The Consensus Security Vulnerability Alert

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

Apple Patches Exploited Vulnerability

Published: 2025-04-16

Last Updated: 2025-04-16 18:44:59 UTC

by Johannes Ullrich (Version: 1)

Today, Apple patched two vulnerabilities that had already been exploited. The vulnerabilities were exploited against iOS but also exist in macOS, tvOS, and visionOS. Apple released updates for all affected operating systems ...

Read the full entry: https://isc.sans.edu/diary/Apple+Patches+Exploited+Vulnerability/31866/

Exploit Attempts for Recent Langflow AI Vulnerability (CVE-2025-3248)

Published: 2025-04-12

Last Updated: 2025-04-13 00:21:28 UTC

by Johannes Ullrich (Version: 1)

Two weeks ago, version 1.3.0 of Langflow was released. The release notes list many fixes but do not mention that one of the "Bug Fixes" addresses a major vulnerability. Instead, the release notes state, "auth current user on code validation."

Its website states, "Langflow is a low-code tool for developers that makes it easier to build powerful AI agents and workflows that can use any API, model, or database." It can be installed as a Python package, a standalone desktop application, or as a cloud-hosted service. DataStax provides a ready-built cloud-hosted environment for Langflow.

The vulnerability went somewhat unnoticed, at least by me, until Horizon3 created a detailed writeup showing how easy it is to exploit the vulnerability and provide proof of concept exploit. Horizon3 published its blog on April 9th. We saw a first hit to the vulnerable URL [...] on April 10th. Today (April 12th), we saw a significant increase in hits for this URL ...

Read the full entry:

https://isc.sans.edu/diary/Exploit+Attempts+for+Recent+Langflow+AI+Vulnerability+CVE20253248/31850/

Network Infraxploit [Guest Diary]]

Published: 2025-04-09

Last Updated: 2025-04-10 00:38:56 UTC

by Guy Bruneau (Version: 1)

[This is a Guest Diary by Matthew Gorman, an ISC intern as part of the SANS.edu BACS program]

Background

I recently had the opportunity to get hands on with some Cisco networking devices. Due to being a network engineer prior to my current job as a network forensics analyst, I have a relatively solid understanding of these infrastructure devices and how they work. I wanted to write this blog detailing some of the critical oversights I see in my current job that are common for these devices and how they are abused by attackers that are also familiar with how they work. To demonstrate this I will be walking through a vulnerability that was first discovered in 2018 for these network Infrastructure devices, CVE-2018-0171, a Remote Code Execution exploit targeting Cisco's Smart Install feature.

CVE-2018-0171

Cisco's Smart Install feature is a 'plug and play' configuration feature that allows for new networking devices to be deployed remotely and when plugged in they will configure themselves automatically without needing the support of a network administrator. This greatly eases the burden of network administrators needing to go on site where the device is to make the basic initial configuration changes to ensure it is remotely accessible.

The problem with smart install is three pronged. First, this feature is enabled by default on Cisco devices. The second is that, by design, Smart Install protocol does not require authentication prior to use. The third, and last, prong is that due to the nature of the devices facilitating the flow of network traffic in and out of organizations, the port is often publicly accessible. In fact, doing a cursory search on Censys for this port and the service name associated with Cisco Smart Install (SMI) pulled up 1,239 devices with this service publicly accessible ...

Read the full entry: https://isc.sans.edu/diary/Network+Infraxploit+Guest+Diary/31844/

Online Services Again Abused to Exfiltrate Data (2025.04.15)

https://isc.sans.edu/diary/Online+Services+Again+Abused+to+Exfiltrate+Data/31862/

xorsearch.py: Searching With Regexes (2025.04.14)

https://isc.sans.edu/diary/xorsearchpy+Searching+With+Regexes/31854/

Microsoft April 2025 Patch Tuesday (2025.04.08)

https://isc.sans.edu/diary/Microsoft+April+2024+Patch+Tuesday/31838/

Apple Patches Everything: March 31st 2025 Edition (2025.03.31)

https://isc.sans.edu/diary/Apple+Patches+Everything+March+31st+2025+Edition/31816/

The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

Product: Cisco Ios 15.2\(5\)e

CVSS Score: 0

** KEV since 2021-11-03 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2018-0171

ISC Podcast: https://isc.sans.edu/podcastdetail/9404

Product: Gladinet CentreStack

CVSS Score: 0

** KEV since 2025-04-08 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30406

ISC Podcast: https://isc.sans.edu/podcastdetail/9402

Product: Linux ALSA

CVSS Score: Linux ALSA (Advanced Linux Sound Architecture)

** KEV since 2025-04-09 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-53150

ISC Podcast: https://isc.sans.edu/podcastdetail/9402

Product: Linux ALSA (Advanced Linux Sound Architecture)

CVSS Score: 0

** KEV since 2025-04-09 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-53197

ISC Podcast: https://isc.sans.edu/podcastdetail/9402

Product: Microsoft Windows 10 1607

CVSS Score: 7.8

** KEV since 2025-04-08 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-29824

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29824

Product: Langflow versions prior to 1.3.0

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-3248

ISC Podcast: https://isc.sans.edu/podcastdetail/9404

Product: HGiga iSherlock

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-3361

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-3362

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-3363

NVD References:

- https://www.twcert.org.tw/en/lp-139-2.html

- https://www.twcert.org.tw/tw/cp-132-10051-76634-1.html

- https://www.twcert.org.tw/en/cp-139-10055-7dacf-2.html

- https://www.twcert.org.tw/tw/cp-132-10053-890b1-1.html

- https://www.twcert.org.tw/en/cp-139-10056-c553a-2.html

- https://www.twcert.org.tw/tw/cp-132-10054-84588-1.html

Product: SAP S/4HANA

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27429

NVD References:

- https://me.sap.com/notes/3581961

- https://url.sap/sapsecuritypatchday

Product: SAP Financial Consolidation

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30016

NVD References:

- https://me.sap.com/notes/3572688

- https://url.sap/sapsecuritypatchday

Product: SAP Landscape Transformation (SLT)

