An issue was discovered in 5
Description
An issue was discovered in 5
Remediation
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Search and filter 17282 vulnerabilities with AI analyst insights
An issue was discovered in 5
An issue was discovered in 5
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
An issue was discovered in 5
An issue was discovered in 5
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In JetBrains ReSharper before 2025
In JetBrains ReSharper before 2025
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A reliance on cookies without validation and integrity checking vulnerability in Fortinet FortiWeb 8
A reliance on cookies without validation and integrity checking vulnerability in Fortinet FortiWeb 8
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb...
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.
FEDERAL DEADLINE: November 20, 2025 (6 days). Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. FEDERAL DEADLINE: November 20, 2025 (6 days). Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Update A relative path traversal vulnerability in Fortinet FortiWeb Multiple Products to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
Deadline: November 20, 2025
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in NCP-HG100 1
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in NCP-HG100 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions prior to and including v4.0.0-...
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions prior to and including v4.0.0-beta.434, low privileged users are able to see the private key of the root user on the Coolify instance. This allows them to ssh to the server and authenticate as root user, using the private key. As of time of publication, it is unclear if a patch is available.
Update Coolify is an Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.445, parameters coming...
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.445, parameters coming from docker-compose.yaml are not sanitized when used in commands. If a victim user creates an application from an attacker repository (using build pack "docker compose"), the attacker can execute commands on the Coolify instance as root. Version 4.0.0-beta.445 fixes the issue.
Executive Summary:
A critical remote code execution vulnerability exists in the Coolify management tool. An attacker can gain complete control of the server running Coolify by tricking a user into deploying an application from a malicious code repository. Successful exploitation allows the attacker to execute commands as the root user, leading to a full system compromise.
Vulnerability Details
CVE-ID: CVE-2025-64419
Affected Software: Coolify is an Multiple Products
Affected Versions: All versions prior to 4.0.0-beta.445
Vulnerability: The vulnerability is a command injection flaw due to improper sanitization of input from docker-compose.yaml files. When a user configures Coolify to build an application from a Git repository using the "docker compose" build pack, Coolify parses the docker-compose.yaml file and uses parameters from it to construct system commands. An attacker can craft a malicious docker-compose.yaml file with specially designed parameters that break out of the intended command and inject arbitrary new commands, which are then executed on the Coolify host with root privileges.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.6, posing a severe risk to the organization. A successful exploit grants an attacker full administrative (root) access to the server hosting Coolify. This can lead to the theft or destruction of all data on the server, including application source code, databases, and sensitive credentials. Furthermore, the compromised server can be used as a pivot point to launch further attacks against the internal network, disrupt critical services managed by Coolify, or be used in botnets for malicious activities.
Remediation Plan
Immediate Action: Immediately upgrade all instances of Coolify to version 4.0.0-beta.445 or a later version, which contains the fix for this vulnerability. After patching, carefully review system and application access logs for any signs of compromise, such as unusual commands being executed or deployments from untrusted repositories.
Proactive Monitoring: Implement enhanced logging and monitoring on the Coolify host. Specifically, monitor for suspicious child processes spawned by the Coolify service, unexpected outbound network connections, and review Coolify's own deployment logs for any applications created from unfamiliar or suspicious source code repositories.
Compensating Controls: If immediate patching is not feasible, implement strict access controls to limit which users can deploy new applications. Enforce a policy that only allows deployments from vetted, internal code repositories. Additionally, consider running the Coolify instance behind a firewall with strict egress filtering rules to block potential command-and-control (C2) communication from a compromised host.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of Jan 5, 2026, there are no known public proof-of-concept exploits or active exploitation campaigns targeting this vulnerability. The vulnerability is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog. However, due to the simplicity of the attack vector and the high impact, it is likely to be targeted by threat actors in the near future.
