SEC504: Hacker Tools, Techniques, and Incident Handling
SEC504Offensive Operations
VOLUME 25ISSUE 17
The Consensus Security Vulnerability Alert
Internet Storm Center Spotlight
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
SRUM-DUMP Version 3: Uncovering Malware Activity in Forensics
Published: 2025-04-27
Last Updated: 2025-04-28 00:21:25 UTC
by Mark Baggett (Version: 2)
For digital forensics and incident response professionals, extracting precise evidence from Windows systems is critical to understanding and mitigating threats. I'm excited to introduce SRUM-DUMP Version 3, a powerful forensic tool I've developed to analyze the Windows System Resource Usage Monitor (SRUM) database. Available on GitHub at SRUM-DUMP Repository, this version offers significant improvements, including a user-friendly GUI and customizable output. In this post, I'll guide you through using SRUM-DUMP v3Õs GUI to investigate a scenario where malware (malware<.>exe) exfiltrates intellectual property over a wireless network. We'll explore the 3-step wizard, customize the analysis to highlight malware<.>exe, and examine where it appears in the output spreadsheet and what each tab reveals about the incident ...
Read the full entry:
https://isc.sans.edu/diary/SRUMDUMP+Version+3+Uncovering+Malware+Activity+in+Forensics/31896/
Steganography Analysis With pngdump.py
Published: 2025-04-26
Last Updated: 2025-04-26 06:45:13 UTC
by Didier Stevens (Version: 1)
I like it when a diary entry like "Example of a Payload Delivered Through Steganography" (https://isc.sans.edu/diary/Example+of+a+Payload+Delivered+Through+Steganography/31892/) is published: it gives me an opportunity to test my tools, in particular pngdump.py, a tool to analyze PNG files.
A PNG file consists of a header followed by chunks. pngdump.py shows this ...
Read the full entry:
https://isc.sans.edu/diary/Steganography+Analysis+With+pngdumppy/31894/
More Scans for SMS Gateways and APIs
Published: 2025-04-29
Last Updated: 2025-04-29 15:25:05 UTC
by Johannes Ullrich (Version: 1)
Last week, I wrote about scans for Teltonika Networks SMS Gateways. Attackers are always looking for cheap (free) ways to send SMS messages and gain access to not-blocklisted numbers. So, I took a closer look at similar scans we have seen.
There are numerous ways to send SMS messages; using a hardware SMS gateway is probably one of the more fancy ways to do so. Most websites use messaging services. For example, we do see scans for SMS plugins for WordPress:
These scans look for style sheet files (.css) that are part of the respective plugins. It is fair to assume that if the respective style sheet is present, the attacker will attempt to obtain access to the site ...
Read the full entry: https://isc.sans.edu/diary/More+Scans+for+SMS+Gateways+and+APIs/31902/
Internet Storm Center Entries
Web Scanning SonicWall for CVE-2021-20016 (2025.04.29)
https://isc.sans.edu/diary/Web+Scanning+Sonicwall+for+CVE202120016/31906/
Example of a Payload Delivered Through Steganography (2025.04.25)
https://isc.sans.edu/diary/Example+of+a+Payload+Delivered+Through+Steganography/31892/
Attacks against Teltonika Networks SMS Gateways (2025.04.24)
https://isc.sans.edu/diary/Attacks+against+Teltonika+Networks+SMS+Gateways/31888/
Recent CVEs
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.
CVE-2025-31324 - SAP NetWeaver Visual Composer Metadata Uploader lacks proper authorization, enabling unauthenticated agents to upload harmful executables, compromising system security.
Product: SAP NetWeaver Visual Composer
CVSS Score: 10.0
** KEV since 2025-04-29 **
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-31324
ISC Podcast:
https://isc.sans.edu/podcastdetail/9426
NVD References:
-
https://me.sap.com/notes/3594142
-
https://url.sap/sapsecuritypatchday
-
-
CVE-2025-34028 - Commvault Command Center Innovation Release 11.38 allows an unauthenticated actor to upload malicious ZIP files, leading to Remote Code Execution.
Product: Commvault Command Center Innovation Release
CVSS Score: 10.0
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-34028
ISC Podcast:
https://isc.sans.edu/podcastdetail/9424
NVD References:
https://documentation.commvault.com/securityadvisories/CV_2025_04_1.html
CVE-2025-3928 - Commvault Web Server allows remote, authenticated attackers to exploit unspecified vulnerabilities leading to the creation and execution of webshells, fixed in versions 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms.
Product: Commvault
CVSS Score: 8.8
** KEV since 2025-04-28 **
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-3928
NVD References:
https://documentation.commvault.com/securityadvisories/CV_2025_03_1.html
CVE-2021-20016 - SonicWall SSLVPN SMA100 SQL Injection Vulnerability
Product: Sonicwall Sma_500V -
CVSS Score: 0
** KEV since 2021-11-03 **
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2021-20016
ISC Diary:
CVE-2025-1976 - Brocade Fabric OS versions starting with 9.1.0 may allow a local user with admin privilege to execute arbitrary code with full root privileges.
Product: Broadcom Fabric Operating System
CVSS Score: 6.7
** KEV since 2025-04-28 **
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-1976
NVD References:
CVE-2024-58250 - The passprompt plugin in pppd in ppp before 2.5.2 mishandles privileges.
Product: ppp pppd
CVSS Score: 9.3
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2024-58250
NVD References:
-
https://github.com/ppp-project/ppp/commit/0a66ad22e54c72690ec2a29a019767c55c5281fc
-
https://github.com/ppp-project/ppp/compare/v2.5.1...v2.5.2
-
CVE-2024-40446 - An issue in forkosh Mime Tex before v.1.77 allows an attacker to execute arbitrary code via a crafted script
Product: forkosh Mime Tex
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2024-40446
NVD References:
-
https://github.com/TaiYou-TW/CVE-2024-40445_CVE-2024-40446/
-
CVE-2025-28034 - TOTOLINK A800R, A810R, A830R, A950RG, A3000RU, and A3100R routers were found to have a pre-auth remote command execution vulnerability in the NTPSyncWithHost function.
