.

Product: Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-21962

NVD References: https://www.oracle.com/security-alerts/cpujan2026.html

CVE-2026-21969 - Oracle Agile Product Lifecycle Management for Process in Oracle Supply Chain's Supplier Portal version 6.2.4 is susceptible to a high-severity vulnerability allowing attackers to potentially take over the system.

Product: Oracle Agile Product Lifecycle Management for Process

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-21969

NVD References: https://www.oracle.com/security-alerts/cpujan2026.html

CVE-2026-0933 - Wrangler pages deploy command is vulnerable to a command injection (CWE-78) due to improper validation of the --commit-hash parameter, allowing attackers to execute arbitrary commands.

Product: Cloudflare Wrangler

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-0933

CVE-2021-47748 - Hasura GraphQL 1.3.3 is vulnerable to remote code execution by injecting system commands through crafted GraphQL queries in the run_sql endpoint.

Product: Hasura GraphQL

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-47748

CVE-2021-47851 - Mini Mouse 9.2.0 contains a remote code execution vulnerability enabling attackers to execute commands through an unauthenticated HTTP endpoint.

Product: Mini Mouse 9.2.0

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-47851

CVE-2021-47854 - DD-WRT version 45723 has a buffer overflow vulnerability in its UPNP network discovery service, enabling remote attackers to execute arbitrary code via crafted M-SEARCH packets.

Product: DD-WRT version 45723

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-47854

CVE-2021-47875 - GeoGebra CAS Calculator 6.0.631.0 is vulnerable to a denial of service attack that crashes the application through a large buffer overflow triggered by a payload of 8000 repeated characters.

Product: GeoGebra CAS Calculator

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-47875

CVE-2025-69762, CVE-2025-69763, CVE-2025-69764, & CVE-2025-69766 - Tenda AX3 firmware v16.03.12.11 stack overflow vulnerabilities.

Product: Tenda AX3

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-69762

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-69763

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-69764

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-69766

CVE-2026-22792 - 5ire allows for unauthorized creation of MCP servers and remote command execution through a vulnerability in its HTML rendering prior to version 0.15.3.

Product: 5ire Desktop Assistant

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-22792

CVE-2026-22793 - 5ire is vulnerable to an unsafe option parsing issue in the ECharts Markdown plugin prior to version 0.15.3, allowing for Remote Code Execution in environments where privileged APIs are exposed.

Product: 5ire ECharts Markup

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-22793

CVE-2026-23524 - Laravel Reverb versions 1.6.3 and below are vulnerable to Remote Code Execution due to unrestricted class instantiation in the unserialize() function when horizontal scaling is enabled, but can be mitigated by requiring a strong Redis password and restricting access to a private network or local loopback, or by disabling scaling entirely.

Product: Laravel Reverb

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-23524

CVE-2026-23966 - sm-crypto allows attackers to recover private keys by exploiting a vulnerability in the SM2 decryption logic before version 0.3.14.

Product: sm-crypto

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-23966

CVE-2026-24002 - Grist's vulnerability allows malicious documents to execute arbitrary processes on the server hosting Grist when using the pyodide sandbox, which has been addressed in version 1.7.9 by running pyodide under deno.

Product: Grist

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-24002

CVE-2026-24042 - Appsmith allows unauthenticated users in versions 1.94 and below to execute unpublished actions and potentially expose sensitive data.

Product: Appsmith platform

CVSS Score: 9.4

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-24042

CVE-2026-1331 - MeetingHub developed by HAMASTAR Technology is vulnerable to Arbitrary File Upload, allowing remote attackers to execute malicious code on the server.

Product: HAMASTAR Technology MeetingHub

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-1331

NVD References: https://www.twcert.org.tw/en/cp-139-10651-ff09c-2.html

CVE-2025-69828 - TMS Global Software TMS Management Console v.6.3.7.27386.20250818 is vulnerable to remote code execution through Logo upload in /Customer/AddEdit.

Product: TMS Global Software MS Management Console

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-69828

CVE-2025-56590 - Apryse HTML2PDF SDK thru 11.10 allows attackers to execute arbitrary operating system commands on the local server through the InsertFromURL() function.

Product: Apryse HTML2PDF SDK

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-56590

CVE-2026-20750 - Gitea allows a user with project write access in one organization to modify projects from other organizations due to lack of proper validation.