Analyst Recommendation
Given the critical severity (CVSS 9.6) and the potential for complete system compromise, we strongly recommend that organizations prioritize patching this vulnerability immediately. All instances of Coolify should be upgraded to version 4.0.0-beta.445 or newer without delay. Due to the high risk of root-level remote code execution, this vulnerability should be treated as an imminent threat, even in the absence of current public exploits or its inclusion in the CISA KEV catalog.
Update Coolify is an Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
The Webinar Solution: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition plugin for WordPress is vulnerable to...
The Webinar Solution: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition plugin for WordPress is vulnerable to unauthenticated login token generation due to a m...
Executive Summary:
A critical vulnerability has been identified in The Webinar's WebinarIgnition plugin for WordPress, assigned CVE-2025-6441. This flaw allows an unauthenticated attacker to generate login tokens for any user, including administrators, enabling a complete bypass of authentication. Successful exploitation could result in a full system compromise, leading to data theft, website defacement, and further malicious activities.
Vulnerability Details
CVE-ID: CVE-2025-6441
Affected Software: The Webinar Multiple Products (Specifically, the WebinarIgnition plugin for WordPress)
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The WebinarIgnition plugin for WordPress contains a critical flaw that allows for unauthenticated login token generation. A missing or improper authentication check in a specific function of the plugin allows a remote, unauthenticated attacker to craft a request that forces the application to generate a valid login token for an arbitrary user account. By targeting an administrative account, an attacker can use this generated token to bypass all authentication controls and gain full administrative privileges on the WordPress site.
Business Impact
This vulnerability is rated as critical with a CVSS score of 9.8, indicating a severe risk to the organization. Successful exploitation would grant an attacker complete control over the affected WordPress website. This could lead to significant business impacts, including the theft of sensitive user data, intellectual property, or customer information; website defacement causing reputational damage; and the potential for the compromised site to be used for further malicious activities, such as distributing malware or launching phishing attacks against customers.
Remediation Plan
Immediate Action: The primary remediation is to immediately update "The Webinar" (WebinarIgnition) plugin to the latest patched version as recommended by the vendor. After updating, it is crucial to review all user accounts, especially administrative ones, for any signs of unauthorized access or changes.
Proactive Monitoring: Security teams should actively monitor for signs of exploitation. Review web server access logs for unusual or repeated requests to the WebinarIgnition plugin's files or API endpoints. Scrutinize WordPress authentication logs for successful logins from unexpected IP addresses or at unusual times, particularly for administrative accounts. Implement alerts for the creation of new administrative users or unexpected changes to plugin files.
Compensating Controls: If immediate patching is not feasible, implement compensating controls to mitigate risk. Deploy a Web Application Firewall (WAF) with rules specifically designed to block exploit attempts against this vulnerability. Restrict access to the WordPress administrative dashboard (/wp-admin) to trusted IP addresses only. As a last resort, if the plugin's functionality is not business-critical, consider deactivating and disabling the WebinarIgnition plugin entirely until a patch can be applied.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of the publication date of July 24, 2025, this vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog. However, given the critical CVSS score of 9.8 and the nature of the flaw (unauthenticated access), it is highly probable that threat actors will rapidly develop and deploy exploits. Widespread scanning for vulnerable instances is expected to begin shortly after public disclosure.
Analyst Recommendation
Due to the critical severity (CVSS 9.8) of this vulnerability, immediate action is required. We strongly recommend that all instances of the WebinarIgnition WordPress plugin be updated to the latest version without delay. Although this vulnerability is not yet on the CISA KEV list, its potential for complete system compromise means it should be treated with the highest priority. Organizations should assume that active exploitation is imminent and proceed with patching and monitoring immediately.
