RiteCMS v3
Description
RiteCMS v3
Remediation
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Search and filter 17282 vulnerabilities with AI analyst insights
RiteCMS v3
RiteCMS v3
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Incorrect access control in the /templates/ component of RiteCMS v3
Incorrect access control in the /templates/ component of RiteCMS v3
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
An Insecure Direct Object Reference (IDOR) in Pagekit CMS v1.0.18 allows attackers to escalate privileges.
An Insecure Direct Object Reference (IDOR) in Pagekit CMS v1.0.18 allows attackers to escalate privileges.
Update An Insecure Direct Object Reference Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
An authenticated arbitrary file upload vulnerability in the /storage/poc.php component of Pagekit CMS v1.0.18 allows attackers to execute arbitrary co...
An authenticated arbitrary file upload vulnerability in the /storage/poc.php component of Pagekit CMS v1.0.18 allows attackers to execute arbitrary code via uploading a crafted PHP file.
Executive Summary:
A critical vulnerability has been identified in Pagekit CMS, which allows an authenticated attacker to upload a malicious file and execute arbitrary code on the server. Successful exploitation could lead to a complete compromise of the affected system, resulting in data theft, service disruption, and further network intrusion. Due to the critical severity (CVSS 9.9), immediate remediation is required to prevent potential system takeovers.
Vulnerability Details
CVE-ID: CVE-2025-67164
Affected Software: Pagekit CMS
Affected Versions: v1.0.18 and prior versions.
Vulnerability: This vulnerability is an arbitrary file upload weakness within a component of Pagekit CMS. The file upload mechanism fails to properly validate the types of files being uploaded, allowing an authenticated user to bypass security checks and upload a file with a dangerous extension, such as .php. An attacker can upload a crafted PHP script disguised as a legitimate file, and once the upload is complete, they can access the script via its URL to execute arbitrary commands on the server with the privileges of the web service account.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.9. A successful exploit would grant an attacker full control over the web application and potentially the underlying server. This could lead to severe business consequences, including the theft of sensitive data (customer information, credentials, intellectual property), website defacement, deployment of ransomware, or the use of the compromised server to attack other systems. The potential for reputational damage, regulatory fines, and financial loss is significant, as the vulnerability compromises the confidentiality, integrity, and availability of the affected asset.
Remediation Plan
Immediate Action: Update Pagekit CMS to the latest patched version immediately as recommended by the vendor. All internet-facing instances should be prioritized for patching. After patching, review web-accessible directories for any suspicious or unrecognized files that may have been uploaded prior to the update.
Proactive Monitoring: Monitor web server access logs for patterns indicative of exploitation, such as POST requests to file upload endpoints followed by GET requests to newly created .php files, especially in storage or upload directories. Implement alerts for unusual outbound network connections from the web server and monitor for unexpected processes running under the web server's user context.
Compensating Controls: If patching cannot be immediately deployed, implement the following controls:
.php, .phtml, etc.).Exploitation Status
Public Exploit Available: False
Analyst Notes: As of the publication date (December 17, 2025), there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, arbitrary file upload vulnerabilities are trivial to exploit once discovered. The requirement for authentication reduces the attack surface but does not eliminate the risk, as credentials can be stolen, leaked, or belong to a malicious insider. Threat actors are expected to develop and deploy exploits for this vulnerability rapidly.
Analyst Recommendation
This vulnerability represents a critical risk to the organization and must be addressed with the highest priority. Although it requires authentication, the near-maximum CVSS score of 9.9 underscores the severe potential for a complete system compromise. While this CVE is not currently on the CISA KEV list, its critical nature warrants immediate action. We strongly recommend that all vulnerable Pagekit CMS instances be patched immediately. If patching is delayed, the compensating controls listed above must be implemented as a temporary measure while actively monitoring for any signs of exploitation.
Update An authenticated arbitrary file upload vulnerability in the Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
The LatePoint WordPress plugin before 5.1.94 is vulnerable to Local File Inclusion via the layout parameter. This makes it possible for attackers to...
The LatePoint WordPress plugin before 5.1.94 is vulnerable to Local File Inclusion via the layout parameter. This makes it possible for attackers to include and execute PHP files on the server, allow...
Executive Summary:
A critical vulnerability has been identified in the LatePoint WordPress plugin, assigned CVE-2025-6715 with a CVSS score of 9.8. This flaw allows an unauthenticated attacker to include and execute arbitrary code on the server by manipulating a specific parameter. Successful exploitation could lead to a complete compromise of the website, resulting in data theft, service disruption, and further network intrusion.
Vulnerability Details
CVE-ID: CVE-2025-6715
Affected Software: The LatePoint WordPress plugin
Affected Versions: All versions prior to 5.1.94
Vulnerability: The plugin is vulnerable to a Local File Inclusion (LFI) flaw in the layout parameter. An attacker can craft a malicious web request that uses this parameter to specify a file path on the server. Because the input is not properly sanitized, the application will include and execute the contents of the specified PHP file, leading to Remote Code Execution (RCE). This type of attack does not require authentication, making it easy to exploit via automated scanning tools.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8, posing a significant and immediate threat to the organization. Exploitation can lead to a complete compromise of the web server, granting an attacker full control. Potential consequences include unauthorized access to and exfiltration of sensitive data (e.g., customer PII, appointment details, internal documents), website defacement, deployment of ransomware, and the use of the compromised server as a pivot point to attack other internal systems. This can result in severe reputational damage, financial loss, regulatory fines, and operational downtime.
Remediation Plan
Immediate Action: Update the LatePoint WordPress plugin to the patched version 5.1.94 or the latest available version immediately. After updating, verify that the website is functioning correctly.
Proactive Monitoring: System administrators should actively monitor web server access logs for any requests targeting the LatePoint plugin that contain the layout parameter with suspicious values, such as path traversal sequences (../), absolute file paths, or PHP wrappers (php://). Monitor for any unexpected file modifications or outbound network connections from the web server.
Compensating Controls: If patching cannot be performed immediately, implement the following controls:
Exploitation Status
Public Exploit Available: true
Analyst Notes: As of Aug 13, 2025, this CVE is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. However, LFI vulnerabilities in popular WordPress plugins are trivial to exploit and are prime targets for automated attacks. Proof-of-concept (PoC) code is readily available, and widespread scanning for this vulnerability is expected.
Analyst Recommendation
Given the critical severity (CVSS 9.8) and the availability of a public exploit, immediate remediation is essential. All organizations using the vulnerable versions of the LatePoint plugin must prioritize installing the security update without delay. Due to the high risk of a full system compromise, it is strongly recommended to perform a compromise assessment after patching to ensure the server has not already been breached. Although not currently on the CISA KEV list, the nature of this vulnerability makes it a prime candidate for future inclusion and active exploitation by threat actors.
Update The LatePoint WordPress plugin before Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Multiple SQL Injection vulnerabilities exist in amansuryawanshi Gym-Management-System-PHP 1.0 via the 'name', 'email', and 'comment' parameters in (1)...
Multiple SQL Injection vulnerabilities exist in amansuryawanshi Gym-Management-System-PHP 1.0 via the 'name', 'email', and 'comment' parameters in (1) submit_contact.php, the 'username' and 'pass_key' parameters in (2) secure_login.php, and the 'login_id', 'pwfield', and 'login_key' parameters in (3) change_s_pwd.php. An unauthenticated or authenticated attacker can exploit these issues to bypass authentication, execute arbitrary SQL commands, modify database records, delete data, or escalate privileges to administrator level.
Executive Summary:
A set of critical SQL Injection vulnerabilities has been identified in the amansuryawanshi Gym-Management-System-PHP software. These flaws allow an attacker, with or without prior authentication, to execute malicious database commands, potentially leading to a complete compromise of the system's data, user accounts, and administrative functions. Due to the critical severity and the potential for unauthenticated exploitation, immediate remediation is required to prevent data breaches and unauthorized access.