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-31330

NVD References:

- https://me.sap.com/notes/3587115

- https://url.sap/sapsecuritypatchday

Product: Siemens SENTRON 7KT PAC1260 Data Manager

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41788

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41789

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41790

NVD References: https://cert-portal.siemens.com/productcert/html/ssa-187636.html

Product: Siemens SENTRON 7KT PAC1260 Data ManagerCVSS Score: 10.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41794NVD References: https://cert-portal.siemens.com/productcert/html/ssa-187636.htmlCVE-2024-54092 - Industrial Edge Device Kit and related devices are vulnerable to unauthorized user impersonation due to a lack of proper user authentication enforcement on specific API endpoints when identity federation is used.Products: Siemens Industrial Edge Device Kit, SCALANCE LPE9413, SIMATIC IPC BX-39A Industrial Edge Device, SIMATIC IPC BX-59A Industrial Edge Device, SIMATIC IPC127E Industrial Edge Device, SIMATIC IPC227E Industrial Edge Device, SIMATIC IPC427E Industrial Edge Device, SIMATIC IPC847E Industrial Edge DeviceCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54092NVD References: - https://cert-portal.siemens.com/productcert/html/ssa-634640.html- https://cert-portal.siemens.com/productcert/html/ssa-819629.htmlCVE-2025-32028 - HAX CMS PHP allows for potential file upload vulnerability due to incomplete denylist blocking certain file types, leading to a "fail open" scenario rather than "fail closed."Product: HAX CMS PHPCVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32028NVD References: - https://github.com/haxtheweb/issues/security/advisories/GHSA-vj5q-3jv2-cg5p- https://github.com/haxtheweb/issues/security/advisories/GHSA-vj5q-3jv2-cg5pCVE-2024-48887 - Fortinet FortiSwitch GUI is vulnerable to unauthenticated remote password changes due to a password change vulnerability.Product: Fortinet FortiSwitchCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48887NVD References: https://fortiguard.fortinet.com/psirt/FG-IR-24-435CVE-2025-25226 - Database package quoteNameStr method SQL injection vulnerability due to improper identifier handling.Product: database package quoteNameStr methodCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-25226NVD References: https://developer.joomla.org/security-centre/963-20250401-framework-sql-injection-vulnerability-in-quotenamestr-method-of-database-package.htmlCVE-2025-21204 - Improper link resolution before file access ('link following') in Windows Update Stack allows an authorized attacker to elevate privileges locally.Product: Microsoft Windows Update StackCVSS Score: 7.8 AtRiskScore 30NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21204ISC Podcast: https://isc.sans.edu/podcastdetail/9406NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21204CVE-2025-24446 - ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are vulnerable to an Improper Input Validation issue allowing for arbitrary code execution with user interaction required.Product: Adobe ColdFusionCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24446NVD References: https://helpx.adobe.com/security/products/coldfusion/apsb25-15.htmlCVE-2025-24447 - ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are vulnerable to a Deserialization of Untrusted Data flaw that allows for arbitrary code execution through user interaction.Product: Adobe ColdFusionCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24447NVD References: https://helpx.adobe.com/security/products/coldfusion/apsb25-15.htmlCVE-2025-30281 - ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier have an Improper Access Control vulnerability allowing attackers to read arbitrary file systems without authorization, potentially leading to unauthorized access or modification of sensitive data without user interaction.Product: Adobe ColdFusionCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30281NVD References: https://helpx.adobe.com/security/products/coldfusion/apsb25-15.htmlCVE-2025-30282 - ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are vulnerable to an Improper Authentication flaw, allowing attackers to execute arbitrary code in the context of the current user by bypassing authentication mechanisms with victim interaction.Product: Adobe ColdFusionCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30282NVD References: https://helpx.adobe.com/security/products/coldfusion/apsb25-15.htmlCVE-2025-32461 - Tiki's wikiplugin_includetpl in lib/wiki-plugins/wikiplugin_includetpl.php before version 28.3 allows for input mishandling in an eval function.Product: Tiki wikiplugin_includetplCVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32461NVD References: - https://tiki.org/article517- https://tiki.org/article518CVE-2025-27797 - Wi-Fi AP UNIT 'AC-WPS-11ac series' is vulnerable to OS command injection, allowing remote attackers to execute arbitrary commands by logging in to the service.Product: TP-Link AC-WPS-11ac series CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27797NVD References: - https://jvn.jp/en/vu/JVNVU93925742/- https://www.inaba.co.jp/abaniact/news/security_20250404.pdfCVE-2025-32375 - BentoML's runner server prior to 1.4.8 is vulnerable to insecure deserialization, allo…

Product: HAX CMS PHP

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32028

NVD References:

- https://github.com/haxtheweb/issues/security/advisories/GHSA-vj5q-3jv2-cg5p

- https://github.com/haxtheweb/issues/security/advisories/GHSA-vj5q-3jv2-cg5p

Product: Fortinet FortiSwitch

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48887

NVD References: https://fortiguard.fortinet.com/psirt/FG-IR-24-435

Product: database package quoteNameStr method

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-25226

NVD References: https://developer.joomla.org/security-centre/963-20250401-framework-sql-injection-vulnerability-in-quotenamestr-method-of-database-package.html