Update The Webinar Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Apache OpenOffice documents can contain links
Apache OpenOffice documents can contain links
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Apache OpenOffice documents can contain links to other files
Apache OpenOffice documents can contain links to other files
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Apache OpenOffice Calc spreadsheet can contain links to other files, in the form of "external data sources"
Apache OpenOffice Calc spreadsheet can contain links to other files, in the form of "external data sources"
Executive Summary:
A high-severity vulnerability has been identified in Apache OpenOffice Calc that could allow an attacker to access sensitive information. By tricking a user into opening a specially crafted spreadsheet file, an attacker can force the application to connect to a malicious external location, potentially exposing user credentials or internal network data. Organizations using Apache OpenOffice should prioritize applying the available security updates to mitigate this risk.
Vulnerability Details
CVE-ID: CVE-2025-64403
Affected Software: Apache Multiple Products
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability exists in the way Apache OpenOffice Calc processes links to external data sources within a spreadsheet. An attacker can create a malicious spreadsheet file (.ods) containing a link to a remote, attacker-controlled resource (e.g., a malicious SMB share). When an unsuspecting user opens this file, Calc may attempt to resolve and connect to the external data source, which can lead to the disclosure of sensitive information, such as NTLM authentication hashes, without the user's explicit consent. This type of attack is typically delivered via phishing emails.
Business Impact
This is a High severity vulnerability with a CVSS score of 8.1, posing a significant risk to the organization. Successful exploitation could lead to the compromise of user credentials, which attackers can then use for initial access or lateral movement within the corporate network. The primary business impacts include the potential for a data breach, loss of confidential information, and unauthorized access to network resources. A successful attack could result in significant reputational damage and financial costs associated with incident response and recovery.
Remediation Plan
Immediate Action: The primary remediation is to apply the security updates provided by Apache across all affected systems immediately. Prioritize patching workstations where Apache OpenOffice is installed. After patching, continue to monitor systems for any signs of attempted exploitation by reviewing relevant logs for suspicious activity.
Proactive Monitoring: Security teams should monitor for unusual outbound network connections originating from the OpenOffice process (soffice.bin). Specifically, watch for outbound SMB traffic (TCP port 445) from workstations to external IP addresses, as this is a key indicator of an NTLM hash theft attempt. Review endpoint and firewall logs for connections to unknown or untrusted domains initiated after a user opens a spreadsheet document.
Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce risk:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of November 12, 2025, there is no known public proof-of-concept exploit code, and there are no reports of this vulnerability being actively exploited in the wild. However, vulnerabilities involving external resource loading in office software are frequently weaponized by threat actors for phishing campaigns. It is likely that exploits will be developed and integrated into attack toolkits in the near future.
Analyst Recommendation
Given the high severity (CVSS 8.1) and the potential for credential theft, we recommend that organizations treat this vulnerability with urgency. The primary course of action is to apply the vendor-supplied patches to all systems running vulnerable versions of Apache OpenOffice immediately. Although this CVE is not currently on the CISA KEV list, its impact warrants immediate attention. In addition to patching, implementing compensating controls, such as blocking outbound SMB traffic, will provide a critical defense-in-depth layer against this and similar attack vectors.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Apache OpenOffice documents can contain links
Apache OpenOffice documents can contain links
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design Services WordPress theme, is vulnerable to arbitrary...
The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design Services WordPress theme, is vulnerable to arbitrary file uploads due to missing file type validation ...
Executive Summary:
A critical vulnerability has been identified in The WooCommerce Designer Pro plugin for WordPress, which allows unauthenticated attackers to upload malicious files to the server. This flaw could be exploited to gain complete control over the affected website, leading to data theft, website defacement, or further attacks on the hosting environment. Due to the high severity and potential for full system compromise, immediate remediation is strongly advised.
Vulnerability Details
CVE-ID: CVE-2025-6440
Affected Software: The WooCommerce Designer Pro plugin for Multiple Products
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability exists due to a lack of proper file type validation on the file upload functionality within the plugin. An unauthenticated remote attacker can craft a malicious request to upload a file with a dangerous extension (e.g., .php, .phtml). Because the server-side code fails to verify that the uploaded file is a benign type (like an image), the malicious file is saved to a web-accessible directory, allowing the attacker to execute arbitrary code on the server by simply accessing the uploaded file's URL.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation would have a severe business impact, potentially leading to a full compromise of the web server. Consequences include the theft of sensitive data such as customer personal information and payment details, significant reputational damage from website defacement or malware distribution, and financial loss from business disruption or regulatory fines. The compromised website could also be used as a pivot point to launch further attacks against the organization's internal network.