Product: TOTOLINK A800R
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-28034
NVD References:
CVE-2025-28034 - RCE2-1a98e5e2b1a280bebf53d868f1b1a711
CVE-2025-28024 - TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in the cstecgi.cgi
Product: TOTOLINK A810R
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-28024
NVD References:
https://locrian-lightning-dc7.notion.site/BufferOverflow5-1978e5e2b1a2800caaced7ae3fb4783c
CVE-2025-28037 - TOTOLINK A810R V4.1.2cu.5182_B20201026 and A950RG V4.1.2cu.5161_B20200903 have a pre-auth remote command execution vulnerability via the ipDomain parameter in the setDiagnosisCfg function.
Product: TOTOLINK A810R
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-28037
NVD References:
https://locrian-lightning-dc7.notion.site/RCE3-1ad8e5e2b1a280e192e8cff9fef896cc
CVE-2025-28035 - TOTOLINK A830R V4.1.2cu.5182_B20201102 is susceptible to a pre-auth remote command execution vulnerability via the NoticeUrl parameter in the setNoticeCfg function.
Product: TOTOLINK A830R
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-28035
NVD References:
CVE-2025-28035 - CVE-2025-28036-RCE1-1a98e5e2b1a28081880dd817104b3af4
CVE-2025-28036 - TOTOLINK A950RG V4.1.2cu.5161_B20200903 is vulnerable to remote command execution via the NoticeUrl parameter in the setNoticeCfg function.
CVE-2025-28035 - CVE-2025-28036-RCE1-1a98e5e2b1a28081880dd817104b3af4
CVE-2025-28036 - TOTOLINK A950RG V4.1.2cu.5161_B20200903 is vulnerable to remote command execution via the NoticeUrl parameter in the setNoticeCfg function.
Product: TOTOLINK A950Rg
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-28036
NVD References:
CVE-2025-28038 - TOTOLINK EX1200T V4.1.2cu.5232_B20210713 is vulnerable to a pre-auth remote command execution due to a flaw in the setWebWlanIdx function.
Product: TOTOLINK EX1200T
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-28038
NVD References:
https://locrian-lightning-dc7.notion.site/RCE1-1ad8e5e2b1a28030a1c8febac89935a0
CVE-2025-28039 - The TOTOLINK EX1200T V4.1.2cu.5232_B20210713 router has a pre-auth remote command execution vulnerability in the setUpgradeFW function.
Product: TOTOLINK EX1200T
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-28039
NVD References:
https://locrian-lightning-dc7.notion.site/RCE2-1ad8e5e2b1a280fbb0cacc7e758e7299
CVE-2025-1950 - IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands due to improper library validation.
Product: IBM Hardware Management Console - Power Systems
CVSS Score: 9.3
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-1950
NVD References:
CVE-2023-43958 - Hospital Management System v4.0 is susceptible to an arbitrary file upload vulnerability in /jquery-file-upload/server/php/index.php that enables unauthenticated attackers to execute arbitrary code.
Product: Hospital Management System v4.0
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2023-43958
NVD References:
CVE-2023-44752 - Student Study Center Desk Management System v1.0 allows attackers to bypass authentication by sending a crafted GET request to /php-sscdms/admin/login.php.
Product: Oretnom23 Student Study Center Desk Management System
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2023-44752
NVD References:
CVE-2023-44755 - Sacco Management system v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /sacco/ajax.php.
Product: Sacco Management system v1.0
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2023-44755
NVD References:
CVE-2025-43946 - TCPWave DDI 11.34P1C2 allows Remote Code Execution via Unrestricted File Upload (combined with Path Traversal).
Product: TCPWave DDI 11.34P1C2CVSS Score: 9.8NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-43946NVD References: -https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2025-43946-https://tcpwave.com/ddi-dns-dhcp-ipamCVE-2025-43949 - MuM MapEdit 24.2.3 is vulnerable to SQL Injection, enabling attackers to manipulate the web application's database server through malicious SQL statements.Product: MuM (Mensch und Maschine) MapEditCVSS Score: 9.8NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-43949NVD References: -https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2025-43949-https://www.mum.de/produkte/mum-mapeditCVE-2025-43951 - LabVantage allows authenticated users to retrieve arbitrary files from the environment via local file inclusion using the objectname request parameter.Product: LabVantage LVCVSS Score: 9.8NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-43951NVD References: -https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2025-43951-https://www.labvantage.com/informatics/lims/CVE-2025-37087 - HPE Performance Cluster Manager (HPCM) is vulnerable to an attack that could allow unauthorized access to server files.Product: Hewlett Packard Enterprise HPE Performance Cluster ManagerCVSS Score: 9.8NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-37087NVD References:https://support.hpe.com/hpesc/docDisplay?docLocale=en_US&docId=a00146087en_usCVE-2025-45427, CVE-2025-45428, CVE-2025-45429 - Tenda AC9 v1.0 with firmware V15.03.05.14_multi is vulnerable to a stack overflowsProduct: Tenda AC9 v1.0CVSS Score: 9.8NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-45427NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-45428NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-45429NVD References: -https://github.com/shuqi233/loophole/blob/main/Tenda%20AC9/WifiBasicSet-security.md-https://github.com/shuqi233/loophole/blob/main/Tenda%20AC9/SetSysAutoRebbotCfg-rebootTime.md-https://github.com/shuqi233/loophole/blob/main/Tenda%20AC9/WifiWpsStart-index.mdCVE-2025-43858 - YoutubeDLSharp is vulnerable to command injection through unsafe argument conversions when starting `yt-dlp` on Windows OS with `UseWindowsEncodingWorkaround` set to true.Product: YoutubeDLSharp yt-dlpCVSS Score: 9.2NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-43858NVD References: -https://github.com/Bluegrams/YoutubeDLSharp/commit/b6051372bd5af30f95f73de47d9bc71c3a07de0f-https://github.com/Bluegrams/YoutubeDLSharp/commit/fdf3256da18d0e2da4a2f33ad4a1b72ff8273a50-https://github.com/Bluegrams/YoutubeDLSharp/security/advisories/GHSA-2jh5-g5ch-43q5CVE-2025-43859 - h11's parsing leniency in HTTP/1.1 versions prior to 0.16.0 can lead to request smuggling vulnerabilities.Product: h11 Python implementation of HTTP/1.1CVSS Score: 9.1NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-43859NVD References: -https://github.com/python-hyper/h11/commit/114803a29ce50116dc47951c690ad4892b1a36ed-https://github.com/python-hyper/h11/security/advisories/GHSA-vqfr-h8mv-ghfjCVE-2025-46271 - UNI-NMS-Lite is vulnerable to a command injection attack that could allow an unauthenticated attacker to read or manipulate device data.Product: UNI-NMS LiteCVSS Score: 9.1NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-46271NVD References:https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-06CVE-2025-46273 - UNI-NMS-Lite uses hard-coded credentials that could allow an unauthenticated attacker to gain administrative privileges to all UNI-NMS managed devices.Product: UNI-NMS-LiteCVSS Score: 9.8NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-46273NVD References:https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-06CVE-2025-46274 - UNI-NMS-Lite uses hard-coded credentials that could allow an unauthenticated attacker to read, manipulate and create entries in the managed database.Product: UNI-NMS-LiteUNI-NMS-Lite, product nameCVSS Score: 9.8NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-46274NVD References:https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-06CVE-2025-46272 - WGS-80HPT-V2 and WGS-4215-8T2S are vulnerable to command injection attacks, allowing unauthenticated attackers to execute OS commands on the host system.Product: Winstar WGS-80HPT-V2CVSS Score: 9.1NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-46272NVD References:https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-06CVE-2025-46275 - WGS-80HPT-V2 and WGS-4215-8T2S have a vulnerability that allows attackers to create an admin account without credentials.Product: Winstar WGS-80HPT-V2CVSS Score: 9.8NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-46275NVD References:https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-06CVE-2025-46616 - StorNext Web GUI API before 7.2.4 allows Arbitrary Remote Code Execution through file uploads, impacting various StorNext products.Product: Quantum StorNext Web GUI APICVSS Score: 9.9NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-46616NVD References:https://www.quantum.com/en/service-support/security-bulletins/stornext-gui-multiple-security-vulnerabilities-stornext-gui-multiple-security-vulner…
CVE-2025-43949 - MuM MapEdit 24.2.3 is vulnerable to SQL Injection, enabling attackers to manipulate the web application's database server through malicious SQL statements.
Product: MuM (Mensch und Maschine) MapEditCVSS Score: 9.8NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-43949NVD References: -https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2025-43949-https://www.mum.de/produkte/mum-mapeditCVE-2025-43951 - LabVantage allows authenticated users to retrieve arbitrary files from the environment via local file inclusion using the objectname request parameter.Product: LabVantage LVCVSS Score: 9.8NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-43951NVD References: -https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2025-43951-https://www.labvantage.com/informatics/lims/CVE-2025-37087 - HPE Performance Cluster Manager (HPCM) is vulnerable to an attack that could allow unauthorized access to server files.Product: Hewlett Packard Enterprise HPE Performance Cluster ManagerCVSS Score: 9.8NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-37087NVD References:https://support.hpe.com/hpesc/docDisplay?docLocale=en_US&docId=a00146087en_usCVE-2025-45427, CVE-2025-45428, CVE-2025-45429 - Tenda AC9 v1.0 with firmware V15.03.05.14_multi is vulnerable to a stack overflowsProduct: Tenda AC9 v1.0CVSS Score: 9.8NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-45427NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-45428NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-45429NVD References: -https://github.com/shuqi233/loophole/blob/main/Tenda%20AC9/WifiBasicSet-security.md-https://github.com/shuqi233/loophole/blob/main/Tenda%20AC9/SetSysAutoRebbotCfg-rebootTime.md-https://github.com/shuqi233/loophole/blob/main/Tenda%20AC9/WifiWpsStart-index.mdCVE-2025-43858 - YoutubeDLSharp is vulnerable to command injection through unsafe argument conversions when starting `yt-dlp` on Windows OS with `UseWindowsEncodingWorkaround` set to true.Product: YoutubeDLSharp yt-dlpCVSS Score: 9.2NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-43858NVD References: -https://github.com/Bluegrams/YoutubeDLSharp/commit/b6051372bd5af30f95f73de47d9bc71c3a07de0f-https://github.com/Bluegrams/YoutubeDLSharp/commit/fdf3256da18d0e2da4a2f33ad4a1b72ff8273a50-https://github.com/Bluegrams/YoutubeDLSharp/security/advisories/GHSA-2jh5-g5ch-43q5CVE-2025-43859 - h11's parsing leniency in HTTP/1.1 versions prior to 0.16.0 can lead to request smuggling vulnerabilities.Product: h11 Python implementation of HTTP/1.1CVSS Score: 9.1NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-43859NVD References: -https://github.com/python-hyper/h11/commit/114803a29ce50116dc47951c690ad4892b1a36ed-https://github.com/python-hyper/h11/security/advisories/GHSA-vqfr-h8mv-ghfjCVE-2025-46271 - UNI-NMS-Lite is vulnerable to a command injection attack that could allow an unauthenticated attacker to read or manipulate device data.Product: UNI-NMS LiteCVSS Score: 9.1NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-46271NVD References:https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-06CVE-2025-46273 - UNI-NMS-Lite uses hard-coded credentials that could allow an unauthenticated attacker to gain administrative privileges to all UNI-NMS managed devices.Product: UNI-NMS-LiteCVSS Score: 9.8NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-46273NVD References:https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-06CVE-2025-46274 - UNI-NMS-Lite uses hard-coded credentials that could allow an unauthenticated attacker to read, manipulate and create entries in the managed database.Product: UNI-NMS-LiteUNI-NMS-Lite, product nameCVSS Score: 9.8NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-46274NVD References:https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-06CVE-2025-46272 - WGS-80HPT-V2 and WGS-4215-8T2S are vulnerable to command injection attacks, allowing unauthenticated attackers to execute OS commands on the host system.Product: Winstar WGS-80HPT-V2CVSS Score: 9.1NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-46272NVD References:https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-06CVE-2025-46275 - WGS-80HPT-V2 and WGS-4215-8T2S have a vulnerability that