Product: Microsoft Windows Update StackCVSS Score: 7.8 AtRiskScore 30NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21204ISC Podcast: https://isc.sans.edu/podcastdetail/9406NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21204CVE-2025-24446 - ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are vulnerable to an Improper Input Validation issue allowing for arbitrary code execution with user interaction required.Product: Adobe ColdFusionCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24446NVD References: https://helpx.adobe.com/security/products/coldfusion/apsb25-15.htmlCVE-2025-24447 - ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are vulnerable to a Deserialization of Untrusted Data flaw that allows for arbitrary code execution through user interaction.Product: Adobe ColdFusionCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24447NVD References: https://helpx.adobe.com/security/products/coldfusion/apsb25-15.htmlCVE-2025-30281 - ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier have an Improper Access Control vulnerability allowing attackers to read arbitrary file systems without authorization, potentially leading to unauthorized access or modification of sensitive data without user interaction.Product: Adobe ColdFusionCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30281NVD References: https://helpx.adobe.com/security/products/coldfusion/apsb25-15.htmlCVE-2025-30282 - ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are vulnerable to an Improper Authentication flaw, allowing attackers to execute arbitrary code in the context of the current user by bypassing authentication mechanisms with victim interaction.Product: Adobe ColdFusionCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30282NVD References: https://helpx.adobe.com/security/products/coldfusion/apsb25-15.htmlCVE-2025-32461 - Tiki's wikiplugin_includetpl in lib/wiki-plugins/wikiplugin_includetpl.php before version 28.3 allows for input mishandling in an eval function.Product: Tiki wikiplugin_includetplCVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32461NVD References: - https://tiki.org/article517- https://tiki.org/article518CVE-2025-27797 - Wi-Fi AP UNIT 'AC-WPS-11ac series' is vulnerable to OS command injection, allowing remote attackers to execute arbitrary commands by logging in to the service.Product: TP-Link AC-WPS-11ac series CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27797NVD References: - https://jvn.jp/en/vu/JVNVU93925742/- https://www.inaba.co.jp/abaniact/news/security_20250404.pdfCVE-2025-32375 - BentoML's runner server prior to 1.4.8 is vulnerable to insecure deserialization, allowing attackers to execute unauthorized arbitrary code and gain initial access and information disclosure on the server.Product: BentoML's runner serverCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32375NVD References: - https://github.com/bentoml/BentoML/security/advisories/GHSA-7v4r-c989-xh26- https://github.com/bentoml/BentoML/security/advisories/GHSA-7v4r-c989-xh26CVE-2024-55210 - An issue in TOTVS Framework (Linha Protheus) 12.1.2310 allows attackers to bypass multi-factor authentication (MFA) via a crafted websocket message.Product: TOTVS Framework (Linha Protheus)CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55210NVD References: https://github.com/c4cnm/CVE-2024-55210/CVE-2024-58136 - Yii 2 before 2.0.52 has a CVE-2024-4990 regression that mishandles attaching behaviors defined by an __class array key, exploited in the wild from February to April 2025.Product: Yii 2CVSS Score: 9.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-58136NVD References: https://www.yiiframework.com/news/709/please-upgrade-to-yii-2-0-52CVE-2025-27690 - Dell PowerScale OneFS versions 9.5.0.0 through 9.10.1.0 have a default password vulnerability allowing unauthenticated attackers to take over high privileged user accounts.Product: Dell PowerScale OneFSCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27690NVD References: https://www.dell.com/support/kbdoc/en-us/000300860/dsa-2025-119-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilitiesCVE-2025-32754 & CVE-2025-32755 - Jenkins/ssh-agent and /ssh-slave Docker images 6.11.1 and earlier have a vulnerability where SSH host keys are shared among containers, allowing attackers to impersonate SSH build agents.Product: Jenkins ssh-agent Docker imagesCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32754NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32755NVD References: https://www.jenkins.io/security/advisory/2025-04-10/#SECURITY-3565CVE-2025-32743 - ConnMan through version 1.44 is vulnerable to a denial of service attack and potential code execution due to a NULL or empty lookup string in ns_resolv when the Truncated bit is set in a DNS response.Product: ConnManCVSS Score: 9.0NVD: https://nvd.nist.gov/vuln/…

Product: Adobe ColdFusion

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24447

NVD References: https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html

Product: Adobe ColdFusion

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30281

NVD References: https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html

Product: Adobe ColdFusion

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30282

NVD References: https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html

Product: Tiki wikiplugin_includetpl

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32461

NVD References:

- https://tiki.org/article517

- https://tiki.org/article518

Product: TP-Link AC-WPS-11ac series

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27797

NVD References:

- https://jvn.jp/en/vu/JVNVU93925742/

- https://www.inaba.co.jp/abaniact/news/security_20250404.pdf

Product: BentoML's runner server

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32375

NVD References:

- https://github.com/bentoml/BentoML/security/advisories/GHSA-7v4r-c989-xh26

- https://github.com/bentoml/BentoML/security/advisories/GHSA-7v4r-c989-xh26

Product: TOTVS Framework (Linha Protheus)

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55210

NVD References: https://github.com/c4cnm/CVE-2024-55210/

Product: Yii 2

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-58136

NVD References: https://www.yiiframework.com/news/709/please-upgrade-to-yii-2-0-52

Product: Dell PowerScale OneFS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27690

NVD References: https://www.dell.com/support/kbdoc/en-us/000300860/dsa-2025-119-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities

Product: Jenkins ssh-agent Docker images

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32754

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32755

NVD References: https://www.jenkins.io/security/advisory/2025-04-10/#SECURITY-3565

Product: ConnMan

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32743

NVD References:

- https://lapis-sawfish-be3.notion.site/0-click-Vulnerability-in-Comman-1-43_v3-1cadc00d01d080b0b3b9c46a6da584cc

- https://web.git.kernel.org/pub/scm/network/connman/connman.git/tree/src/dnsproxy.c?h=1.44#n1688