Remediation Plan
Immediate Action: Update The WooCommerce Designer Pro plugin for Multiple Products to the latest version. After updating, conduct a thorough review of the web server's file system for any unrecognized or suspicious files, particularly in upload directories. Monitor for exploitation attempts and review access logs for unusual POST requests to plugin endpoints.
Proactive Monitoring: Implement continuous monitoring of web server logs for suspicious upload attempts, focusing on requests that contain file extensions like .php, .phtml, .phar, or .shell. Monitor for unexpected outbound network connections from the web server, which could indicate a successful compromise. File Integrity Monitoring (FIM) should be used to alert on the creation of new executable files in web directories.
Compensating Controls: If immediate patching is not feasible, implement a Web Application Firewall (WAF) with strict rules to block malicious file uploads based on file extension and content type. Additionally, configure the web server to disable script execution in all upload directories (e.g., using .htaccess rules or Nginx configuration) to prevent uploaded shells from being executed.
Exploitation Status
Public Exploit Available: Information not available in the provided CVE data.
Analyst Notes: As of October 24, 2025, this vulnerability has been publicly disclosed. While there are no confirmed public exploits or active campaigns targeting this flaw, arbitrary file upload vulnerabilities in WordPress plugins are highly sought after by attackers. Threat actors are likely to develop exploits for this vulnerability quickly, and organizations should assume it will be actively targeted.
Analyst Recommendation
Given the critical CVSS score of 9.8 and the high potential for complete system compromise, this vulnerability represents a significant and immediate threat to the organization. We strongly recommend that the immediate remediation action—updating the affected plugin—be treated as the highest priority. Although this CVE is not currently listed on the CISA KEV list, its severity makes it a prime candidate for future inclusion and warrants an emergency patching cycle.
Update The WooCommerce Designer Pro plugin for Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design Services WordPress theme, is vulnerable to arbitrary...
The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design Services WordPress theme, is vulnerable to arbitrary file deletion due to insufficient file path valid...
Executive Summary:
A critical vulnerability has been identified in The WooCommerce Designer Pro plugin for WordPress, which allows a remote attacker to delete arbitrary files on the server. This flaw, resulting from insufficient file path validation, can be exploited to cause a complete denial of service, destroy critical data, and potentially lead to a full system compromise. Due to its high severity, immediate action is required to prevent exploitation.
Vulnerability Details
CVE-ID: CVE-2025-6439
Affected Software: The WooCommerce Designer Pro plugin for Multiple Products (used by the Pricom - Printing Company & Design Services WordPress theme)
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The plugin is vulnerable to arbitrary file deletion. It fails to properly sanitize or validate user-supplied input for file paths used in a deletion function. An unauthenticated remote attacker can exploit this by crafting a request with path traversal sequences (e.g., ../../..) to target and delete any file that the web server's user account has permissions to modify. This could include critical application files like wp-config.php, web server configuration files like .htaccess, or even operating system files, leading to a complete compromise or denial of service.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8. Exploitation could have a devastating impact on the business. The primary risk is a complete denial of service if an attacker deletes essential WordPress core files, configuration files, or database credentials. This would result in website downtime, leading to revenue loss, reputational damage, and loss of customer trust. Furthermore, the deletion of sensitive data or security logs could disrupt business operations, complicate incident response, and create opportunities for further attacks.
Remediation Plan
Immediate Action: Update The WooCommerce Designer Pro plugin for Multiple Products to the latest version. After updating, verify that the patch has been successfully applied and the site is functioning correctly. It is also critical to monitor for exploitation attempts and review access logs for any signs of compromise that may have occurred before patching.