allows attackers to create an admin account without credentials.Product: Winstar WGS-80HPT-V2CVSS Score: 9.8NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-46275NVD References:https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-06CVE-2025-46616 - StorNext Web GUI API before 7.2.4 allows Arbitrary Remote Code Execution through file uploads, impacting various StorNext products.Product: Quantum StorNext Web GUI APICVSS Score: 9.9NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-46616NVD References:https://www.quantum.com/en/service-support/security-bulletins/stornext-gui-multiple-security-vulnerabilities-stornext-gui-multiple-security-vulnerabilities/CVE-2025-32432 - Craft CMS versions 3.0.0-RC1 to 3.9.15, 4.0.0-RC1 to 4.14.15, and 5.0.0-RC1 to 5.6.17 are vulnerable to remote code execution, patched in versions 3.9.15, 4.14.15, and 5.6.17 as an additional fix for CVE-2023-41892.Product: Craft CMSCVSS Score: 10.0NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-32432NVD References: -https://github.com/craftcms/cms/security/a…
CVE-2025-43951 - LabVantage allows authenticated users to retrieve arbitrary files from the environment via local file inclusion using the objectname request parameter.
Product: LabVantage LVCVSS Score: 9.8NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-43951NVD References: -https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2025-43951-https://www.labvantage.com/informatics/lims/CVE-2025-37087 - HPE Performance Cluster Manager (HPCM) is vulnerable to an attack that could allow unauthorized access to server files.Product: Hewlett Packard Enterprise HPE Performance Cluster ManagerCVSS Score: 9.8NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-37087NVD References:https://support.hpe.com/hpesc/docDisplay?docLocale=en_US&docId=a00146087en_usCVE-2025-45427, CVE-2025-45428, CVE-2025-45429 - Tenda AC9 v1.0 with firmware V15.03.05.14_multi is vulnerable to a stack overflowsProduct: Tenda AC9 v1.0CVSS Score: 9.8NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-45427NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-45428NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-45429NVD References: -https://github.com/shuqi233/loophole/blob/main/Tenda%20AC9/WifiBasicSet-security.md-https://github.com/shuqi233/loophole/blob/main/Tenda%20AC9/SetSysAutoRebbotCfg-rebootTime.md-https://github.com/shuqi233/loophole/blob/main/Tenda%20AC9/WifiWpsStart-index.mdCVE-2025-43858 - YoutubeDLSharp is vulnerable to command injection through unsafe argument conversions when starting `yt-dlp` on Windows OS with `UseWindowsEncodingWorkaround` set to true.Product: YoutubeDLSharp yt-dlpCVSS Score: 9.2NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-43858NVD References: -https://github.com/Bluegrams/YoutubeDLSharp/commit/b6051372bd5af30f95f73de47d9bc71c3a07de0f-https://github.com/Bluegrams/YoutubeDLSharp/commit/fdf3256da18d0e2da4a2f33ad4a1b72ff8273a50-https://github.com/Bluegrams/YoutubeDLSharp/security/advisories/GHSA-2jh5-g5ch-43q5CVE-2025-43859 - h11's parsing leniency in HTTP/1.1 versions prior to 0.16.0 can lead to request smuggling vulnerabilities.Product: h11 Python implementation of HTTP/1.1CVSS Score: 9.1NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-43859NVD References: -https://github.com/python-hyper/h11/commit/114803a29ce50116dc47951c690ad4892b1a36ed-https://github.com/python-hyper/h11/security/advisories/GHSA-vqfr-h8mv-ghfjCVE-2025-46271 - UNI-NMS-Lite is vulnerable to a command injection attack that could allow an unauthenticated attacker to read or manipulate device data.Product: UNI-NMS LiteCVSS Score: 9.1NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-46271NVD References:https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-06CVE-2025-46273 - UNI-NMS-Lite uses hard-coded credentials that could allow an unauthenticated attacker to gain administrative privileges to all UNI-NMS managed devices.Product: UNI-NMS-LiteCVSS Score: 9.8NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-46273NVD References:https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-06CVE-2025-46274 - UNI-NMS-Lite uses hard-coded credentials that could allow an unauthenticated attacker to read, manipulate and create entries in the managed database.Product: UNI-NMS-LiteUNI-NMS-Lite, product nameCVSS Score: 9.8NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-46274NVD References:https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-06CVE-2025-46272 - WGS-80HPT-V2 and WGS-4215-8T2S are vulnerable to command injection attacks, allowing unauthenticated attackers to execute OS commands on the host system.Product: Winstar WGS-80HPT-V2CVSS Score: 9.1NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-46272NVD References:https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-06CVE-2025-46275 - WGS-80HPT-V2 and WGS-4215-8T2S have a vulnerability that allows attackers to create an admin account without credentials.Product: Winstar WGS-80HPT-V2CVSS Score: 9.8NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-46275NVD References:https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-06CVE-2025-46616 - StorNext Web GUI API before 7.2.4 allows Arbitrary Remote Code Execution through file uploads, impacting various StorNext products.Product: Quantum StorNext Web GUI APICVSS Score: 9.9NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-46616NVD References:https://www.quantum.com/en/service-support/security-bulletins/stornext-gui-multiple-security-vulnerabilities-stornext-gui-multiple-security-vulnerabilities/CVE-2025-32432 - Craft CMS versions 3.0.0-RC1 to 3.9.15, 4.0.0-RC1 to 4.14.15, and 5.0.0-RC1 to 5.6.17 are vulnerable to remote code execution, patched in versions 3.9.15, 4.14.15, and 5.6.17 as an additional fix for CVE-2023-41892.Product: Craft CMSCVSS Score: 10.0NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-32432NVD References: -https://github.com/craftcms/cms/security/advisories/GHSA-f3gw-9ww9-jmc3-https://sensepost.com/blog/2025/investigating-an-in-the-wild-campaign-using-rce-in-craftcms/CVE-2025-25775 - Codeastro Bus Ticket Booking System v1.0 is vulnerable to SQL injection via the kodetiket parameter in /BusTicket-CI/tiket/cekorder.Product: Codeastro Bus Ticket Booking SystemCVSS Score: 9.8NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-25775NVD References:…
CVE-2025-37087 - HPE Performance Cluster Manager (HPCM) is vulnerable to an attack that could allow unauthorized access to server files.