Vulnerability Details
CVE-ID: CVE-2025-67147
Affected Software: amansuryawanshi Gym-Management-System-PHP
Affected Versions: 1.0
Vulnerability: The application fails to properly sanitize user-supplied input in multiple parameters across three different PHP files. An attacker can inject malicious SQL queries into these parameters, which are then executed by the back-end database. The specific vulnerable locations are:
submit_contact.php: via the 'name', 'email', and 'comment' parameters.secure_login.php: via the 'username' and 'pass_key' parameters.change_s_pwd.php: via the 'login_id', 'pwfield', and 'login_key' parameters.secure_login.php) or an authenticated attacker to escalate privileges and manipulate data (change_s_pwd.php).Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation could have a severe impact on the business, leading to a significant data breach of member information, including personally identifiable information (PII). An attacker could read, modify, or delete any data within the application's database, disrupt operations, and escalate their privileges to a full system administrator. This level of compromise poses a direct risk of financial loss, reputational damage, and potential regulatory penalties related to data protection.
Remediation Plan
Immediate Action: Update the amansuryawanshi Gym-Management-System-PHP to the latest version provided by the vendor, which addresses these vulnerabilities. After patching, it is crucial to monitor for any signs of exploitation attempts that may have occurred and review web server and database access logs for suspicious activity.
Proactive Monitoring: Security teams should actively monitor web server logs for requests to submit_contact.php, secure_login.php, and change_s_pwd.php containing SQL syntax like UNION, SELECT, --, OR 1=1, or sleep/benchmark commands. Monitor database logs for unusual or unauthorized queries. An increase in failed login attempts or the creation of unauthorized administrative accounts should be investigated immediately.
Compensating Controls: If immediate patching is not feasible, deploy a Web Application Firewall (WAF) with rulesets designed to block common SQL Injection attack patterns. Restrict access to the application from untrusted networks and ensure the database user account used by the application operates with the principle of least privilege, limiting its ability to modify schema or access other databases.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of the publication date, Jan 12, 2026, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, SQL Injection is a well-understood vulnerability class, and proof-of-concept exploits can be developed easily. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog at this time.
Analyst Recommendation
Given the critical CVSS score of 9.8 and the fact that some vectors are exploitable by an unauthenticated attacker, this vulnerability represents a significant and immediate risk to the organization. We strongly recommend that all instances of amansuryawanshi Gym-Management-System-PHP 1.0 be identified and patched to the latest version with the highest priority. Although not currently on the CISA KEV list, the ease of exploitation requires that this vulnerability be treated as an active threat.
Update Multiple SQL Injection vulnerabilities exist in amansuryawanshi Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Multiple SQL Injection vulnerabilities exist in AbhishekMali21 GYM-MANAGEMENT-SYSTEM 1.0 via the 'name' parameter in (1) member_search.php, (2) traine...
Multiple SQL Injection vulnerabilities exist in AbhishekMali21 GYM-MANAGEMENT-SYSTEM 1.0 via the 'name' parameter in (1) member_search.php, (2) trainer_search.php, and (3) gym_search.php, and via the 'id' parameter in (4) payment_search.php. An unauthenticated remote attacker can exploit these issues to inject malicious SQL commands, leading to unauthorized data extraction, authentication bypass, or modification of database contents.
Executive Summary:
A critical set of unauthenticated SQL Injection vulnerabilities has been identified in the GYM-MANAGEMENT-SYSTEM software. These flaws allow a remote attacker, without needing any login credentials, to inject malicious database commands to steal, modify, or delete sensitive information, potentially leading to a complete compromise of the application's database.
Vulnerability Details
CVE-ID: CVE-2025-67146
Affected Software: AbhishekMali21 GYM-MANAGEMENT-SYSTEM
Affected Versions: 1.0
Vulnerability: The application is vulnerable to SQL Injection because it fails to properly sanitize user-supplied input in specific parameters before using them in SQL queries. An unauthenticated remote attacker can send specially crafted requests to the 'name' parameter in member_search.php, trainer_search.php, and gym_search.php, or to the 'id' parameter in payment_search.php. By embedding malicious SQL commands within these parameters, the attacker can execute arbitrary queries against the backend database, allowing for data exfiltration, authentication bypass, and unauthorized modification or deletion of database records.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.4, reflecting the high potential for significant damage. Successful exploitation could lead to a severe data breach, exposing sensitive personal and financial information of gym members and staff. The direct business impact includes reputational damage, financial loss, regulatory fines for non-compliance with data protection standards (e.g., GDPR, CCPA), and the operational disruption required for incident response and system restoration.
Remediation Plan
Immediate Action: Immediately update the GYM-MANAGEMENT-SYSTEM to the latest patched version provided by the vendor to resolve these vulnerabilities. After patching, it is crucial to monitor for any signs of exploitation attempts by reviewing web server and database access logs for suspicious activity targeting the vulnerable PHP files.
Proactive Monitoring: Implement continuous monitoring of web server logs, specifically looking for requests to member_search.php, trainer_search.php, gym_search.php, and payment_search.php that contain SQL keywords (e.g., UNION, SELECT, OR 1=1, --) or unusual character strings in the 'name' and 'id' parameters. Monitor database logs for unexpected queries or anomalous access patterns.
Compensating Controls: If immediate patching is not feasible, deploy a Web Application Firewall (WAF) with a strict ruleset designed to detect and block SQL injection attacks. Additionally, enforce the principle of least privilege by ensuring the database user account leveraged by the web application has the minimum necessary permissions, preventing it from performing destructive actions like dropping tables.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of the published date, January 12, 2026, there are no known public proof-of-concept exploits or active exploitation campaigns targeting this vulnerability. However, due to the ease of exploitation for unauthenticated SQL injection flaws, threat actors are likely to develop exploits rapidly.
Analyst Recommendation
Given the critical CVSS score of 9.4 and the fact that this vulnerability can be exploited by an unauthenticated attacker, immediate remediation is strongly recommended. Organizations must prioritize applying the vendor-supplied patch to all affected systems. Although this vulnerability is not currently on the CISA KEV list, its severity and the potential for a high-impact data breach warrant urgent attention and action.
Update Multiple SQL Injection vulnerabilities exist in Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
An issue in Hero Motocorp Vida V1 Pro 2
An issue in Hero Motocorp Vida V1 Pro 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
An unauthorized user may leverage a specially crafted aggregation pipeline to access data without proper authorization due to improper handling of the...
An unauthorized user may leverage a specially crafted aggregation pipeline to access data without proper authorization due to improper handling of the $mergeCursors stage in MongoDB Server
Executive Summary:
A high-severity vulnerability has been identified in multiple products, which could allow an attacker to bypass security controls and access sensitive data. An authenticated but low-privileged user can leverage a specially crafted query to read and potentially modify data they are not authorized to see, posing a significant risk to data confidentiality and integrity.
Vulnerability Details
CVE-ID: CVE-2025-6713
Affected Software: Multiple Products
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability stems from an improper authorization check within the aggregation pipeline feature of the affected products. An authenticated attacker with low-level privileges can construct a specially crafted aggregation pipeline query. When the system processes this malicious pipeline, it fails to properly enforce access controls, allowing the attacker to read and potentially modify data in collections that would normally be restricted, effectively bypassing the intended security model.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 7.7. Successful exploitation could lead to a significant data breach, exposing sensitive customer information, intellectual property, or internal corporate data. The ability for an attacker to not only read but also potentially modify data (High Confidentiality and Integrity impact) poses a severe risk. This could result in regulatory fines (e.g., under GDPR, CCPA), reputational damage, loss of customer trust, and operational disruption if critical data is altered.
Remediation Plan
Immediate Action: Organizations should prioritize applying the security patches provided by the vendor across all affected products as soon as possible. Refer to the vendor's security advisory for specific patch information and installation instructions.
Proactive Monitoring: Monitor application and database logs for unusual or overly complex aggregation pipeline queries, particularly those originating from low-privileged user accounts. Implement alerts for frequent access denial errors, which could indicate reconnaissance or exploitation attempts. Analyze user access patterns for anomalies, such as an account suddenly accessing data collections or fields outside its normal scope of operations.