Proactive Monitoring: Implement continuous monitoring of web server access logs and error logs. Specifically, look for suspicious POST or GET requests containing path traversal payloads (e.g., ../, %2e%2e/) in parameters associated with file management or deletion functions. Utilize a File Integrity Monitoring (FIM) solution to alert on unauthorized changes or deletions of critical system and application files.
Compensating Controls: If immediate patching is not feasible, deploy a Web Application Firewall (WAF) with strict rules to block path traversal attacks. Enforce the principle of least privilege by ensuring the web server user has the most restrictive file permissions possible, preventing it from writing to or deleting files outside of its designated directories. Maintain regular, automated, and tested offline backups to ensure rapid recovery in the event of a successful attack.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of Oct 11, 2025, there are no known public proof-of-concept exploits or active exploitation campaigns targeting this vulnerability. However, given the critical severity (CVSS 9.8) and the relative simplicity of exploiting path traversal flaws, it is highly probable that threat actors will develop an exploit by reverse-engineering the patch. Organizations should assume imminent exploitation.
Analyst Recommendation
Given the critical CVSS score of 9.8, this vulnerability represents a significant and immediate threat to the confidentiality, integrity, and availability of the affected web application and underlying server. Although this CVE is not currently listed on the CISA KEV list, its severity warrants immediate attention. We strongly recommend that organizations apply the vendor-supplied security update to all affected instances of The WooCommerce Designer Pro plugin without delay. Prioritize this patch above all other routine maintenance to mitigate the risk of a destructive attack.
Update The WooCommerce Designer Pro plugin for Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Unrestricted Upload of File with Dangerous Type vulnerability in StylemixThemes Motors motors allows Using Malicious Files.This issue affects Motors:...
Unrestricted Upload of File with Dangerous Type vulnerability in StylemixThemes Motors motors allows Using Malicious Files.This issue affects Motors: from n/a through <= 5.6.81.
---METADATA---
VENDOR: StylemixThemes
PRODUCT: Motors
AFFECTED_VERSIONS: n/a through 5.6.81
CONFIDENCE: high
MISSING: patch, exploit_status
---END_METADATA---
Description Summary:
An unrestricted file upload vulnerability in the StylemixThemes Motors plugin allows attackers to upload malicious files to the server.
Executive Summary:
The StylemixThemes Motors plugin is vulnerable to unrestricted file uploads, which could allow a remote attacker to execute arbitrary code on the affected server.
Vulnerability Details
CVE-ID: CVE-2025-64374
Affected Software: StylemixThemes Motors
Affected Versions: n/a through 5.6.81
Vulnerability: This vulnerability is an unrestricted file upload flaw, which enables an attacker to bypass security filters and upload malicious files to the web server. The lack of validation on file types significantly increases the risk of remote code execution.
Business Impact
An attacker successfully exploiting this vulnerability could gain full control over the affected WordPress installation, leading to complete data exfiltration, site defacement, or the distribution of malware. With a CVSS score of 9.9, this represents a critical threat to the availability and security of the hosting environment.
Remediation Plan
Immediate Action: Update the Motors plugin to the latest available version provided by StylemixThemes to resolve the file upload validation flaw.
Proactive Monitoring: Monitor server upload directories for suspicious file types (e.g., .php, .phtml, .exe) and review web server access logs for unusual request patterns.
Compensating Controls: Implement a Web Application Firewall (WAF) rule to block unauthorized file uploads and restrict directory execution permissions for user-writable folders.
Exploitation Status
Public Exploit Available: Unknown
Analyst Notes: As of Dec 18, 2025, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Administrators must prioritize updating the Motors plugin immediately. Failure to remediate this vulnerability leaves the application exposed to trivial remote code execution attacks that can compromise the entire underlying web server.
Update Unrestricted Upload of File with Dangerous Type vulnerability in StylemixThemes Motors motors allows Using Malicious Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler traveler allows Blind SQL In...