Product: Gitea

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-20750

CVE-2026-20897 - Gitea allows users with write access to potentially delete LFS locks in other repositories.

Product: Gitea

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-20897

CVE-2026-20912 - Gitea allows attachments uploaded to private repositories to be linked to releases in public repositories, potentially granting unauthorized access.

Product: Gitea

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-20912

CVE-2025-54816 - EVMAPA WebSocket endpoint vulnerability allows unauthorized users to establish connections without proper authentication, leading to potential data breaches and system compromise.

Product: EVMAPA

CVSS Score: 9.4

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54816

NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-26-022-08

CVE-2026-21264 - Microsoft Account is vulnerable to cross-site scripting, enabling unauthorized attackers to perform spoofing attacks over a network.

Product: Microsoft Account

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-21264

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21264

CVE-2026-24305 - Azure Entra ID Elevation of Privilege Vulnerability

Product: Microsoft Azure Entra ID

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-24305

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24305

CVE-2026-24306 - Improper access control in Azure Front Door (AFD) allows an unauthorized attacker to elevate privileges over a network.

Product: Microsoft Azure Front Door

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-24306

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24306

CVE-2026-24307 - Improper validation of specified type of input in M365 Copilot allows an unauthorized attacker to disclose information over a network.

Product: Microsoft M365 Copilot

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-24307

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24307

CVE-2026-24304 - Improper access control in Azure Resource Manager allows an authorized attacker to elevate privileges over a network.

Product: Microsoft Azure Resource Manager

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-24304

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24304

CVE-2026-1363 - IAQS and I6 developed by JNC are susceptible to a Client-Side Enforcement of Server-Side Security vulnerability, granting unauthenticated remote attackers administrator privileges through web front-end manipulation.

Product: JNC IAQS and I6

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-1363

NVD References: https://www.twcert.org.tw/en/cp-139-10653-117a1-2.html

CVE-2026-1364 - IAQS and I6 developed by JNC contains a Missing Authentication vulnerability.

Product: JNC IAQS and I6

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-1364

NVD References: https://www.twcert.org.tw/en/cp-139-10653-117a1-2.html

CVE-2025-4319 - Sufirmam software by Birebirsoft has a vulnerability allowing for brute force attacks and exploitation of weak password recovery mechanisms.

Product: Birebirsoft Software and Technology Solutions Sufirmam

CVSS Score: 9.4

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4319

CVE-2025-4320 - Sufirmam by Birebirsoft Software and Technology Solutions is vulnerable to authentication bypass due to a weak password recovery mechanism, allowing for password recovery exploitation up until January 23, 2026.

Product: Birebirsoft Software and Technology Solutions Sufirmam

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4320

CVE-2025-66719 - Free5gc NRF 1.4.0 allows attackers to obtain an access token with any arbitrary scope by bypassing scope validation using a crafted targetNF value.

Product: Free5gc NRF 1.4.0

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-66719

CVE-2021-47891 - Unified Remote 3.9.0.2463 is vulnerable to remote code execution through crafted network packets, allowing attackers to execute arbitrary commands by connecting to port 9512.

Product: Unified Remote 3.9.0.2463

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-47891

CVE-2022-25369 - Dynamicweb before 9.12.8 allows an attacker to add a new administrator user without authentication, leading to command execution.

Product: Dynamicweb before 9.12.8

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-25369

CVE-2025-67229 - ToDesktop Builder v0.32.1 is vulnerable to improper certificate validation, allowing unauthenticated attackers to spoof backend responses.

Product: ToDesktop Builder

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-67229

CVE-2025-70983 - Incorrect access control in the authRoutes function of SpringBlade v4.5.0 allows attackers with low-level privileges to escalate privileges.

Product: SpringBlade v4.5.0

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-70983

CVE-2025-70985 - RuoYi v4.8.2 has incorrect access control in the update function, allowing unauthorized attackers to modify data beyond their scope.

Product: RuoYi v4.8.2

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-70985

CVE-2025-52024 - The Aptsys POS Platform Web Services module contains a vulnerability allowing unauthenticated users to access internal API testing tools until 2025-05-28, posing a risk of unauthorized access to critical functions such as user transactions, credit adjustments, POS actions, and internal data queries.