Compensating Controls: If patching is not immediately feasible, consider restricting or disabling the use of complex aggregation features for non-essential or low-privileged users. Implement a Database Firewall or Web Application Firewall (WAF) with rules designed to inspect and block known malicious pipeline structures. Enforce the principle of least privilege by reviewing and ensuring user accounts only have the absolute minimum permissions required for their roles.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of today's date, there are no known public exploits or active exploitation campaigns targeting this vulnerability. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog. However, given the nature of authorization bypasses, private exploits could be developed and used by threat actors in targeted attacks.
Analyst Recommendation
Given the High severity rating (CVSS 7.7) and the potential for a significant data breach, we strongly recommend that organizations identify all affected products within their environment and apply the vendor-supplied patches on an expedited basis. While this vulnerability is not currently listed in the CISA KEV catalog, its high impact on data confidentiality and integrity makes it an attractive target for attackers. Proactive patching is the most effective defense and should be treated as a high priority.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands...
Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges.
Executive Summary:
A critical vulnerability has been identified in Eclipse Cyclone DDS, a widely used data distribution service. This flaw allows an unauthenticated attacker to bypass certificate validation, enabling them to execute arbitrary commands with the highest system privileges, leading to a complete compromise of the affected system. Organizations using the affected software are at immediate risk of data theft, operational disruption, and further network intrusion.
Vulnerability Details
CVE-ID: CVE-2025-67109
Affected Software: Eclipse Cyclone DDS
Affected Versions: Versions prior to v0.10.5
Vulnerability: The vulnerability exists due to an improper verification of the timestamp or validity period of a security certificate. An attacker can present a specially crafted or expired certificate to a vulnerable system running Eclipse Cyclone DDS. The software fails to correctly reject this invalid certificate, allowing the attacker to successfully impersonate a legitimate entity and establish a trusted communication channel. Once authenticated, the attacker can leverage this position to execute arbitrary commands on the underlying operating system with SYSTEM-level privileges.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 10.0, representing the highest possible risk. Successful exploitation results in a complete loss of confidentiality, integrity, and availability of the affected system. An attacker can exfiltrate sensitive data, deploy ransomware, manipulate or destroy critical information, and disrupt core business operations that rely on the DDS service. Furthermore, a compromised system can be used as a pivot point to launch further attacks against the internal network, significantly expanding the scope of the breach.
Remediation Plan
Immediate Action: All instances of Eclipse Cyclone DDS must be immediately upgraded to version v0.10.5 or later, as recommended by the vendor. After patching, system administrators should review system and application logs for any signs of compromise, such as unusual command executions or unexpected network connections originating from the DDS service.
Proactive Monitoring: Implement enhanced monitoring on systems running Cyclone DDS. Security teams should look for anomalies in network traffic, specifically unexpected connections to DDS ports, and monitor for any new processes spawned by the DDS service, especially those running with elevated privileges. Configure logging to capture all certificate validation attempts (both successful and failed) and alert on repeated failures or unusual certificate parameters.
Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce the risk of exploitation:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of the publication date, Dec 23, 2025, there are no known public proof-of-concept exploits or active exploitation campaigns targeting this vulnerability. However, due to the critical CVSS score of 10.0 and the simplicity of the attack vector, it is highly likely that threat actors will develop and deploy exploits rapidly.
Analyst Recommendation
Given the critical severity of this vulnerability, which allows for a full system compromise, organizations must treat this as a top priority. The potential for complete control of affected systems necessitates immediate action. We strongly recommend applying the vendor-provided patch to all vulnerable systems without delay. Although this CVE is not currently on the CISA KEV list, its high impact score makes it a prime candidate for future inclusion and a lucrative target for attackers.
Update Improper verification of the time certificate in Eclipse Cyclone DDS before Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
eProsima Fast-DDS v3.3 was discovered to contain improper validation for ticket revocation, resulting in insecure communications and connections.
eProsima Fast-DDS v3.3 was discovered to contain improper validation for ticket revocation, resulting in insecure communications and connections.
Executive Summary:
A critical vulnerability has been discovered in eProsima Fast-DDS, a component used in multiple eProsima products. This flaw allows an attacker to use revoked security credentials to establish unauthorized connections, completely bypassing security measures. Successful exploitation could lead to data theft, system compromise, and disruption of critical operations that rely on the affected software.
Vulnerability Details
CVE-ID: CVE-2025-67108
Affected Software: eProsima Multiple Products
Affected Versions: eProsima Fast-DDS v3.3 is known to be affected. See vendor advisory for a comprehensive list of all affected products and versions.
Vulnerability: The vulnerability exists due to an improper validation process for security ticket revocation within the DDS Security plugins. When a security ticket or credential is revoked, the system fails to correctly check its status, treating it as if it were still valid. An attacker in possession of a previously valid but now revoked ticket can present it to an affected system to successfully authenticate and establish an insecure communication channel, gaining unauthorized access to the DDS domain.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 10, indicating the highest possible risk. Exploitation could lead to a complete compromise of confidentiality, integrity, and availability for systems relying on the eProsima middleware. Potential consequences include unauthorized access to sensitive data streams, man-in-the-middle attacks to intercept or manipulate real-time data, and denial-of-service against critical infrastructure such as industrial control systems, robotics, or autonomous vehicles. This poses a significant risk of operational disruption, intellectual property theft, and potential safety incidents.
Remediation Plan
Immediate Action: The primary remediation is to apply vendor-supplied patches immediately. Organizations must update eProsima Multiple Products to the latest version as specified in the official eProsima security advisory. After patching, it is crucial to monitor for any further exploitation attempts and review historical access and authentication logs for signs of compromise.
Proactive Monitoring: Implement enhanced monitoring on network segments where DDS traffic is present. Look for unusual or unexpected connection attempts, especially from endpoints that should be decommissioned or have had their access revoked. Monitor authentication logs for successful connections originating from sources associated with revoked credentials. Anomaly-based network intrusion detection systems may help identify malicious activity.
Compensating Controls: If immediate patching is not feasible, implement compensating controls to reduce risk. Enforce strict network segmentation to isolate vulnerable systems from untrusted networks. Utilize firewalls and access control lists (ACLs) to restrict DDS communication exclusively to a whitelist of known, trusted IP addresses and ports.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of the publication date, December 23, 2025, there are no known public proof-of-concept exploits or active exploitation campaigns targeting this vulnerability. However, given the critical CVSS score of 10, it is highly likely that threat actors will prioritize developing exploits.
Analyst Recommendation
This vulnerability represents a critical and immediate threat to the organization. Due to the perfect CVSS score of 10, it must be treated with the highest priority. Although this CVE is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog, its severity warrants immediate action. We strongly recommend that all affected eProsima products be patched immediately. If patching is delayed, the compensating controls outlined above must be implemented without delay to mitigate the severe risk of system compromise and data exposure.
Update eProsima Multiple Products to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
A command injection vulnerability exists in the GL-iNet GL-AXT1800 router firmware v4
A command injection vulnerability exists in the GL-iNet GL-AXT1800 router firmware v4
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
File upload vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute code through the MSL engine of the Imagick library via...
File upload vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute code through the MSL engine of the Imagick library via crafted PDF file to the file upload and thumbnail functions.
---METADATA---
VENDOR: Omnispace
PRODUCT: Agora Project
AFFECTED_VERSIONS: Before 25.10
CONFIDENCE: high
MISSING: patch, exploit_status
---END_METADATA---
Description Summary:
A file upload vulnerability in the Agora Project allows remote code execution via a crafted PDF processed by the Imagick library's MSL engine.
Executive Summary:
A critical file upload vulnerability in the Omnispace Agora Project enables remote attackers to execute arbitrary code, posing a severe threat to system security.
Vulnerability Details
CVE-ID: CVE-2025-67079
Affected Software: Omnispace Agora Project
Affected Versions: Before 25.10
Vulnerability: The application fails to properly validate files uploaded through thumbnail and upload functions. By submitting a crafted PDF, an attacker can trigger the Imagick library's MSL engine to execute malicious commands on the server.