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler traveler allows Blind SQL Injection
Apply vendor patches immediately. Review database access controls and enable query logging.
The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection via the ‘oid’ parameter in all ve...
The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection via the ‘oid’ parameter in all versions up to, and including, 4
Executive Summary:
A high-severity SQL Injection vulnerability in the Ads Pro Plugin for WordPress allows an unauthenticated attacker to execute arbitrary SQL commands, potentially leading to sensitive data exfiltration.
Vulnerability Details
CVE-ID: CVE-2025-6437
Affected Software: WordPress Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager
Affected Versions: See vendor advisory for specific affected versions (all versions up to and including 4 are vulnerable).
Vulnerability: The plugin is vulnerable to SQL Injection due to insufficient input sanitization of the ‘oid’ parameter. A remote, unauthenticated attacker can craft a malicious request to this parameter to execute arbitrary SQL queries against the application's database.
Business Impact
A successful exploit could allow an attacker to read, modify, or delete sensitive data from the database, including user information, configuration settings, or other business-critical data. The High severity rating, reflected by the CVSS score of 7.5, underscores the significant risk of data compromise and potential for further system intrusion. This could lead to a data breach, reputational damage, and regulatory penalties.
Remediation Plan
Immediate Action:
Immediately update the Ads Pro Plugin to the latest patched version provided by the vendor. If the plugin is no longer essential, it should be deactivated and removed entirely.
Proactive Monitoring:
Monitor web server and database logs for unusual or malformed SQL queries, paying close attention to requests involving the vulnerable ‘oid’ parameter.
Compensating Controls:
Implement and configure a Web Application Firewall (WAF) with rulesets designed to detect and block SQL injection attack patterns, which can serve as a virtual patch.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of July 6, 2025, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high once details become widely known.
Analyst Recommendation
Given the high risk of data exfiltration and the relative ease of exploitation for this type of flaw, immediate remediation is critical. We strongly advise administrators to prioritize the application of the vendor-supplied update to prevent the potential compromise of the underlying WordPress database and the web application it supports.
Update WordPress plugin/theme to the latest version. Review WordPress security settings and remove if no longer needed.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learnin...
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Blind SQL Injection
Apply vendor patches immediately. Review database access controls and enable query logging.
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Consulting Ele...
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Consulting Elementor Widgets consulting-elementor-widgets allows PHP Local File Inclusion
Executive Summary:
A high-severity vulnerability has been identified in multiple StylemixThemes products, allowing for Local File Inclusion (LFI). An unauthenticated attacker could exploit this flaw to read sensitive files from the web server, such as configuration files containing database credentials, potentially leading to further system compromise or data exposure. Immediate patching is required to mitigate the significant risk to confidentiality and system integrity.
Vulnerability Details
CVE-ID: CVE-2025-64360
Affected Software: StylemixThemes Multiple Products
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability, classified as an Improper Control of Filename for Include/Require Statement, exists within the consulting-elementor-widgets component. An attacker can manipulate an input parameter that is used in a PHP include or require statement. By crafting a malicious request containing directory traversal sequences (e.g., ../../..), an attacker can trick the application into including and rendering arbitrary files from the local server filesystem, granting them unauthorized read access to sensitive data.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 7.5. Successful exploitation could lead to the disclosure of highly sensitive information, including website source code, system user information, and critical configuration files like wp-config.php which contains database credentials. This exposure could facilitate further attacks, leading to a complete system compromise, unauthorized data modification, or significant data breaches. The potential business impact includes reputational damage, loss of customer trust, and non-compliance with data protection regulations.
Remediation Plan
Immediate Action: Apply the security updates provided by StylemixThemes to all affected products immediately. This is the most effective way to eliminate the vulnerability. After patching, review web server and application access logs for any signs of exploitation attempts that may have occurred prior to the update.