Product: SUSE RancherCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-23391NVD References: - https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-23391- https://github.com/rancher/rancher/security/advisories/GHSA-8p83-cpfg-fj3gCVE-2025-32931 - DevDojo Voyager versions 1.4.0 through 1.8.0, with Laravel 8 or later, allows authenticated admins to run risky OS commands via a specific php artisan command.Product: DevDojo VoyagerCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32931NVD References: - https://github.com/lishihihi/voyager-issue-report/- https://github.com/thedevdojo/voyager/blob/1.8/docs/core-concepts/compass.md- https://github.com/thedevdojo/voyager/blob/7e7e0f4f0e115d2d9e0481a86153a1ceff194c00/resources/views/compass/includes/commands.blade.php#L11-L16CVE-2025-1782 - HylaFAX Enterprise Web Interface and AvantFAX are vulnerable to arbitrary file inclusion due to improper sanitization of the language form element, allowing authenticated attackers to execute commands as the web server user.Product: HylaFAX Enterprise Web InterfaceCVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1782NVD References: https://www.ifax.com/security/CVE-2025-1782.htmlCVE-2025-24797 - Meshtastic is vulnerable to an attacker-controlled buffer overflow via invalid protobuf data in mesh packets, potentially leading to remote code execution without authentication or user interaction, fixed in version 2.6.2.Product: MeshtasticCVSS Score: 9.4NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24797NVD References: https://github.com/meshtastic/firmware/security/advisories/GHSA-33hw-xhfh-944rCVE-2025-28137 - The TOTOLINK A810R V4.1.2cu.5182_B20201026 router is vulnerable to a remote command execution flaw in the setNoticeCfg function.Product: TOTOLINK A810RCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-28137NVD References: - https://github.com/Zerone0x00/CVE/blob/main/TOTOLINK/CVE-2025-28137.md- https://sudsy-eyeliner-a59.notion.site/RCE1-1ab72b8cd95f80d09eded269810f3756?pvs=4- https://sudsy-eyeliner-a59.notion.site/RCE1-1ab72b8cd95f80d09eded269810f3756CVE-2025-32911 - Libsoup is vulnerable to a use-after-free memory issue in the soup_message_headers_get_content_disposition() function, allowing a malicious HTTP client to cause memory corruption in the server.Product: libsoup soup_message_headersCVSS Score: 9.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32911NVD References: - https://access.redhat.com/security/cve/CVE-2025-32911- https://bugzilla.redhat.com/show_bug.cgi?id=2359355CVE-2025-25456 - Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via mac2.Product: Tenda AC10CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-25456NVD References: - https://gist.github.com/xyqer1/ab1e6a2bd369aaada0666639c843aff0- https://github.com/xyqer1/Tenda-AC10-AdvSetMacMtuWan-mac2-StackOverflow- https://gist.github.com/xyqer1/ab1e6a2bd369aaada0666639c843aff0- https://github.com/xyqer1/Tenda-AC10-AdvSetMacMtuWan-mac2-StackOverflowCVE-2025-2567 - ATG monitoring systems are at risk of being modified or disabled by attackers, impacting fuel monitoring and supply chain operations and potentially causing safety hazards in fuel storage and transportation.Product: Veeder-Root Automatic Tank Gauge (ATG) CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-2567NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-05CVE-2025-30206 - Dpanel is a Docker visualization panel system with a hardcoded JWT secret, allowing attackers to generate valid tokens and compromise the host machine.Product: Dpanel Docker visualization panel systemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30206NVD References: https://github.com/donknap/dpanel/security/advisories/GHSA-j752-cjcj-w847CVE-2025-32445 - Argo Events allows a user to gain privileged access to the host system and cluster by customizing EventSource and Sensor CRs, even without direct administrative privileges, making it fixed in v1.9.6.Product: Argo EventsCVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32445NVD References: - https://github.com/argoproj/argo-events/commit/18412293a699f559848b00e6e459c9ce2de0d3e2- https://github.com/argoproj/argo-events/security/advisories/GHSA-hmp7-x699-cvhqCVE-2025-30727 - The Oracle Scripting product in Oracle E-Business Suite (component: iSurvey Module) versions 12.2.3-12.2.14 is vulnerable to an easily exploitable attack allowing an unauthenticated attacker to potentially take over Oracle Scripting.Product: Oracle E-Business SuiteCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30727NVD References: https://www.oracle.com/security-alerts/cpuapr2025.htmlCVE-2025-24297 - Due to lack of server-side input validation, attackers can inject malicious JavaScript code into users personal spaces of the web portal.Product: Growatt Cloud ApplicationsCVSS Score: 9.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24297NVD Referenc…

Product: DevDojo Voyager

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32931

NVD References:

- https://github.com/lishihihi/voyager-issue-report/

- https://github.com/thedevdojo/voyager/blob/1.8/docs/core-concepts/compass.md

- https://github.com/thedevdojo/voyager/blob/7e7e0f4f0e115d2d9e0481a86153a1ceff194c00/resources/views/compass/includes/commands.blade.php#L11-L16

Product: HylaFAX Enterprise Web Interface

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1782

NVD References: https://www.ifax.com/security/CVE-2025-1782.html

Product: Meshtastic

CVSS Score: 9.4

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24797

NVD References: https://github.com/meshtastic/firmware/security/advisories/GHSA-33hw-xhfh-944r

Product: TOTOLINK A810R

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-28137

NVD References:

- https://github.com/Zerone0x00/CVE/blob/main/TOTOLINK/CVE-2025-28137.md

- https://sudsy-eyeliner-a59.notion.site/RCE1-1ab72b8cd95f80d09eded269810f3756?pvs=4