Business Impact
Successful exploitation allows an attacker to gain remote code execution capabilities, potentially leading to full system compromise and unauthorized data access. The CVSS score of 9.8 confirms the extreme severity, as this flaw provides a direct vector for attackers to gain a foothold within the corporate network.
Remediation Plan
Immediate Action: Upgrade the Omnispace Agora Project to version 25.10 or later to ensure the file validation logic is correctly updated.
Proactive Monitoring: Monitor server-side process creation events and check for unexpected execution of shell commands or scripts originating from the web application directory.
Compensating Controls: Configure the web server to disable the execution of scripts in upload directories and implement strict file type validation to reject non-image file formats.
Exploitation Status
Public Exploit Available: Not specified
Analyst Notes: As of Jan 15, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
This vulnerability is highly dangerous due to the ease with which it can be triggered via standard file upload functions. Organizations using the Agora Project must upgrade to version 25.10 immediately to eliminate this remote code execution vector.
Update File upload vulnerability in Omnispace Agora Project before Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
File upload vulnerability in Omnispace Agora Project before 25
File upload vulnerability in Omnispace Agora Project before 25
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Directory traversal vulnerability in Omnispace Agora Project before 25
Directory traversal vulnerability in Omnispace Agora Project before 25
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of...
A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload (field `serviceName`) to /goform/AdvSetMacMtuWan.
Executive Summary:
A critical buffer overflow vulnerability has been identified in multiple Tenda networking products. An unauthenticated remote attacker can exploit this flaw by sending a specially crafted web request, which could cause the device to crash or potentially allow the attacker to take complete control. This presents a severe risk of network disruption, data interception, and further intrusions into the connected network.
Vulnerability Details
CVE-ID: CVE-2025-67073
Affected Software: Tenda Multiple Products (httpd service)
Affected Versions: Tenda AC10V4.0 V16.03.10.20 is confirmed to be affected. See vendor advisory for a complete list of specific affected products and versions.
Vulnerability: This is a buffer overflow vulnerability located in the fromAdvSetMacMtuWan function within the device's httpd web server binary. An unauthenticated remote attacker can trigger this vulnerability by sending a specifically crafted POST request to the /goform/AdvSetMacMtuWan endpoint. The function does not properly validate the length of the user-supplied input for the serviceName field. By providing an overly long string in this field, an attacker can overwrite adjacent memory on the stack, leading to a crash (Denial of Service) or, with a carefully constructed payload, arbitrary code execution with the privileges of the web server process.
Business Impact
This vulnerability is rated as critical with a CVSS score of 9.8, reflecting the high potential for significant damage. Successful exploitation could grant an attacker complete control over the affected network device. This could lead to severe business consequences, including the interception of sensitive network traffic, redirection of users to malicious websites, modification of network configurations, and using the compromised device as a pivot point to attack other systems on the internal network. The most immediate impact is the potential for a Denial of Service, which would disrupt all internet and network connectivity for users relying on the device.
Remediation Plan
Immediate Action: Update the firmware on all affected Tenda devices to the latest version provided by the vendor. After applying the update, monitor for any further exploitation attempts and review web access logs for indicators of compromise preceding the patch.
Proactive Monitoring:
/goform/AdvSetMacMtuWan URI.serviceName parameter or requests that resulted in server errors or crashes.httpd service.Compensating Controls:
serviceName parameter sent to the vulnerable endpoint.Exploitation Status
Public Exploit Available: false
Analyst Notes: As of December 17, 2025, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, given the nature of buffer overflow vulnerabilities in widely deployed consumer networking equipment, it is highly likely that a functional proof-of-concept exploit will be developed and made public in the near future.
Analyst Recommendation
This vulnerability represents a critical risk to the organization due to its high severity and potential for remote code execution. Immediate patching of all affected Tenda devices should be considered the highest priority. While this vulnerability is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog, its critical CVSS score warrants urgent attention. Organizations should apply the vendor-supplied firmware updates without delay and implement the recommended monitoring and compensating controls to mitigate risk.
Update A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
A vulnerability exists in Intelbras CFTV IP NVD 9032 R Ftd V2
A vulnerability exists in Intelbras CFTV IP NVD 9032 R Ftd V2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
The Lantronix EDS3000PS Filesystem Browser page contains a command injection vulnerability in the TFTP client host parameter, allowing root-level arbi...
The Lantronix EDS3000PS Filesystem Browser page contains a command injection vulnerability in the TFTP client host parameter, allowing root-level arbitrary command execution.
---METADATA---
VENDOR: Lantronix
PRODUCT: EDS3000PS
AFFECTED_VERSIONS: 3.1.0.0R2
---END_METADATA---
Description Summary:
The Lantronix EDS3000PS Filesystem Browser page contains a command injection vulnerability in the TFTP client host parameter, allowing root-level arbitrary command execution.
Executive Summary:
A critical command injection vulnerability in Lantronix EDS3000PS device servers allows attackers to execute arbitrary commands with root privileges, leading to full device compromise.
Vulnerability Details
CVE-ID: CVE-2025-67041
Affected Software: Lantronix EDS3000PS
Affected Versions: 3.1.0.0R2
Vulnerability: The host parameter within the TFTP client on the Filesystem Browser page is not properly sanitized. An attacker can use shell metacharacters to escape the intended command and execute arbitrary system commands with root-level authority on the device.
Business Impact
This vulnerability allows for the complete takeover of the device server. Since these devices often bridge serial equipment to IP networks, a compromise could result in the loss of control over industrial or medical equipment. The CVSS score of 9.8 reflects the extreme severity of achieving root access via a network-based attack.
Remediation Plan
Immediate Action: Update the Lantronix EDS3000PS firmware to the latest version provided by the vendor.
Proactive Monitoring: Monitor the web management interface for unusual input patterns in the TFTP configuration fields and review system logs for unauthorized root access.
Compensating Controls: Disable the web management interface if not required, or restrict access to the management IP using a dedicated management VLAN and hardware firewall.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of Mar 11, 2026, there is no public information indicating active exploitation. Command injection in industrial communication devices is a high-value target for actors seeking to disrupt critical operations.
Analyst Recommendation
Root-level command injection poses a terminal risk to device security. It is imperative that all affected Lantronix units are updated immediately. If a patch is not available, the device should be shielded from the network to prevent exploitation.
Update Unknown Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
An arbitrary file writing vulnerability in the Secure PDF eXchange (SPX) feature of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to...
An arbitrary file writing vulnerability in the Secure PDF eXchange (SPX) feature of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to pre-auth remote code execution, if a specific conf...
Executive Summary:
A critical vulnerability, identified as CVE-2025-6704, has been discovered in Sophos Firewall. This flaw allows an unauthenticated remote attacker to write arbitrary files to the device, which can be leveraged to execute code and gain full control of the firewall. Successful exploitation could lead to a complete compromise of the network perimeter, enabling data theft, network disruption, and further intrusions into the internal network.
Vulnerability Details
CVE-ID: CVE-2025-6704
Affected Software: Sophos Firewall
Affected Versions: Versions older than 21.0 MR2 (21.0.2)
Vulnerability: The vulnerability is an arbitrary file write flaw within the Secure PDF eXchange (SPX) feature of the Sophos Firewall. An unauthenticated attacker can send a specially crafted request to the firewall's user portal or webadmin interface to exploit this flaw. By manipulating the SPX functionality, the attacker can write a file with arbitrary content to any location on the firewall's filesystem, leading to pre-authentication remote code execution (RCE).
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8. A successful exploit would grant an attacker complete administrative control over the affected firewall. The business impact is severe, as a compromised perimeter firewall can lead to unauthorized access to the entire internal network, theft of sensitive data, deployment of ransomware, significant business downtime, and severe reputational damage. Because the vulnerability is exploitable without authentication, any vulnerable device exposed to the internet is at immediate and high risk of compromise.
Remediation Plan
Immediate Action: Immediately update all vulnerable Sophos Firewall instances to the patched version 21.0 MR2 (21.0.2) or a later release. After patching, it is crucial to monitor for any signs of post-exploitation activity and review historical access logs for potential indicators of compromise.