Product: Aptsys POS Platform Web Services

CVSS Score: 9.4

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-52024

CVE-2025-52025 - Aptsys gemscms POS Platform backend is vulnerable to SQL Injection through the GetServiceByRestaurantID endpoint until May 28, 2025, potentially allowing unauthorized data access or modification via crafted input in the id parameter.

Product: Aptsys gemscms POS Platform

CVSS Score: 9.4

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-52025

CVE-2025-70457 - Sourcecodester Modern Image Gallery App v1.0 is vulnerable to Remote Code Execution due to improper validation of uploaded files, allowing attackers to upload malicious PHP code by spoofing the MIME type as an image.

Product: Sourcecodester Modern Image Gallery App v1.0

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-70457

CVE-2026-22582 & CVE-2026-22583 - Salesforce Marketing Cloud Engagement's MicrositeUrl module Argument Injection vulnerabilities.

Product: Salesforce Marketing Cloud Engagement

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-22582

CVE-2026-22585 - Salesforce Marketing Cloud Engagement is vulnerable to Web Services Protocol Manipulation due to the use of a Broken or Risky Cryptographic Algorithm before January 21st, 2026.

Product: Salesforce Marketing Cloud Engagement

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-22585

CVE-2026-22586 - Salesforce Marketing Cloud Engagement is vulnerable to Hard-coded Cryptographic Key exploit, allowing Web Services Protocol Manipulation before January 21st, 2026.

Product: Salesforce Marketing Cloud Engagement

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-22586

CVE-2026-24399 - ChatterMate versions 1.0.8 and below are vulnerable to client-side injection attacks due to the acceptance and execution of malicious HTML/JavaScript payloads.

Product: ChatterMate AI chatbot agent framework

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-24399

CVE-2025-13952 - GPU shader compiler in certain platforms is vulnerable to a write use-after-free crash triggered by loading unusual shader code from the Internet, potentially leading to further exploits with system privileges.

Product: Microsoft GPU shader compiler library

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-13952

CVE-2016-15057 - Apache Continuum is vulnerable to Command Injection via the REST API, allowing attackers to execute arbitrary commands on the server.

Product: Apache Continuum

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2016-15057

NVD References: https://lists.apache.org/thread/hbvf1ztqw2kv51khvzm5nk3mml3nm4z1

CVE-2025-70982 - SpringBlade v4.5.0 has incorrect access control in the importUser function, enabling low-level attackers to import sensitive user data.

Product: SpringBlade v4.5.0

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-70982

CVE-2026-22709 - vm2 is vulnerable to code execution due to bypassing of Promise.prototype.then and Promise.prototype.catch callback sanitization prior to version 3.10.2, allowing attackers to escape the sandbox and run arbitrary code.

Product: vm2

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-22709

CVE-2026-24830 - Integer Overflow or Wraparound vulnerability in Ralim IronOS.This issue affects IronOS: before v2.23-rc2.

Product: Ralim IronOS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-24830

CVE-2026-1470 - n8n has a critical Remote Code Execution (RCE) vulnerability allowing authenticated attackers to execute arbitrary code with process privileges.

Product: n8n

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-1470

CVE-2020-36940 - Easy CD & DVD Cover Creator 4.13 is vulnerable to a buffer overflow in the serial number input field that allows attackers to crash the application by pasting a 6000-byte payload.

Product: Easy CD & DVD Cover Creator 4.13

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-36940

CVE-2020-36941 - Knockpy 4.1.1 is vulnerable to CSV injection, enabling attackers to embed malicious formulas into CSV reports by manipulating unfiltered server headers.

Product: Knockpy 4.1.1

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-36941

CVE-2020-36948 - VestaCP 0.9.8-26 is vulnerable to a session token flaw in the LoginAs module that enables remote attackers to manipulate authentication tokens and gain unauthorized access to user accounts.

Product: VestaCP 0.9.8-26

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-36948

CVE-2021-47900 - Gila CMS versions prior to 2.0.0 have a remote code execution vulnerability enabling unauthenticated attackers to execute system commands via manipulated HTTP headers.

Product: Gila CMS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-47900

CVE-2021-47901 - Dirsearch 0.4.1 is vulnerable to CSV injection when using the --csv-report flag, enabling attackers to inject formulas through redirected endpoints and manipulate the generated CSV report.