- https://sudsy-eyeliner-a59.notion.site/RCE1-1ab72b8cd95f80d09eded269810f3756

Product: libsoup soup_message_headersCVSS Score: 9.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32911NVD References: - https://access.redhat.com/security/cve/CVE-2025-32911- https://bugzilla.redhat.com/show_bug.cgi?id=2359355CVE-2025-25456 - Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via mac2.Product: Tenda AC10CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-25456NVD References: - https://gist.github.com/xyqer1/ab1e6a2bd369aaada0666639c843aff0- https://github.com/xyqer1/Tenda-AC10-AdvSetMacMtuWan-mac2-StackOverflow- https://gist.github.com/xyqer1/ab1e6a2bd369aaada0666639c843aff0- https://github.com/xyqer1/Tenda-AC10-AdvSetMacMtuWan-mac2-StackOverflowCVE-2025-2567 - ATG monitoring systems are at risk of being modified or disabled by attackers, impacting fuel monitoring and supply chain operations and potentially causing safety hazards in fuel storage and transportation.Product: Veeder-Root Automatic Tank Gauge (ATG) CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-2567NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-05CVE-2025-30206 - Dpanel is a Docker visualization panel system with a hardcoded JWT secret, allowing attackers to generate valid tokens and compromise the host machine.Product: Dpanel Docker visualization panel systemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30206NVD References: https://github.com/donknap/dpanel/security/advisories/GHSA-j752-cjcj-w847CVE-2025-32445 - Argo Events allows a user to gain privileged access to the host system and cluster by customizing EventSource and Sensor CRs, even without direct administrative privileges, making it fixed in v1.9.6.Product: Argo EventsCVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32445NVD References: - https://github.com/argoproj/argo-events/commit/18412293a699f559848b00e6e459c9ce2de0d3e2- https://github.com/argoproj/argo-events/security/advisories/GHSA-hmp7-x699-cvhqCVE-2025-30727 - The Oracle Scripting product in Oracle E-Business Suite (component: iSurvey Module) versions 12.2.3-12.2.14 is vulnerable to an easily exploitable attack allowing an unauthenticated attacker to potentially take over Oracle Scripting.Product: Oracle E-Business SuiteCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30727NVD References: https://www.oracle.com/security-alerts/cpuapr2025.htmlCVE-2025-24297 - Due to lack of server-side input validation, attackers can inject malicious JavaScript code into users personal spaces of the web portal.Product: Growatt Cloud ApplicationsCVSS Score: 9.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24297NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04CVE-2025-30510 - An insufficient type distinction vulnerability could allow an attacker to upload an arbitrary file instead of a plant image.Product: Growatt Cloud ApplicationsCVSS Score: 9.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30510NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04CVE-2025-30215 - NATS-Server versions prior to 2.10.27 and 2.11.1 allow unauthorized users with JS management permissions to perform administrative actions on any JS asset in any account, potentially leading to data destruction.Product: NATS-ServerCVSS Score: 9.6NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30215NVD References: - https://advisories.nats.io/CVE/secnote-2025-01.txt- https://github.com/nats-io/nats-server/security/advisories/GHSA-fhg8-qxh5-7q3w- http://www.openwall.com/lists/oss-security/2025/04/08/5CVE-2025-3495 - Delta Electronics COMMGR v1 and v2 is vulnerable to session ID brute force attacks, allowing an attacker to load and execute arbitrary code.Product: Delta Electronics COMMGR v1 and v2CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-3495NVD References: - https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00005_COMMGR%20-%20Insufficient%20Randomization%20Authentication%20Bypass_v1.pdf- https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-07CVE-2025-2004 - The Simple WP Events plugin for WordPress is vulnerable to arbitrary file deletion, allowing unauthenticated attackers to delete important files and potentially execute remote code.Product: Simple WP Events WordPress pluginActive Installations: This plugin has been closed as of April 4, 2025 and is not available for download. This closure is temporary, pending a full review.CVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-2004NVD References: - https://plugins.trac.wordpress.org/browser/simple-wp-events/trunk/admin/includes/wp-events-export-events.php#L399- https://www.wordfence.com/threat-intel/vulnerabilities/id/abdca93e-f68d-4a96-8bd7-443ee46ccb5a?source=cveCVE-2025-31002 - Bogdan Bendziukov Squeeze allows for the unrestricted upload of dangerous files, allowing for the use of malicious files.Product: Bogdan Bendziukov SqueezeActive Installations: 400+CVSS Score: 9.1NVD: https:/…

Product: Tenda AC10

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-25456

NVD References:

- https://gist.github.com/xyqer1/ab1e6a2bd369aaada0666639c843aff0

- https://github.com/xyqer1/Tenda-AC10-AdvSetMacMtuWan-mac2-StackOverflow

- https://gist.github.com/xyqer1/ab1e6a2bd369aaada0666639c843aff0

- https://github.com/xyqer1/Tenda-AC10-AdvSetMacMtuWan-mac2-StackOverflow

Product: Veeder-Root Automatic Tank Gauge (ATG)

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-2567

NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-05

Product: Dpanel Docker visualization panel system

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30206

NVD References: https://github.com/donknap/dpanel/security/advisories/GHSA-j752-cjcj-w847

Product: Argo Events

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32445

NVD References:

- https://github.com/argoproj/argo-events/commit/18412293a699f559848b00e6e459c9ce2de0d3e2

- https://github.com/argoproj/argo-events/security/advisories/GHSA-hmp7-x699-cvhq

Product: Oracle E-Business Suite

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30727

NVD References: https://www.oracle.com/security-alerts/cpuapr2025.html

Product: Growatt Cloud Applications

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24297

NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04

Product: Growatt Cloud Applications

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30510

NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04

Product: NATS-Server

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30215

NVD References:

- https://advisories.nats.io/CVE/secnote-2025-01.txt

- https://github.com/nats-io/nats-server/security/advisories/GHSA-fhg8-qxh5-7q3w

- http://www.openwall.com/lists/oss-security/2025/04/08/5

Product: Delta Electronics COMMGR v1 and v2

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-3495

NVD References:

- https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00005_COMMGR%20-%20Insufficient%20Randomization%20Authentication%20Bypass_v1.pdf

- https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-07

Product: Simple WP Events WordPress plugin

Active Installations: This plugin has been closed as of April 4, 2025 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-2004

NVD References:

- https://plugins.trac.wordpress.org/browser/simple-wp-events/trunk/admin/includes/wp-events-export-events.php#L399

- https://www.wordfence.com/threat-intel/vulnerabilities/id/abdca93e-f68d-4a96-8bd7-443ee46ccb5a?source=cve

Product: Bogdan Bendziukov Squeeze

Active Installations: 400+

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-31002

NVD References: https://patchstack.com/database/wordpress/plugin/squeeze/vulnerability/wordpress-squeeze-plugin-1-6-arbitrary-file-upload-vulnerability?_s_id=cve

Product: Adam Nowak Buddypress Humanity

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-31033

NVD References: https://patchstack.com/database/wordpress/plugin/buddypress-humanity/vulnerability/wordpress-buddypress-humanity-plugin-1-2-csrf-to-privilege-escalation-vulnerability?_s_id=cve