Proactive Monitoring: Security teams should monitor for unusual or anomalous requests targeting the firewall's SPX service. Specifically, look for unexpected file creation or modification in critical system directories (e.g., /etc, /tmp, web server root directories). Monitor for unexpected outbound network connections originating from the firewall itself, which could indicate a successful compromise.
Compensating Controls: If patching cannot be performed immediately, restrict access to the Sophos Firewall's User Portal and Webadmin interfaces to a limited set of trusted IP addresses. If the Secure PDF eXchange (SPX) feature is not in use, consider disabling it entirely as a temporary mitigating control until the patch can be applied.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of Jul 21, 2025, there are no known public proof-of-concept exploits, and the vulnerability is not reported to be actively exploited in the wild. However, due to the critical CVSS score of 9.8 and the pre-authentication remote code execution attack vector, it is highly probable that threat actors will develop and deploy exploits rapidly. This vulnerability is not currently on the CISA Known Exploited Vulnerabilities (KEV) catalog.
Analyst Recommendation
Given the critical severity of this pre-authentication RCE vulnerability, we strongly recommend that organizations treat this as an emergency. The risk of a full network compromise is extremely high for any unpatched, internet-facing Sophos Firewall. Organizations must prioritize the immediate application of the vendor-supplied patch (version 21.0.2 or newer) to all affected devices to prevent exploitation.
Update An arbitrary file writing vulnerability in the Secure PDF eXchange Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
The Lantronix EDS5000 contains a code injection vulnerability that is currently being actively exploited in the wild.
The Lantronix EDS5000 contains a code injection vulnerability that is currently being actively exploited in the wild.
---METADATA---
VENDOR: Lantronix
PRODUCT: EDS5000
AFFECTED_VERSIONS: See vendor advisory
---END_METADATA---
Description Summary:
The Lantronix EDS5000 contains a code injection vulnerability that is currently being actively exploited in the wild.
Executive Summary:
A critical code injection vulnerability in Lantronix EDS5000 devices allows for remote command execution and is currently being exploited in the wild.
Vulnerability Details
CVE-ID: CVE-2025-67038
Affected Software: Lantronix EDS5000
Affected Versions: See vendor advisory
Vulnerability: This is a code injection vulnerability that allows an attacker to execute arbitrary commands on the underlying system. The flaw is exploitable by an unauthenticated attacker with network access to the device.
Business Impact
The exploitation of this vulnerability poses a catastrophic risk to organizational security, as it grants attackers full control over the affected hardware. Given the high CVSS score of 9.5 and confirmed active exploitation, this flaw can lead to complete system compromise, unauthorized access to sensitive network segments, and long-term persistence within the environment.
Remediation Plan
Immediate Action: Apply the vendor-supplied security patches or mitigations immediately, as this vulnerability is confirmed to be under active exploitation.
Proactive Monitoring: Review system logs for signs of unauthorized process execution or anomalous network traffic originating from the EDS5000 devices.
Compensating Controls: Isolate affected devices from the public internet using a WAF or VPN and restrict management access to trusted administrative IP addresses only.
Exploitation Status
Public Exploit Available: True
Analyst Notes: As of June 22, 2026, this vulnerability is confirmed to be actively exploited in the wild. Organizations must prioritize immediate patching to prevent unauthorized access and potential data exfiltration.
Analyst Recommendation
The active exploitation of this vulnerability in the wild makes this a top-tier priority. Security teams should treat all Lantronix EDS5000 units as compromised until they are updated or verified as protected. Immediate patching or isolation is required to mitigate the severe risk of remote code execution.
FEDERAL DEADLINE: June 25, 2026 (2 days). Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines. FEDERAL DEADLINE: June 25, 2026 (2 days). Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
Deadline: June 25, 2026
Required Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
An issue was discovered in Lantronix EDS5000 2
An issue was discovered in Lantronix EDS5000 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
An issue was discovered in Lantronix EDS5000 2
An issue was discovered in Lantronix EDS5000 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
An issue was discovered in Lantronix EDS5000 2
An issue was discovered in Lantronix EDS5000 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Incorrect access control in Comtech EF Data CDM-625 / CDM-625A Advanced Satellite Modem with firmware v2
Incorrect access control in Comtech EF Data CDM-625 / CDM-625A Advanced Satellite Modem with firmware v2
Executive Summary:
A high-severity vulnerability has been discovered in specific Comtech EF Data Advanced Satellite Modem models, identified as CVE-2025-67015. This flaw, caused by an incorrect access control mechanism, could allow a remote attacker to bypass security restrictions and gain unauthorized administrative control over the affected device. Successful exploitation could lead to service disruption, data interception, and a complete compromise of the satellite communication link.
Vulnerability Details
CVE-ID: CVE-2025-67015
Affected Software: Comtech EF Data CDM-625 / CDM-625A Advanced Satellite Modem
Affected Versions: Firmware version 2.x. See vendor advisory for specific affected versions.
Vulnerability: The vulnerability is an incorrect access control flaw within the modem's management interface. A remote attacker with network access to the device can send a specially crafted request that bypasses standard authentication and authorization checks. This allows a low-privileged or unauthenticated user to access and execute functions reserved for administrative users, effectively granting them full control over the modem's configuration and operation.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 7.5. Exploitation of this flaw could have significant business impacts, including the disruption of critical communication systems that rely on the satellite link for connectivity. An attacker could reconfigure the modem to cause a denial of service, intercept sensitive data passing through the device (loss of confidentiality), or modify its configuration to redirect traffic (loss of integrity). For organizations in sectors like telecommunications, government, and maritime, this could lead to operational failure, financial loss, and reputational damage.
Remediation Plan
Immediate Action: The primary remediation is to apply the security updates provided by the vendor (Comtech EF Data) immediately. Organizations should prioritize patching systems, especially those with management interfaces exposed to untrusted networks.
Proactive Monitoring: Monitor device and network logs for any signs of compromise. Specifically, look for unusual access patterns to the management interface, unauthorized configuration changes, unexpected reboots, or login attempts from unknown IP addresses. Implement alerts for any access to administrative functions from non-administrative accounts.
Compensating Controls: If immediate patching is not feasible, implement the following compensating controls:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of December 28, 2025, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, security researchers may develop proof-of-concept exploit code in the near future. Given that satellite communication equipment is a high-value target for sophisticated threat actors, organizations should assume that exploits will be developed.
Analyst Recommendation
Given the high severity (CVSS 7.5) of this vulnerability and its potential to disrupt critical communication infrastructure, we strongly recommend immediate action. While this vulnerability is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog, its impact is significant enough to warrant urgent attention. Organizations must prioritize applying the vendor-supplied patches to all affected Comtech EF Data modems or, if patching is not possible, implement the recommended compensating controls to mitigate the risk of exploitation.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Incorrect access control in DEV Systemtechnik GmbH DEV 7113 RF over Fiber Distribution System 32-0078 H
Incorrect access control in DEV Systemtechnik GmbH DEV 7113 RF over Fiber Distribution System 32-0078 H
Executive Summary:
A high-severity vulnerability has been identified in multiple DEV Systemtechnik GmbH products, specifically an incorrect access control flaw in the DEV 7113 RF over Fiber Distribution System. This vulnerability could allow an unauthorized attacker with network access to bypass security restrictions, potentially leading to unauthorized configuration changes, service disruption, or information disclosure. Organizations using the affected systems are at risk of operational outages in critical communication infrastructure.
Vulnerability Details
CVE-ID: CVE-2025-67014
Affected Software: GmbH Multiple Products (Specifically DEV Systemtechnik GmbH DEV 7113 RF over Fiber Distribution System 32-0078 H)
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability is an incorrect access control flaw within the management interface of the affected devices. The system fails to properly validate whether a user has the required permissions to access certain functions or resources. An unauthenticated or low-privileged attacker with network access to the device could send specially crafted requests to access administrative functionalities, modify system configurations, or retrieve sensitive information without proper authorization.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 7.5. Successful exploitation could have a significant business impact, particularly for organizations in broadcasting, telecommunications, and satellite operations that rely on these RF distribution systems. An attacker could maliciously alter signal routing and distribution configurations, leading to service degradation or a complete outage of critical communication channels. The potential consequences include financial loss due to service disruption, reputational damage, and the compromise of sensitive configuration data.