Product: Dirsearch 0.4.1

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-47901

CVE-2025-68670 - xrdp is an open source RDP server with an unauthenticated stack-based buffer overflow vulnerability in versions prior to 0.10.5, allowing remote attackers to execute arbitrary code on the target system.

Product: xrdp RDP server

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-68670

CVE-2026-24832 - Out-of-bounds Write vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3.

Product: ixray-team ixray-1.6-stcop

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-24832

CVE-2026-24872 - Improper pointer arithmetic vulnerability in ProjectSkyfire SkyFire_548.This issue affects SkyFire_548: before 5.4.8-stable5.

Product: ProjectSkyfire SkyFire_548

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-24872

CVE-2026-24874 - Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in themrdemonized xray-monolith.This issue affects xray-monolith: before 2025.12.30.

Product: themrdemonized xray-monolith

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-24874

NVD References: https://github.com/themrdemonized/xray-monolith/pull/399

CVE-2026-22039 - Kyverno has a critical authorization boundary bypass in versions prior to 1.16.3 and 1.15.3, allowing authenticated users to perform Kubernetes API requests with Kyverno's admission controller identity across namespaces.

Product: Kyverno Policy

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-22039

CVE-2025-21589 - Juniper Networks Session Smart Router, Session Smart Conductor, and WAN Assurance Managed Routers are vulnerable to an authentication bypass allowing a network-based attacker to take administrative control of the device.

Product: Juniper Networks Session Smart Router

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21589

CVE-2026-24736 - Squidex's webhook configuration allows for SSRF attacks due to lack of IP address validation in versions up to 7.21.0.

Product: Squidex Headless content management system

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-24736

CVE-2026-24770 - RAGFlow is vulnerable to a "Zip Slip" attack in version 0.23.1 and earlier, allowing remote code execution via malicious ZIP archive.

Product: RAGFlow MinerU parser

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-24770

CVE-2026-23830 - SandboxJS versions prior to 0.8.26 have a sandbox escape vulnerability allowing for Remote Code Execution due to the lack of isolation for `AsyncFunction` within `SandboxFunction`.

Product: SandboxJS JavaScript sandboxing library

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-23830

CVE-2026-24838 - DNN (formerly DotNetNuke) prior to versions 9.13.10 and 10.2.0 allows for script execution through richtext module titles.

Product: DNN (formerly DotNetNuke)

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-24838

CVE-2026-24841 - Dokploy, a self-hostable PaaS, is vulnerable to a critical command injection flaw in versions prior to 0.26.6, allowing authenticated attackers to execute arbitrary commands on the host server via the `/docker-container-terminal` WebSocket endpoint.

Product: Dokploy

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-24841

CVE-2025-14533 - The Advanced Custom Fields: Extended plugin for WordPress allows unauthenticated attackers to gain administrator access by manipulating the 'insert_user' function role restriction.

Product: WordPress Advanced Custom Fields: Extended plugin

Active Installations: 100,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-14533

NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/d44f8af2-3525-4b00-afa8-a908250cc838?source=cve

CVE-2025-15521 - The Academy LMS WordPress plugin is susceptible to privilege escalation through a takeover of user accounts, allowing unauthenticated attackers to change passwords and gain access.

Product: The Academy LMS WordPress LMS Plugin

Active Installations: 2,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-15521

NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/6687ebbe-fdf4-4ecb-bf59-034bb4b0104c?source=cve

CVE-2026-0920 - The LA-Studio Element Kit for Elementor plugin for WordPress allows unauthenticated attackers to gain administrator access by exploiting the 'ajax_register_handle' function.

Product: LA-Studio Element Kit for Elementor plugin

Active Installations: 10,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-0920

NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/65ebc744-6cc2-47ce-b225-81820e49d59c?source=cve

CVE-2025-13374 - The Kalrav AI Agent plugin for WordPress is vulnerable to arbitrary file uploads, allowing unauthenticated attackers to potentially achieve remote code execution.

Product: Kalrav AI Agent plugin for WordPress

Active Installations: This plugin has been closed as of January 20, 2026 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-13374

NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/5dc8feae-fc89-4152-b9b2-2b70e6ccb30b?source=cve