Product: Uncodethemes Ultra Demo Importer

Active Installations: unknown

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32496

NVD References: https://patchstack.com/database/wordpress/plugin/ut-demo-importer/vulnerability/wordpress-ultra-demo-importer-plugin-1-0-5-csrf-to-rce-vulnerability?_s_id=cve

Product: Agence web Eoxia - Montpellier WP shop

Active Installations: unknown

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32576

NVD References: https://patchstack.com/database/wordpress/plugin/wpshop/vulnerability/wordpress-wp-shop-plugin-2-6-0-csrf-to-arbitrary-file-upload-vulnerability?_s_id=cve

Product: anantaddons Anant Addons for Elementor

Active Installations: 400+

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32641

NVD References: https://patchstack.com/database/wordpress/plugin/anant-addons-for-elementor/vulnerability/wordpress-anant-addons-for-elementor-plugin-1-1-5-csrf-to-arbitrary-plugin-installation-vulnerability?_s_id=cve

Product: appsbd Vite Coupon

Active Installations: This plugin has been closed as of April 8, 2025 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32642

NVD References: https://patchstack.com/database/wordpress/plugin/vite-coupon/vulnerability/wordpress-vite-coupon-plugin-1-0-7-csrf-to-remote-code-execution-rce-vulnerability?_s_id=cve

Product: Mestres do Checkout Mestres WP

Active Installations: This plugin has been closed as of March 27, 2025 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32695

NVD References: https://patchstack.com/database/wordpress/plugin/checkout-mestres-wp/vulnerability/wordpress-checkout-mestres-wp-8-7-5-privilege-escalation-vulnerability?_s_id=cve

Product: Nirmal Kumar Ram WP Remote Thumbnail

Active Installations: 100+

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32140

NVD References: https://patchstack.com/database/wordpress/plugin/wp-remote-thumbnail/vulnerability/wordpress-wp-remote-thumbnail-plugin-1-3-1-arbitrary-file-upload-vulnerability?_s_id=cve

Product: Brian Batt elearningfreak.com Insert or Embed Articulate Content into WordPress

Active Installations: 2,000+

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32202

NVD References: https://patchstack.com/database/wordpress/plugin/insert-or-embed-articulate-content-into-wordpress/vulnerability/wordpress-insert-or-embed-articulate-content-into-wordpress-plugin-4-3000000025-arbitrary-file-upload-vulnerability?_s_id=cve

Product: LABCAT Processing Projects

Active Installations: unknown

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32206

NVD References: https://patchstack.com/database/wordpress/plugin/processing-projects/vulnerability/wordpress-processing-projects-plugin-1-0-2-arbitrary-file-upload-vulnerability?_s_id=cve

Product: InstaWP Connect

Active Installations: 20,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-2636

NVD References:

- https://plugins.trac.wordpress.org/browser/instawp-connect/trunk/includes/database-manager/loader.php#L77

- https://plugins.trac.wordpress.org/changeset/3269681/

- https://www.wordfence.com/threat-intel/vulnerabilities/id/4c8f2c6f-c231-477c-895b-df892569ef95?source=cve

Product: WPSmartContracts

Active Installations: 400+

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-31565

NVD References: https://patchstack.com/database/wordpress/plugin/wp-smart-contracts/vulnerability/wordpress-wpsmartcontracts-plugin-2-0-10-sql-injection-vulnerability?_s_id=cve

CVE-2025-31599 - Bulk Product Sync from n/a through 8.6 is vulnerable to SQL Injection due to improper neutralization of special elements in an SQL command.

Product: N-Media Bulk Product Sync

Active Installations: 700+

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-31599

NVD References: https://patchstack.com/database/wordpress/plugin/sync-wc-google/vulnerability/wordpress-bulk-product-sync-plugin-8-6-sql-injection-vulnerability?_s_id=cve

CVE-2025-32491 - Rankology SEO - On-site SEO allows Privilege Escalation due to Incorrect Privilege Assignment vulnerability, affecting versions n/a through 2.2.3.

Product: Rankology SEO Ð On-site SEO

Active Installations: This plugin has been closed as of April 10, 2025 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32491

NVD References: https://patchstack.com/database/wordpress/plugin/rankology-seo-all-in-one-seo-analytics/vulnerability/wordpress-rankology-seo-on-site-seo-2-2-3-privilege-escalation-vulnerability?_s_id=cve

CVE-2025-32565 - Neon Product Designer is vulnerable to SQL Injection from n/a through 2.1.1, allowing attackers to execute malicious SQL commands.

Product: vertim Neon Product Designer

Active Installations: 90+

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32565

NVD References: https://patchstack.com/database/wordpress/plugin/neon-product-designer-for-woocommerce/vulnerability/wordpress-neon-product-designer-plugin-2-1-1-unauthenticated-sql-injection-vulnerability?_s_id=cve

CVE-2025-32568 - EmpikPlace for Woocommerce is vulnerable to object injection through deserialization of untrusted data, impacting versions from n/a through 1.4.2.

Product: EmpikPlace for Woocommerce

Active Installations: 100+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32568

NVD References: https://patchstack.com/database/wordpress/plugin/empik-for-woocommerce/vulnerability/wordpress-empikplace-for-woocommerce-plugin-1-4-2-php-object-injection-vulnerability?_s_id=cve

CVE-2025-32569 - TableOn Ð WordPress Posts Table Filterable is affected by a vulnerability that allows Object Injection through the deserialization of untrusted data.

Product: RealMag777 TableOn - WordPress Posts Table Filterable

Active Installations: 300+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32569

NVD References: https://patchstack.com/database/wordpress/plugin/posts-table-filterable/vulnerability/wordpress-tableon-plugin-1-0-2-php-object-injection-vulnerability?_s_id=cve

CVE-2025-32577 - Build App Online allows PHP Local File Inclusion, enabling attackers to include files from a remote server and potentially execute malicious code, affecting versions from n/a through 1.0.23.

Product: hakeemnala Build App Online

Active Installations: 600+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32577

NVD References: https://patchstack.com/database/wordpress/plugin/build-app-online/vulnerability/wordpress-build-app-online-plugin-1-0-23-local-file-inclusion-vulnerability-2?_s_id=cve

CVE-2025-32579 - SoftClever Limited Sync Posts allows unauthorized upload of dangerous file types, potentially enabling attackers to upload web shells to a web server.