Remediation Plan
Immediate Action: The primary and most effective remediation is to apply the security updates released by DEV Systemtechnik GmbH to all affected devices immediately. Following the update, system administrators should monitor the devices for any signs of exploitation attempts and conduct a thorough review of access logs to identify any unauthorized activity that may have occurred prior to patching.
Proactive Monitoring: Implement enhanced monitoring on the management interfaces of the affected devices. Security teams should look for unusual or unauthorized login attempts, unexpected configuration changes, and anomalous network traffic patterns originating from untrusted sources. Configure alerting to be notified of any such suspicious activity in real-time.
Compensating Controls: If immediate patching is not feasible, implement compensating controls to reduce the risk of exploitation. Restrict network access to the device's management interface using firewalls or Access Control Lists (ACLs), ensuring that only trusted administrators from a dedicated management network can reach the device.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of December 28, 2025, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, given the nature of access control flaws, proof-of-concept exploits can be developed by security researchers or malicious actors once vulnerability details are understood, increasing the risk over time.
Analyst Recommendation
Given the High severity rating (CVSS 7.5) and the critical function of the affected systems, it is strongly recommended that organizations prioritize the immediate deployment of the vendor-supplied security updates. Although this vulnerability is not currently listed on the CISA KEV list, its potential to cause significant operational disruption warrants urgent attention. If patching is delayed, the compensating controls outlined above, particularly network segmentation and access restriction, must be implemented as an interim measure to mitigate risk.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
An issue in ollama v
An issue in ollama v
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
An issue in ollama v
An issue in ollama v
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Asseco SEE Live 2.0 contains insecure access control in its communication components, allowing remote attackers to access and execute attachments via...
Asseco SEE Live 2.0 contains insecure access control in its communication components, allowing remote attackers to access and execute attachments via computable URLs.
---METADATA---
VENDOR: Asseco SEE
PRODUCT: SEE Live 2.0
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
Asseco SEE Live 2.0 contains insecure access control in its communication components, allowing remote attackers to access and execute attachments via computable URLs.
Executive Summary:
Insecure access controls in Asseco SEE Live 2.0 allow remote attackers to bypass security measures and access sensitive attachments through predictable URL patterns.
Vulnerability Details
CVE-ID: CVE-2025-66956
Affected Software: Asseco SEE Live 2.0
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability affects the Contact Plan, E-Mail, SMS, and Fax components. Due to insecure access control and the use of computable (predictable) URLs, remote attackers can bypass intended authorization checks to download or execute file attachments.
Business Impact
The CVSS score of 9.9 indicates a critical risk to data confidentiality and integrity. Attackers could systematically harvest sensitive documents, personal data, or corporate communications sent via the SEE Live platform, leading to significant regulatory non-compliance and reputational damage.
Remediation Plan
Immediate Action: Apply the latest security updates provided by Asseco SEE for the Live 2.0 platform to implement robust authorization checks for all attachment access requests.
Proactive Monitoring: Monitor access logs for sequential or high-volume requests to attachment URLs, which may indicate an automated scraping attempt or exploitation of computable URLs.
Compensating Controls: Implement a reverse proxy or WAF that enforces session-based authentication before allowing access to the file-serving endpoints of the application.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of Mar 11, 2026, there is no public information indicating active exploitation. The high CVSS score is driven by the ease of exploiting predictable resource identifiers to access unauthorized data.
Analyst Recommendation
Organizations using Asseco SEE Live 2.0 for enterprise communications must address this insecure access control flaw immediately. The predictability of resource locations combined with weak authorization creates a significant data breach risk that can only be mitigated through the vendor's official security patches.
Update Insecure Access Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
CSRF vulnerability in narda miteq Uplink Power Contril Unit UPC2 v
CSRF vulnerability in narda miteq Uplink Power Contril Unit UPC2 v
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A Cross-site scripting (XSS) vulnerability in Create/Update Customer(s) in Open Source Point of Sale v3
A Cross-site scripting (XSS) vulnerability in Create/Update Customer(s) in Open Source Point of Sale v3
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A Cross-site scripting (XSS) vulnerability in Create/Update Item(s) Module in Open Source Point of Sale v3
A Cross-site scripting (XSS) vulnerability in Create/Update Item(s) Module in Open Source Point of Sale v3
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
edoc-doctor-appointment-system v1
edoc-doctor-appointment-system v1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
The snailjob component in RuoYi-Vue-Plus versions 5.5.1 and earlier, interface /snail-job/workflow/check-node-expression can execute QLExpress express...
The snailjob component in RuoYi-Vue-Plus versions 5.5.1 and earlier, interface /snail-job/workflow/check-node-expression can execute QLExpress expressions, but it does not filter user input, allowing attackers to use the File class to perform arbitrary file reading and writing.
---METADATA---
VENDOR: RuoYi-Vue-Plus
PRODUCT: RuoYi-Vue-Plus
AFFECTED_VERSIONS: 5.5.1 and earlier
CONFIDENCE: high
MISSING: patch
---END_METADATA---
Description Summary:
The snailjob component in RuoYi-Vue-Plus fails to filter user input in the check-node-expression interface, allowing arbitrary file read/write operations via QLExpress.
Executive Summary:
RuoYi-Vue-Plus contains a critical vulnerability in the snailjob component that allows attackers to perform arbitrary file read and write operations.
Vulnerability Details
CVE-ID: CVE-2025-66916
Affected Software: RuoYi-Vue-Plus RuoYi-Vue-Plus
Affected Versions: 5.5.1 and earlier
Vulnerability: The /snail-job/workflow/check-node-expression interface fails to properly sanitize user-supplied input, allowing the exploitation of QLExpress expressions to manipulate the File class for arbitrary file system access.
Business Impact
An attacker can read sensitive configuration files or overwrite system files, potentially leading to full system takeover or sensitive data exposure. With a CVSS score of 9.4, this vulnerability represents an urgent threat that could be leveraged to gain persistence or elevate privileges.
Remediation Plan
Immediate Action: Update the RuoYi-Vue-Plus framework to the latest version where the snailjob input validation is corrected.
Proactive Monitoring: Monitor application logs for suspicious input patterns directed at the /snail-job/ endpoint and look for unexpected file modification activities.
Compensating Controls: Restrict access to the affected interface through network-level controls or WAF rules if immediate patching is not feasible.
Exploitation Status
Public Exploit Available: Unknown
Analyst Notes: As of Jan 8, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
The ability to perform arbitrary file operations constitutes a severe threat to system integrity. Security teams should prioritize patching this component immediately and audit the system for any signs of prior unauthorized access.
Update The snailjob component in Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
JimuReport thru version 2.1.3 is vulnerable to remote code execution when processing user-controlled H2 JDBC URLs. The application passes the attacker...
JimuReport thru version 2.1.3 is vulnerable to remote code execution when processing user-controlled H2 JDBC URLs. The application passes the attacker-supplied JDBC URL directly to the H2 driver, allowing the use of certain directives to execute arbitrary Java code. A different vulnerability than CVE-2025-10770.
Executive Summary:
A critical remote code execution vulnerability has been identified in multiple JimuReport products, specifically in versions up to 2.1.3. An attacker can exploit this flaw by submitting a specially crafted H2 database connection string, allowing them to run arbitrary code and completely compromise the affected server. This could lead to data theft, service disruption, or further attacks on the internal network.
Vulnerability Details
CVE-ID: CVE-2025-66913
Affected Software: JimuReport thru version Multiple Products
Affected Versions: All versions up to and including 2.1.3.