Product: Hewlett Packard Enterprise HPE Performance Cluster Manager
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-37087
NVD References:
https://support.hpe.com/hpesc/docDisplay?docLocale=en_US&docId=a00146087en_us
CVE-2025-45427, CVE-2025-45428, CVE-2025-45429 - Tenda AC9 v1.0 with firmware V15.03.05.14_multi is vulnerable to a stack overflows
Product: Tenda AC9 v1.0
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-45427
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-45428
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-45429
NVD References:
-
https://github.com/shuqi233/loophole/blob/main/Tenda%20AC9/WifiBasicSet-security.md
-
https://github.com/shuqi233/loophole/blob/main/Tenda%20AC9/SetSysAutoRebbotCfg-rebootTime.md
-
https://github.com/shuqi233/loophole/blob/main/Tenda%20AC9/WifiWpsStart-index.md
CVE-2025-43858 - YoutubeDLSharp is vulnerable to command injection through unsafe argument conversions when starting `yt-dlp` on Windows OS with `UseWindowsEncodingWorkaround` set to true.
Product: YoutubeDLSharp yt-dlp
CVSS Score: 9.2
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-43858
NVD References:
-
https://github.com/Bluegrams/YoutubeDLSharp/commit/b6051372bd5af30f95f73de47d9bc71c3a07de0f
-
https://github.com/Bluegrams/YoutubeDLSharp/commit/fdf3256da18d0e2da4a2f33ad4a1b72ff8273a50
-
https://github.com/Bluegrams/YoutubeDLSharp/security/advisories/GHSA-2jh5-g5ch-43q5
CVE-2025-43859 - h11's parsing leniency in HTTP/1.1 versions prior to 0.16.0 can lead to request smuggling vulnerabilities.
Product: h11 Python implementation of HTTP/1.1CVSS Score: 9.1NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-43859NVD References: -https://github.com/python-hyper/h11/commit/114803a29ce50116dc47951c690ad4892b1a36ed-https://github.com/python-hyper/h11/security/advisories/GHSA-vqfr-h8mv-ghfjCVE-2025-46271 - UNI-NMS-Lite is vulnerable to a command injection attack that could allow an unauthenticated attacker to read or manipulate device data.Product: UNI-NMS LiteCVSS Score: 9.1NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-46271NVD References:https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-06CVE-2025-46273 - UNI-NMS-Lite uses hard-coded credentials that could allow an unauthenticated attacker to gain administrative privileges to all UNI-NMS managed devices.Product: UNI-NMS-LiteCVSS Score: 9.8NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-46273NVD References:https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-06CVE-2025-46274 - UNI-NMS-Lite uses hard-coded credentials that could allow an unauthenticated attacker to read, manipulate and create entries in the managed database.Product: UNI-NMS-LiteUNI-NMS-Lite, product nameCVSS Score: 9.8NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-46274NVD References:https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-06CVE-2025-46272 - WGS-80HPT-V2 and WGS-4215-8T2S are vulnerable to command injection attacks, allowing unauthenticated attackers to execute OS commands on the host system.Product: Winstar WGS-80HPT-V2CVSS Score: 9.1NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-46272NVD References:https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-06CVE-2025-46275 - WGS-80HPT-V2 and WGS-4215-8T2S have a vulnerability that allows attackers to create an admin account without credentials.Product: Winstar WGS-80HPT-V2CVSS Score: 9.8NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-46275NVD References:https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-06CVE-2025-46616 - StorNext Web GUI API before 7.2.4 allows Arbitrary Remote Code Execution through file uploads, impacting various StorNext products.Product: Quantum StorNext Web GUI APICVSS Score: 9.9NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-46616NVD References:https://www.quantum.com/en/service-support/security-bulletins/stornext-gui-multiple-security-vulnerabilities-stornext-gui-multiple-security-vulnerabilities/CVE-2025-32432 - Craft CMS versions 3.0.0-RC1 to 3.9.15, 4.0.0-RC1 to 4.14.15, and 5.0.0-RC1 to 5.6.17 are vulnerable to remote code execution, patched in versions 3.9.15, 4.14.15, and 5.6.17 as an additional fix for CVE-2023-41892.Product: Craft CMSCVSS Score: 10.0NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-32432NVD References: -https://github.com/craftcms/cms/security/advisories/GHSA-f3gw-9ww9-jmc3-https://sensepost.com/blog/2025/investigating-an-in-the-wild-campaign-using-rce-in-craftcms/CVE-2025-25775 - Codeastro Bus Ticket Booking System v1.0 is vulnerable to SQL injection via the kodetiket parameter in /BusTicket-CI/tiket/cekorder.Product: Codeastro Bus Ticket Booking SystemCVSS Score: 9.8NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-25775NVD References: -https://codeastro.com/bus-ticket-booking-system-in-php-codeigniter-with-source-code/-https://github.com/arunmodi/Vulnerability-Research/tree/main/CVE-2025-25775CVE-2025-32980 - NETSCOUT nGeniusONE before 6.4.0 b2350 has a Weak Sudo Configuration.Product: NETSCOUT nGeniusONECVSS Score: 9.8NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-32980NVD