Product: SoftClever Limited Sync Posts

Active Installations: unknown

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32579

NVD References: https://patchstack.com/database/wordpress/plugin/sync-posts/vulnerability/wordpress-sync-posts-plugin-1-0-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2025-32603 - HK WP Online Users Stats is vulnerable to Blind SQL Injection due to improper neutralization of special elements in an SQL command.

Product: HK WP Online Users Stats

Active Installations: 100+

CVSS Score: 9.3 AtRiskScore 30

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32603

NVD References: https://patchstack.com/database/wordpress/plugin/wp-online-users-stats/vulnerability/wordpress-wp-online-users-stats-plugin-1-0-0-sql-injection-vulnerability?_s_id=cve

CVE-2025-32607 - Deserialization of Untrusted Data vulnerability in magepeopleteam WpBookingly allows Object Injection. This issue affects WpBookingly: from n/a through 1.2.0.

Product: magepeopleteam WpBookingly

Active Installations: 200+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32607

NVD References: https://patchstack.com/database/wordpress/plugin/service-booking-manager/vulnerability/wordpress-wpbookingly-plugin-1-2-0-php-object-injection-vulnerability?_s_id=cve

CVE-2025-3439 - The Everest Forms Ð Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.1.

Product: Everest Forms Contact Form Builder for WordPress

Active Installations: 100,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-3439

NVD References:

- https://plugins.trac.wordpress.org/browser/everest-forms/trunk/includes/admin/views/html-admin-page-entries-view.php#L147

- https://plugins.trac.wordpress.org/changeset/3268742/

- https://www.wordfence.com/threat-intel/vulnerabilities/id/0e5617a2-5670-4d98-a36b-942f71634642?source=cve

CVE-2025-30985 - Deserialization of Untrusted Data vulnerability in GNUCommerce allows Object Injection. This issue affects GNUCommerce: from n/a through 1.5.4.

Product: GNUCommerce

Active Installations: This plugin has been closed as of February 4, 2025 and is not available for download. Reason: Security Issue.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30985

NVD References: https://patchstack.com/database/wordpress/plugin/gnucommerce/vulnerability/wordpress-gnucommerce-plugin-1-5-4-php-object-injection-vulnerability?_s_id=cve

CVE-2025-26927 - EPC AI Hub allows malicious upload of web shells to a web server.

Product: EPC AI Hub

Active Installations: unknown

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26927

NVD References: https://patchstack.com/database/wordpress/theme/aihub/vulnerability/wordpress-ai-hub-plugin-1-3-3-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2025-30967 - WPJobBoard is susceptible to a CSRF vulnerability that allows attackers to upload a web shell to a web server, impacting versions from n/a through n/a.

Product: WPJobBoard

Active Installations: unknown. Update to version 5.11.1 or later

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30967

NVD References: https://patchstack.com/database/wordpress/plugin/wpjobboard/vulnerability/wordpress-wpjobboard-plugin-5-11-1-csrf-to-remote-code-execution-rce-vulnerability?_s_id=cve

Product: Rankology SEO Ð On-site SEO

Active Installations: This plugin has been closed as of April 10, 2025 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32491

NVD References: https://patchstack.com/database/wordpress/plugin/rankology-seo-all-in-one-seo-analytics/vulnerability/wordpress-rankology-seo-on-site-seo-2-2-3-privilege-escalation-vulnerability?_s_id=cve

Product: vertim Neon Product Designer

Active Installations: 90+

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32565

NVD References: https://patchstack.com/database/wordpress/plugin/neon-product-designer-for-woocommerce/vulnerability/wordpress-neon-product-designer-plugin-2-1-1-unauthenticated-sql-injection-vulnerability?_s_id=cve

Product: EmpikPlace for Woocommerce

Active Installations: 100+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32568

NVD References: https://patchstack.com/database/wordpress/plugin/empik-for-woocommerce/vulnerability/wordpress-empikplace-for-woocommerce-plugin-1-4-2-php-object-injection-vulnerability?_s_id=cve

Product: RealMag777 TableOn - WordPress Posts Table Filterable

Active Installations: 300+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32569

NVD References: https://patchstack.com/database/wordpress/plugin/posts-table-filterable/vulnerability/wordpress-tableon-plugin-1-0-2-php-object-injection-vulnerability?_s_id=cve

CVE-2025-32577 - Build App Online allows PHP Local File Inclusion, enabling attackers to include files from a remote server and potentially execute malicious code, affecting versions from n/a through 1.0.23.

Product: hakeemnala Build App Online

Active Installations: 600+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32577

NVD References: https://patchstack.com/database/wordpress/plugin/build-app-online/vulnerability/wordpress-build-app-online-plugin-1-0-23-local-file-inclusion-vulnerability-2?_s_id=cve

CVE-2025-32579 - SoftClever Limited Sync Posts allows unauthorized upload of dangerous file types, potentially enabling attackers to upload web shells to a web server.

Product: SoftClever Limited Sync Posts

Active Installations: unknown

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32579

NVD References: https://patchstack.com/database/wordpress/plugin/sync-posts/vulnerability/wordpress-sync-posts-plugin-1-0-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2025-32603 - HK WP Online Users Stats is vulnerable to Blind SQL Injection due to improper neutralization of special elements in an SQL command.

Product: HK WP Online Users Stats

Active Installations: 100+

CVSS Score: 9.3 AtRiskScore 30

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32603

NVD References: https://patchstack.com/database/wordpress/plugin/wp-online-users-stats/vulnerability/wordpress-wp-online-users-stats-plugin-1-0-0-sql-injection-vulnerability?_s_id=cve

CVE-2025-32607 - Deserialization of Untrusted Data vulnerability in magepeopleteam WpBookingly allows Object Injection. This issue affects WpBookingly: from n/a through 1.2.0.