Vulnerability: The vulnerability exists in how the JimuReport application processes H2 database JDBC URLs. The application fails to properly sanitize user-supplied connection strings before passing them to the H2 database driver. An unauthenticated remote attacker can craft a malicious JDBC URL containing specific H2 directives (such as INIT=RUNSCRIPT) which, when processed by the driver, will execute arbitrary Java code on the underlying server with the privileges of the JimuReport application.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8, indicating a high risk to the organization. Successful exploitation would grant an attacker full control over the compromised server, leading to a complete loss of confidentiality, integrity, and availability. Potential consequences include theft or modification of sensitive data stored in the application's databases, deployment of ransomware, service outages, and using the compromised server as a foothold to launch further attacks against the internal corporate network.
Remediation Plan
Immediate Action: The primary remediation is to apply the security updates provided by the vendor. Organizations must upgrade all affected instances of JimuReport to a version higher than 2.1.3 immediately. After patching, it is crucial to review application and system logs for any signs of compromise that may have occurred before the update was applied.
Proactive Monitoring: Security teams should actively monitor for exploitation attempts by inspecting application logs for suspicious H2 JDBC connection strings. Specifically, look for URLs containing directives like INIT, RUNSCRIPT, or calls to external resources. Monitor for anomalous behavior on the server hosting JimuReport, such as unexpected outbound network connections, new processes being spawned by the application's user account, or unauthorized file creation/modification.
Compensating Controls: If immediate patching is not feasible, consider implementing the following controls:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of the publication date, Jan 8, 2026, there are no known public proof-of-concept exploits or active exploitation campaigns targeting this vulnerability. However, vulnerabilities of this type (RCE) are frequently targeted by threat actors shortly after disclosure. The description notes this is a distinct vulnerability from CVE-2025-10770, and organizations should ensure both are addressed.
Analyst Recommendation
Given the critical CVSS score of 9.8 and the risk of complete system compromise, this vulnerability requires immediate attention. All organizations using affected versions of JimuReport must prioritize the deployment of vendor-supplied patches across all environments. Although this vulnerability is not currently on the CISA KEV list, its severity warrants treating it with the highest urgency to prevent potential exploitation.
Update JimuReport thru version Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path v...
The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_entry_files() function in all versions up to, and including, 1
Executive Summary: A high-severity arbitrary file deletion vulnerability in the SureForms WordPress plugin allows an authenticated attacker to delete critical system files, potentially causing a complete denial of service.
Vulnerability Details
CVE-ID: CVE-2025-6691
Affected Software: WordPress SureForms – Drag and Drop Form Builder
Affected Versions: See vendor advisory for affected versions
Vulnerability: This vulnerability stems from insufficient file path validation within the delete_entry_files() function. An authenticated attacker can exploit this flaw to delete arbitrary files on the server's filesystem, including critical application or system files.
Business Impact
A successful exploit could lead to a complete denial of service by deleting critical configuration files, resulting in significant website downtime and potential data loss. The High severity CVSS score of 8.1 reflects the potential for attackers to cause widespread disruption and impact the integrity and availability of the affected website. This can lead to reputational damage and operational interruption.
Remediation Plan
Immediate Action: Immediately update the SureForms – Drag and Drop Form Builder for WordPress plugin to the latest patched version. If the plugin is no longer required, it should be deactivated and uninstalled.
Proactive Monitoring: Implement file integrity monitoring to detect unauthorized changes to core WordPress files and plugin directories. Review web server and application logs for suspicious activity related to the delete_entry_files() function.
Compensating Controls: Employ a Web Application Firewall (WAF) with rules designed to block directory traversal attacks and suspicious file manipulation requests, which can provide a layer of defense against exploitation attempts.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of July 10, 2025, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the high potential for service disruption, this vulnerability presents a significant risk to website availability and integrity. We strongly recommend that administrators prioritize the immediate installation of the patched version of the SureForms plugin to prevent potential exploitation. Delaying this action leaves the web server exposed to irreversible file deletion.
Update WordPress plugin/theme to the latest version. Review WordPress security settings and remove if no longer needed.
Turms AI-Serving module v0
Turms AI-Serving module v0
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
The Takes web framework's TkFiles take thru 2
The Takes web framework's TkFiles take thru 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
An input validation issue in in Pithikos websocket-server v
An input validation issue in in Pithikos websocket-server v
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Buffer overflow vulnerability in function dcputchar in decompile
Buffer overflow vulnerability in function dcputchar in decompile
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Buffer overflow vulnerability in function strcat in asan_interceptors
Buffer overflow vulnerability in function strcat in asan_interceptors
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
An issue was discovered in function d_print_comp_inner in file cp-demangle
An issue was discovered in function d_print_comp_inner in file cp-demangle
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
An issue was discovered in function d_discriminator in file cp-demangle
An issue was discovered in function d_discriminator in file cp-demangle
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A buffer overflow vulnerability in function gnu_special in file cplus-dem
A buffer overflow vulnerability in function gnu_special in file cplus-dem
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
ATEN eco DC Missing Authorization Privilege Escalation Vulnerability
ATEN eco DC Missing Authorization Privilege Escalation Vulnerability
Update to patched version immediately. Review user permissions and access controls.
Sourcecodester Covid-19 Contact Tracing System 1.0 is vulnerable to RCE (Remote Code Execution). The application receives a reverse shell (php) into i...
Sourcecodester Covid-19 Contact Tracing System 1.0 is vulnerable to RCE (Remote Code Execution). The application receives a reverse shell (php) into imagem of the user enabling RCE.
Executive Summary:
A critical remote code execution (RCE) vulnerability, identified as CVE-2025-66802, has been discovered in multiple Sourcecodester products. This flaw allows an attacker to upload a malicious file disguised as an image, enabling them to take complete control of the affected server. Successful exploitation could lead to total system compromise, data theft, and further intrusions into the network.
Vulnerability Details
CVE-ID: CVE-2025-66802
Affected Software: Sourcecodester Multiple Products
Affected Versions: Sourcecodester Covid-19 Contact Tracing System version 1.0 is confirmed to be vulnerable. See vendor advisory for a complete list of affected products and versions.
Vulnerability: This vulnerability is an unrestricted file upload that leads to remote code execution. The application contains an image upload function that fails to properly validate the content of uploaded files. An attacker can craft a malicious script (e.g., a PHP web shell) and save it with an image file extension (e.g., .jpg, .png). When the attacker uploads this file, the system saves it to a web-accessible directory without verifying that it is a legitimate image. The attacker can then access the uploaded file via its URL, causing the web server to execute the embedded code and granting the attacker full control over the server with the permissions of the web service account.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8, posing a significant threat to the organization. A successful exploit would result in a complete compromise of the web server, allowing an attacker to steal, encrypt, or delete sensitive data, including any personally identifiable information (PII) handled by the application. The attacker could also disrupt business operations by defacing the website, installing malware such as ransomware, or using the compromised server as a pivot point to launch further attacks against the internal network. The potential consequences include severe financial loss, reputational damage, and regulatory penalties.
Remediation Plan
Immediate Action: The primary remediation is to apply vendor-supplied patches immediately. Update all affected Sourcecodester products to the latest version as recommended by the vendor. In parallel, begin actively monitoring for signs of exploitation by reviewing web server and application access logs for any suspicious file upload activity.
Proactive Monitoring:
.php extensions)..php, .phtml, .sh).Compensating Controls: If immediate patching is not feasible, implement the following controls to mitigate risk:
Exploitation Status
Public Exploit Available: False
Analyst Notes: As of January 12, 2026, there are no publicly available proof-of-concept exploits or observed in-the-wild attacks targeting this vulnerability. However, given the critical severity and the common nature of this flaw, it is highly probable that exploits will be developed and weaponized by threat actors in the near future. Organizations should assume that exploitation is imminent.
Analyst Recommendation
Due to the critical CVSS score of 9.8, this vulnerability represents an immediate and severe risk to the organization. An attacker can achieve a full system compromise with low-complexity, making this an attractive target. We strongly recommend that all affected Sourcecodester products be patched immediately, treating this as the highest priority remediation effort. Although this vulnerability is not currently listed on the CISA KEV catalog, its critical impact makes it a likely candidate for future inclusion. If patching cannot be performed immediately, the compensating controls outlined above must be implemented without delay to reduce the attack surface.