References:https://www.netscout.com/securityadvisoriesCVE-2025-32985 - NETSCOUT nGeniusONE before 6.4.0 b2350 has Hardcoded Credentials that can be obtained from JAR files.Product: NETSCOUT nGeniusONECVSS Score: 9.8NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-32985NVD References:https://www.netscout.com/securityadvisoriesCVE-2025-3200 - Com-Server is vulnerable to interception and manipulation of encrypted communications by an unauthenticated remote attacker due to using insecure TLS 1.0 and TLS 1.1 protocols.Product: Comtrol Com-ServerCVSS Score: 9.1NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-3200NVD References:https://certvde.com/en/advisories/VDE-2025-031/CVE-2025-46661 - IPW Systems Metazo through 8.1.3 allows unauthenticated Remote Code Execution due to Server-Side Template-Injection, but all instances have been patched by the Supplier.Product: IPW Systems MetazoCVSS Score: 10.0NVD:https://nvd.nist.gov/vuln/detail/CVE-2025-46661NVD References: -https://code-white.com/public-vulnerability-list/-https://www.ipwsystems.com/CVE-2015-2079 - Usermin 0.980 through 1.x before 1.660 is vulnerable to remote code execution via uconfig_save.cgi due to its use of the two argument form of Perl open.Product: Usermin 0.980 through 1.x before 1.660CVSS Score: 9.9NVD:https://nvd.nist.gov/vuln/detail/CVE-2015-2079NVD References: -https://code-white.com/blog/2015-05-cve-2015-2079-rce-usermin/-https://code-white.com/public-vulnerability-list/CVE-2025-45947 - PHPGurukul Online Banquet Booking System V1.2…
CVE-2025-46272 - WGS-80HPT-V2 and WGS-4215-8T2S are vulnerable to command injection attacks, allowing unauthenticated attackers to execute OS commands on the host system.
Product: Winstar WGS-80HPT-V2
CVSS Score: 9.1
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-46272
NVD References:
https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-06
CVE-2025-46275 - WGS-80HPT-V2 and WGS-4215-8T2S have a vulnerability that allows attackers to create an admin account without credentials.
Product: Winstar WGS-80HPT-V2
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-46275
NVD References:
https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-06
CVE-2025-46616 - StorNext Web GUI API before 7.2.4 allows Arbitrary Remote Code Execution through file uploads, impacting various StorNext products.
Product: Quantum StorNext Web GUI API
CVSS Score: 9.9
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-46616
NVD References:
CVE-2025-32432 - Craft CMS versions 3.0.0-RC1 to 3.9.15, 4.0.0-RC1 to 4.14.15, and 5.0.0-RC1 to 5.6.17 are vulnerable to remote code execution, patched in versions 3.9.15, 4.14.15, and 5.6.17 as an additional fix for
Product: Craft CMS
CVSS Score: 10.0
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-32432
NVD References:
-
https://github.com/craftcms/cms/security/advisories/GHSA-f3gw-9ww9-jmc3
-
https://sensepost.com/blog/2025/investigating-an-in-the-wild-campaign-using-rce-in-craftcms/
CVE-2025-25775 - Codeastro Bus Ticket Booking System v1.0 is vulnerable to SQL injection via the kodetiket parameter in /BusTicket-CI/tiket/cekorder.
Product: Codeastro Bus Ticket Booking System
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-25775
NVD References:
-
https://codeastro.com/bus-ticket-booking-system-in-php-codeigniter-with-source-code/
-
https://github.com/arunmodi/Vulnerability-Research/tree/main/CVE-2025-25775
CVE-2025-32980 - NETSCOUT nGeniusONE before 6.4.0 b2350 has a Weak Sudo Configuration.
Product: NETSCOUT nGeniusONE
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-32980
NVD References:
CVE-2025-32985 - NETSCOUT nGeniusONE before 6.4.0 b2350 has Hardcoded Credentials that can be obtained from JAR files.
Product: NETSCOUT nGeniusONE
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-32985
NVD References:
CVE-2025-3200 - Com-Server is vulnerable to interception and manipulation of encrypted communications by an unauthenticated remote attacker due to using insecure TLS 1.0 and TLS 1.1 protocols.
Product: Comtrol Com-Server
CVSS Score: 9.1
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-3200
NVD References:
CVE-2025-46661 - IPW Systems Metazo through 8.1.3 allows unauthenticated Remote Code Execution due to Server-Side Template-Injection, but all instances have been patched by the Supplier.
Product: IPW Systems Metazo
CVSS Score: 10.0
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-46661
NVD References:
-
https://code-white.com/public-vulnerability-list/
-
CVE-2015-2079 - Usermin 0.980 through 1.x before 1.660 is vulnerable to remote code execution via uconfig_save.cgi due to its use of the two argument form of Perl open.
Product: Usermin 0.980 through 1.x before 1.660
CVSS Score: 9.9
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2015-2079
NVD References:
-
https://code-white.com/blog/2015-05-cve-2015-2079-rce-usermin/
-
https://code-white.com/public-vulnerability-list/
CVE-2025-45947 - PHPGurukul Online Banquet Booking System V1.2 is vulnerable to arbitrary code execution through the /obbs/change-password.php file in the My Account - Change Password component.