Product: magepeopleteam WpBookingly

Active Installations: 200+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32607

NVD References: https://patchstack.com/database/wordpress/plugin/service-booking-manager/vulnerability/wordpress-wpbookingly-plugin-1-2-0-php-object-injection-vulnerability?_s_id=cve

CVE-2025-3439 - The Everest Forms Ð Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.1.

Product: Everest Forms Contact Form Builder for WordPress

Active Installations: 100,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-3439

NVD References:

- https://plugins.trac.wordpress.org/browser/everest-forms/trunk/includes/admin/views/html-admin-page-entries-view.php#L147

- https://plugins.trac.wordpress.org/changeset/3268742/

- https://www.wordfence.com/threat-intel/vulnerabilities/id/0e5617a2-5670-4d98-a36b-942f71634642?source=cve

CVE-2025-30985 - Deserialization of Untrusted Data vulnerability in GNUCommerce allows Object Injection. This issue affects GNUCommerce: from n/a through 1.5.4.

Product: GNUCommerce

Active Installations: This plugin has been closed as of February 4, 2025 and is not available for download. Reason: Security Issue.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30985

NVD References: https://patchstack.com/database/wordpress/plugin/gnucommerce/vulnerability/wordpress-gnucommerce-plugin-1-5-4-php-object-injection-vulnerability?_s_id=cve

CVE-2025-26927 - EPC AI Hub allows malicious upload of web shells to a web server.

Product: EPC AI Hub

Active Installations: unknown

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26927

NVD References: https://patchstack.com/database/wordpress/theme/aihub/vulnerability/wordpress-ai-hub-plugin-1-3-3-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2025-30967 - WPJobBoard is susceptible to a CSRF vulnerability that allows attackers to upload a web shell to a web server, impacting versions from n/a through n/a.

Product: WPJobBoard

Active Installations: unknown. Update to version 5.11.1 or later

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30967

NVD References: https://patchstack.com/database/wordpress/plugin/wpjobboard/vulnerability/wordpress-wpjobboard-plugin-5-11-1-csrf-to-remote-code-execution-rce-vulnerability?_s_id=cve

Product: HK WP Online Users Stats

Active Installations: 100+

CVSS Score: 9.3 AtRiskScore 30

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32603

NVD References: https://patchstack.com/database/wordpress/plugin/wp-online-users-stats/vulnerability/wordpress-wp-online-users-stats-plugin-1-0-0-sql-injection-vulnerability?_s_id=cve

CVE-2025-32607 - Deserialization of Untrusted Data vulnerability in magepeopleteam WpBookingly allows Object Injection. This issue affects WpBookingly: from n/a through 1.2.0.

Product: magepeopleteam WpBookingly

Active Installations: 200+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32607

NVD References: https://patchstack.com/database/wordpress/plugin/service-booking-manager/vulnerability/wordpress-wpbookingly-plugin-1-2-0-php-object-injection-vulnerability?_s_id=cve

CVE-2025-3439 - The Everest Forms Ð Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.1.

Product: Everest Forms Contact Form Builder for WordPress

Active Installations: 100,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-3439

NVD References:

- https://plugins.trac.wordpress.org/browser/everest-forms/trunk/includes/admin/views/html-admin-page-entries-view.php#L147

- https://plugins.trac.wordpress.org/changeset/3268742/

- https://www.wordfence.com/threat-intel/vulnerabilities/id/0e5617a2-5670-4d98-a36b-942f71634642?source=cve

CVE-2025-30985 - Deserialization of Untrusted Data vulnerability in GNUCommerce allows Object Injection. This issue affects GNUCommerce: from n/a through 1.5.4.

Product: GNUCommerce

Active Installations: This plugin has been closed as of February 4, 2025 and is not available for download. Reason: Security Issue.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30985

NVD References: https://patchstack.com/database/wordpress/plugin/gnucommerce/vulnerability/wordpress-gnucommerce-plugin-1-5-4-php-object-injection-vulnerability?_s_id=cve

CVE-2025-26927 - EPC AI Hub allows malicious upload of web shells to a web server.

Product: EPC AI Hub

Active Installations: unknown

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26927

NVD References: https://patchstack.com/database/wordpress/theme/aihub/vulnerability/wordpress-ai-hub-plugin-1-3-3-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2025-30967 - WPJobBoard is susceptible to a CSRF vulnerability that allows attackers to upload a web shell to a web server, impacting versions from n/a through n/a.

Product: WPJobBoard

Active Installations: unknown. Update to version 5.11.1 or later

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30967

NVD References: https://patchstack.com/database/wordpress/plugin/wpjobboard/vulnerability/wordpress-wpjobboard-plugin-5-11-1-csrf-to-remote-code-execution-rce-vulnerability?_s_id=cve

Product: Everest Forms Contact Form Builder for WordPress

Active Installations: 100,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-3439

NVD References:

- https://plugins.trac.wordpress.org/browser/everest-forms/trunk/includes/admin/views/html-admin-page-entries-view.php#L147

- https://plugins.trac.wordpress.org/changeset/3268742/

- https://www.wordfence.com/threat-intel/vulnerabilities/id/0e5617a2-5670-4d98-a36b-942f71634642?source=cve

Product: GNUCommerce

Active Installations: This plugin has been closed as of February 4, 2025 and is not available for download. Reason: Security Issue.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30985

NVD References: https://patchstack.com/database/wordpress/plugin/gnucommerce/vulnerability/wordpress-gnucommerce-plugin-1-5-4-php-object-injection-vulnerability?_s_id=cve

Product: EPC AI Hub

Active Installations: unknown

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26927

NVD References: https://patchstack.com/database/wordpress/theme/aihub/vulnerability/wordpress-ai-hub-plugin-1-3-3-arbitrary-file-upload-vulnerability?_s_id=cve

Product: WPJobBoard

Active Installations: unknown. Update to version 5.11.1 or later

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30967

NVD References: https://patchstack.com/database/wordpress/plugin/wpjobboard/vulnerability/wordpress-wpjobboard-plugin-5-11-1-csrf-to-remote-code-execution-rce-vulnerability?_s_id=cve