Update Sourcecodester Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
The Bit Form builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and inclu...
The Bit Form builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.20.4. This makes it possible for unauthent...
Executive Summary:
A critical vulnerability has been identified in the Bit Form builder plugin for WordPress, a popular tool for creating web forms. This flaw allows any unauthenticated attacker to upload malicious files to a website using the plugin, which can lead to a complete server compromise. Successful exploitation could result in data theft, website defacement, or the server being used for further malicious activities.
Vulnerability Details
CVE-ID: CVE-2025-6679
Affected Software: The Bit Form builder plugin for WordPress
Affected Versions: All versions up to, and including, 2.20.4
Vulnerability: The plugin fails to properly validate the types of files being uploaded through forms it generates. This allows an unauthenticated attacker to bypass security checks and upload a file with a malicious extension, such as a PHP web shell. By accessing the uploaded file via a web browser, the attacker can execute arbitrary code on the server with the permissions of the web server process, leading to a full compromise of the website and potentially the underlying server.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8, indicating a high likelihood of exploitation with a severe impact. A successful attack could lead to significant business disruption, including theft of sensitive customer data, financial information, or intellectual property. The compromised website could be used to host phishing pages or distribute malware, causing severe reputational damage and loss of customer trust. The potential financial costs associated with incident response, data breach notifications, and system restoration are substantial.
Remediation Plan
Immediate Action: Immediately update the Bit Form builder plugin for WordPress to the latest version available (newer than 2.20.4), which contains the patch for this vulnerability. After updating, verify that the patch has been successfully applied and the site is functioning correctly.
Proactive Monitoring: System administrators should actively monitor web server access logs for any unusual POST requests to form endpoints, especially those involving file uploads. Scrutinize the WordPress uploads directory for any suspicious or unexpected files (e.g., files with .php, .phtml, .sh extensions). Monitor for unusual outbound network traffic from the web server, which could indicate a successful compromise.
Compensating Controls: If immediate patching is not feasible, consider implementing the following controls:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of Aug 15, 2025, there are no known public exploits specifically for CVE-2025-6679. However, due to the simplicity of exploiting arbitrary file upload vulnerabilities and the critical 9.8 CVSS score, it is highly probable that threat actors are actively developing or already possess private exploits. The vulnerability allows for unauthenticated remote code execution, making it a prime target for automated attacks.
Analyst Recommendation
Given the critical severity of this vulnerability, immediate action is required. All organizations using the Bit Form builder plugin on their WordPress sites must prioritize updating to a patched version without delay. Although this CVE is not currently on the CISA KEV list, its high impact and ease of exploitation make it a significant threat. A "patch now" policy should be adopted, as waiting could expose the organization to a high risk of compromise.
Update The Bit Form builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
OpenAirInterface CN5G AMF<=v2
OpenAirInterface CN5G AMF<=v2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A NULL pointer dereference in Nitro PDF Pro for Windows v14
A NULL pointer dereference in Nitro PDF Pro for Windows v14
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
An issue in Yealink T21P_E2 Phone 52
An issue in Yealink T21P_E2 Phone 52
Executive Summary:
A high-severity vulnerability has been identified in multiple Yealink VoIP phone products, specifically affecting the T21P_E2 model. This flaw allows an unauthenticated remote attacker to execute arbitrary commands on the device, potentially leading to a complete system compromise. Successful exploitation could result in call eavesdropping, fraudulent phone usage, or the device being used as a pivot point to attack the internal network.
Vulnerability Details
CVE-ID: CVE-2025-66738
Affected Software: Yealink Multiple Products
Affected Versions: Yealink T21P_E2 Phone firmware version 52.x and potentially prior versions. See vendor advisory for a complete list of affected products and versions.
Vulnerability: The vulnerability is an unauthenticated command injection flaw in the web management interface of the affected devices. An attacker can send a specially crafted HTTP request to a specific administrative endpoint without needing to provide valid credentials. The device fails to properly sanitize user-supplied input within this request, allowing the attacker to inject and execute arbitrary commands on the underlying operating system with the privileges of the web server process, which is typically root.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.8, posing a significant risk to the organization. An attacker who successfully exploits this flaw can gain complete control over the VoIP phone. The potential consequences include a breach of confidentiality through eavesdropping on sensitive business calls, financial loss from unauthorized international or premium-rate calls, and reputational damage. Furthermore, a compromised phone can serve as a persistent foothold within the corporate network, enabling attackers to launch further attacks against other internal systems.
Remediation Plan
Immediate Action: Identify all vulnerable Yealink devices on the network and apply the security updates released by the vendor immediately. After patching, monitor the devices for any signs of exploitation attempts by reviewing web access logs for unusual or malicious requests.
Proactive Monitoring: Configure network monitoring to detect anomalous outbound traffic from VoIP phones to unknown internet destinations. Review web server logs on the devices for requests to administrative pages from untrusted IP addresses or requests containing shell command syntax (e.g., semicolons, pipe characters, backticks). Implement network intrusion detection system (NIDS) rules to alert on traffic patterns matching known exploitation techniques for this CVE as they become available.
Compensating Controls: If patching cannot be performed immediately, implement network segmentation to isolate the VoIP device management interfaces from general user networks and the public internet. Use firewall rules or Access Control Lists (ACLs) to restrict access to the web management portal to only authorized administrative workstations or a dedicated management VLAN.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of December 28, 2025, there are no known public exploit kits or reports of active in-the-wild exploitation targeting this vulnerability. However, due to the high severity and low complexity of a command injection flaw, it is highly probable that security researchers and threat actors will develop a functional proof-of-concept (PoC) exploit in the near future.
Analyst Recommendation
This vulnerability represents a critical risk and must be addressed with high priority. We strongly recommend that the organization patch all affected Yealink devices immediately. Although CVE-2025-66738 is not currently listed on the CISA KEV (Known Exploited Vulnerabilities) catalog, its high CVSS score and the potential for unauthenticated remote code execution make it an attractive target for attackers. If immediate patching is not feasible, the compensating controls outlined above, particularly restricting network access to the management interface, must be implemented without delay to reduce the attack surface.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
youlai-boot V2
youlai-boot V2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
---METADATA---
VENDOR: Pagekit
PRODUCT: Pagekit CMS
AFFECTED_VERSIONS: v1.0.18
CONFIDENCE: high
MISSING: patch, exploit_status
---END_METADATA---
Description Summary:
An Insecure Direct Object Reference (IDOR) vulnerability in Pagekit CMS v1.0.18 allows unauthenticated attackers to escalate privileges.
Executive Summary:
A critical IDOR vulnerability in Pagekit CMS v1.0.18 permits unauthorized privilege escalation, posing a severe risk to system integrity and administrative control.
Vulnerability Details
CVE-ID: CVE-2025-67165
Affected Software: Pagekit CMS
Affected Versions: v1.0.18
Vulnerability: This vulnerability involves an Insecure Direct Object Reference (IDOR) flaw within the application logic. It allows an unauthenticated attacker to manipulate object references to gain unauthorized elevated privileges.
Business Impact
Successful exploitation allows an attacker to gain administrative access, potentially leading to full system compromise. With a CVSS score of 9.8, the risk of unauthorized data access, configuration modification, and complete service takeover is extreme. This represents a critical threat to the confidentiality, integrity, and availability of the affected environment.
Remediation Plan
Immediate Action: Upgrade Pagekit CMS to the latest stable release provided by the vendor. Ensure all security patches are applied to remediate the IDOR vulnerability.
Proactive Monitoring: Monitor server access logs for unusual patterns, specifically focusing on requests targeting administrative endpoints or unauthorized parameter manipulation.
Compensating Controls: Deploy a Web Application Firewall (WAF) with rules configured to inspect and block suspicious input parameters and unauthorized access attempts.
Exploitation Status
Public Exploit Available: Unknown
Analyst Notes: As of Dec 17, 2025, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
The severity of this vulnerability necessitates immediate remediation. Administrators should prioritize updating the Pagekit CMS instance to a patched version to prevent unauthorized privilege escalation and maintain system security.