Product: PHPGurukul Online Banquet Booking System V1.2
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-45947
NVD References:
-
-
https://github.com/VasilVK/CVE/blob/main/CVE-2025-45947/README.MD
CVE-2025-45949 - PHPGurukul User Registration & Login and User Management System V3.3 is vulnerable to a Session Hijacking attack due to improper handling of session data in the Change Password component.
Product: PHPGurukul User Registration & Login and User Management System V3.3
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-45949
NVD References:
-
-
https://github.com/VasilVK/CVE/blob/main/CVE-2025-45949/README.MD
CVE-2025-45953 - PHPGurukul Hostel Management System 2.1 is vulnerable to a Session Hijacking attack in the user panel's Change Password component due to improper handling of session data in the /hostel/change-password.php file.
Product: PHPGurukul Hostel Management System 2.1
CVSS Score: 9.1
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-45953
NVD References:
-
-
https://github.com/VasilVK/CVE/blob/main/CVE-2025-45953/README.MD
CVE-2025-24252 - macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4, iPadOS 18.4, and visionOS 2.4 prior to the update suffered from a use-after-free vulnerability that could allow a local network attacker to corrupt process memory.
Product: Multiple Apple products
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-24252
NVD References:
-
https://support.apple.com/en-us/122371
-
https://support.apple.com/en-us/122372
-
https://support.apple.com/en-us/122373
-
https://support.apple.com/en-us/122374
-
https://support.apple.com/en-us/122375
-
https://support.apple.com/en-us/122377
-
https://support.apple.com/en-us/122378
CVE-2025-46348 - YesWiki allows for unauthorized site backups to be created and downloaded, potentially leading to file system overload or exposure of sensitive information.
Product: YesWiki
CVSS Score: 10.0
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-46348
NVD References:
-
https://github.com/YesWiki/yeswiki/commit/0d4efc880a727599fa4f6d7a64cc967afe475530
-
https://github.com/YesWiki/yeswiki/security/advisories/GHSA-wc9g-6j9w-hr95
CVE-2025-32444 - vLLM is vulnerable to remote code execution due to insecure ZeroMQ sockets when integrated with mooncake versions prior to 0.8.5.
Product: mooncake, Google LLC
CVSS Score: 10.0
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-32444
NVD References:
-
-
https://github.com/vllm-project/vllm/commit/a5450f11c95847cf51a17207af9a3ca5ab569b2c
-
https://github.com/vllm-project/vllm/security/advisories/GHSA-hj4w-hm2g-p6w5
-
https://github.com/vllm-project/vllm/security/advisories/GHSA-x3m8-f7g5-qhm7
CVE-2025-21204 - Improper link resolution before file access ('link following') in Windows Update Stack allows an authorized attacker to elevate privileges locally.
Product: Microsoft Windows Update Stack
CVSS Score: 0
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-21204
ISC Podcast:
https://isc.sans.edu/podcastdetail/9424
CVE-2025-3065 - The Database Toolset plugin is vulnerable to arbitrary file deletion leading to potential remote code execution in versions up to 1.8.4.
Product: Database Toolset plugin
Active Installations: This plugin has been closed as of April 22, 2025 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.1
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-3065
NVD References:
-
-
https://wordpress.org/plugins/database-toolset/
-
CVE-2025-3603 - The Flynax Bridge plugin for WordPress is vulnerable to privilege escalation via account takeover due to lack of proper user identity validation, allowing unauthenticated attackers to change passwords and gain unauthorized access.
Product: Flynax Bridge plugin for WordPress
Active Installations: This plugin has been closed as of April 22, 2025 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-3603
NVD References:
-
https://plugins.trac.wordpress.org/browser/flynax-bridge/trunk/request.php
-
CVE-2025-3604 - The Flynax Bridge plugin for WordPress up to version 2.2.0 allows unauthenticated attackers to change email addresses and escalate privileges through account takeover.
Product: Flynax Bridge plugin for WordPress
Active Installations: This plugin has been closed as of April 22, 2025 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-3604
NVD References:
-
https://plugins.trac.wordpress.org/browser/flynax-bridge/trunk/request.php
-
CVE-2025-46248 - Frontend Dashboard is vulnerable to SQL Injection due to improper neutralization of special elements, affecting versions from n/a through 2.2.5.
Product: M A Vinoth Kumar Frontend Dashboard
Active Installations: 700+
CVSS Score: 9.3
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-46248
NVD References:
CVE-2025-46264 - Angelo Mandato PowerPress Podcasting allows unrestricted upload of file types, enabling a web shell to be uploaded to a web server.
Product: Angelo Mandato PowerPress Podcasting
Active Installations: 30,000+
CVSS Score: 9.9
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-46264
NVD References:
CVE-2025-2470 - The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation up to version 5.1, allowing unauthenticated attackers to register an account with Administrator privileges through the 'nsl_registration_store_extra_input' function when using the Nextend Social Login plugin.
Product: Service Finder Service Finder Bookings plugin
Active Installations: Unknown. Update to version 6.0, or a newer patched version
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-2470
NVD References:
-
https://themeforest.net/item/service-finder-service-and-business-listing-wordpress-theme/15208793
-
CVE-2025-2907 - The Order Delivery Date WordPress plugin before 12.3.1 is vulnerable to authorization bypass and CSRF attacks, allowing attackers to manipulate user roles and gain administrative access to the site.
Product: WordPress Order Delivery Date WordPress plugin
Active Installations: 10,000+
CVSS Score: 9.8
NVD:
CVE-2025-45947 - PHPGurukul Online Banquet Booking System V1.2 is vulnerable to arbitrary code execution through the /obbs/change-password.php file in the My Account - Change Password component.
Product: PHPGurukul Online Banquet Booking System V1.2
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-45947
NVD References:
-
-
https://github.com/VasilVK/CVE/blob/main/CVE-2025-45947/README.MD
CVE-2025-45949 - PHPGurukul User Registration & Login and User Management System V3.3 is vulnerable to a Session Hijacking attack due to improper handling of session data in the Change Password component.
Product: PHPGurukul User Registration & Login and User Management System V3.3
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-45949
NVD References:
-
-
https://github.com/VasilVK/CVE/blob/main/CVE-2025-45949/README.MD
CVE-2025-45953 - PHPGurukul Hostel Management System 2.1 is vulnerable to a Session Hijacking attack in the user panel's Change Password component due to improper handling of session data in the /hostel/change-password.php file.
Product: PHPGurukul Hostel Management System 2.1
CVSS Score: 9.1
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-45953
NVD References:
-
-
https://github.com/VasilVK/CVE/blob/main/CVE-2025-45953/README.MD
CVE-2025-24252 - macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4, iPadOS 18.4, and visionOS 2.4 prior to the update suffered from a use-after-free vulnerability that could allow a local network attacker to corrupt process memory.
Product: Multiple Apple products
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-24252
NVD References:
-
https://support.apple.com/en-us/122371
-
https://support.apple.com/en-us/122372
-
https://support.apple.com/en-us/122373
-
https://support.apple.com/en-us/122374
-
https://support.apple.com/en-us/122375
-
https://support.apple.com/en-us/122377
-
CVE-2025-46348 - YesWiki allows for unauthorized site backups to be created and downloaded, potentially leading to file system overload or exposure of sensitive information.
Product: YesWiki
CVSS Score: 10.0
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-46348
NVD References:
-
https://github.com/YesWiki/yeswiki/commit/0d4efc880a727599fa4f6d7a64cc967afe475530
-
https://github.com/YesWiki/yeswiki/security/advisories/GHSA-wc9g-6j9w-hr95
CVE-2025-32444 - vLLM is vulnerable to remote code execution due to insecure ZeroMQ sockets when integrated with mooncake versions prior to 0.8.5.
Product: mooncake, Google LLC
CVSS Score: 10.0
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-32444
NVD References:
-
-
https://github.com/vllm-project/vllm/commit/a5450f11c95847cf51a17207af9a3ca5ab569b2c
-
https://github.com/vllm-project/vllm/security/advisories/GHSA-hj4w-hm2g-p6w5
-
https://github.com/vllm-project/vllm/security/advisories/GHSA-x3m8-f7g5-qhm7
CVE-2025-21204 - Improper link resolution before file access ('link following') in Windows Update Stack allows an authorized attacker to elevate privileges locally.
Product: Microsoft Windows Update Stack
CVSS Score: 0
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-21204
ISC Podcast:
CVE-2025-3065 - The Database Toolset plugin is vulnerable to arbitrary file deletion leading to potential remote code execution in versions up to 1.8.4.
Product: Database Toolset plugin
Active Installations: This plugin has been closed as of April 22, 2025 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.1
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-3065
NVD References:
-
-
https://wordpress.org/plugins/database-toolset/
-
CVE-2025-3603 - The Flynax Bridge plugin for WordPress is vulnerable to privilege escalation via account takeover due to lack of proper user identity validation, allowing unauthenticated attackers to change passwords and gain unauthorized access.
Product: Flynax Bridge plugin for WordPress
Active Installations: This plugin has been closed as of April 22, 2025 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-3603
NVD References:
-
https://plugins.trac.wordpress.org/browser/flynax-bridge/trunk/request.php
-
CVE-2025-3604 - The Flynax Bridge plugin for WordPress up to version 2.2.0 allows unauthenticated attackers to change email addresses and escalate privileges through account takeover.
Product: Flynax Bridge plugin for WordPress
Active Installations: This plugin has been closed as of April 22, 2025 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-3604
NVD References:
-
https://plugins.trac.wordpress.org/browser/flynax-bridge/trunk/request.php
-
CVE-2025-46248 - Frontend Dashboard is vulnerable to SQL Injection due to improper neutralization of special elements, affecting versions from n/a through 2.2.5.
Product: M A Vinoth Kumar Frontend Dashboard
Active Installations: 700+
CVSS Score: 9.3
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-46248
NVD References:
CVE-2025-46264 - Angelo Mandato PowerPress Podcasting allows unrestricted upload of file types, enabling a web shell to be uploaded to a web server.
Product: Angelo Mandato PowerPress Podcasting
Active Installations: 30,000+
CVSS Score: 9.9
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-46264
NVD References:
CVE-2025-2470 - The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation up to version 5.1, allowing unauthenticated attackers to register an account with Administrator privileges through the 'nsl_registration_store_extra_input' function when using the Nextend Social Login plugin.
Product: Service Finder Service Finder Bookings plugin
Active Installations: Unknown. Update to version 6.0, or a newer patched version
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-2470
NVD References:
-
https://themeforest.net/item/service-finder-service-and-business-listing-wordpress-theme/15208793
-
CVE-2025-2907 - The Order Delivery Date WordPress plugin before 12.3.1 is vulnerable to authorization bypass and CSRF attacks, allowing attackers to manipulate user roles and gain administrative access to the site.
Product: WordPress Order Delivery Date WordPress plugin
Active Installations: 10,000+
CVSS Score: 9.8
NVD:
Sponsors
Short description of the section to provide users context and value of the content being featured in this carousel.
Wiz
Organizations of all sizes and industries use Wiz to rapidly identify and remove the most critical risks in AWS, Azure, GCP, and Kubernetes so they can build faster and more securely.
SANS
SANS Institute
SANS
SANS Institute
Corellium
Arm device virtualization for mobile security research, mobile app testing, IoT device modeling, and beyond. Powerful security and testing tools for iOS, Android, and Linux phones and devices.