Proactive Monitoring: Monitor web server access logs for suspicious requests containing directory traversal patterns (e.g., ../, %2e%2e%2f) in URL parameters. Implement file integrity monitoring on critical system and application files to detect unauthorized changes. Monitor for unusual PHP errors in logs, which could indicate failed LFI attempts.
Compensating Controls: If immediate patching is not feasible, deploy a Web Application Firewall (WAF) with rules specifically designed to detect and block Local File Inclusion and directory traversal attacks. Additionally, ensure PHP configurations are hardened by disabling allow_url_include and restricting file access with open_basedir. Enforce the principle of least privilege for the web server user account to limit the scope of accessible files.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of October 31, 2025, there are no known public proof-of-concept exploits or active exploitation campaigns targeting this vulnerability. However, LFI vulnerabilities are well-understood and relatively easy to exploit, so threat actors may develop exploits quickly. The vulnerability is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.
Analyst Recommendation
Given the high severity (CVSS 7.5) and the critical nature of the data that could be exposed, it is strongly recommended that organizations prioritize the immediate application of the vendor-supplied patches. Although there is no evidence of active exploitation, the risk of data disclosure and further compromise is significant. Organizations should treat this as an urgent priority and implement the recommended monitoring and compensating controls to ensure a robust defense-in-depth security posture.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Consulting con...
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Consulting consulting allows PHP Local File Inclusion
Executive Summary:
A high-severity vulnerability has been discovered in multiple StylemixThemes products, identified as CVE-2025-64359. This flaw allows an unauthenticated attacker to trick the website into revealing sensitive files from the server's local filesystem, potentially exposing confidential data such as configuration details and user credentials, which could lead to a full server compromise. Organizations using the affected software should prioritize applying the vendor-provided security updates to mitigate this significant risk.
Vulnerability Details
CVE-ID: CVE-2025-64359
Affected Software: StylemixThemes Multiple Products
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability is a Local File Inclusion (LFI) flaw resulting from an Improper Control of a Filename for an Include/Require Statement in the PHP code. The application fails to properly sanitize user-supplied input that is used to construct a file path for functions like include() or require(). An unauthenticated remote attacker can exploit this by crafting a malicious request, typically manipulating a URL parameter with directory traversal sequences (e.g., ../../), to force the application to include and display the contents of arbitrary files on the server's filesystem. This could expose sensitive information like wp-config.php, /etc/passwd, or other critical configuration files.
Business Impact
This is a High severity vulnerability with a CVSS score of 7.5. Successful exploitation could have a severe impact on the business by compromising the confidentiality and integrity of the web application and underlying server. An attacker could read sensitive configuration files to obtain database credentials, which could then be used to access, modify, or exfiltrate sensitive company or customer data. This exposure could lead to a significant data breach, reputational damage, regulatory fines, and a loss of customer trust. In scenarios where an attacker can combine this LFI with a file upload capability, it could be escalated to full Remote Code Execution (RCE), allowing for a complete takeover of the server.
Remediation Plan
Immediate Action: The primary remediation is to apply the security patches provided by the vendor, StylemixThemes, to all affected products immediately. Before patching, create a backup of your website and database. After applying the update, verify that the website is functioning correctly.
Proactive Monitoring: Review historical and current web server access logs for patterns indicative of LFI exploitation attempts. Look for suspicious requests containing directory traversal payloads (../, ..%2f, ..%c0%af), file paths to sensitive system files (e.g., /etc/passwd, wp-config.php), or PHP wrappers like php://filter. Implement alerts for such patterns to enable rapid detection of future attempts.
Compensating Controls: If patching cannot be performed immediately, the following compensating controls can help reduce the risk:
allow_url_include and allow_url_fopen are set to Off in the php.ini configuration file to prevent this vulnerability from being escalated to the more critical Remote File Inclusion (RFI).Exploitation Status
Public Exploit Available: false
Analyst Notes: As of October 31, 2025, there are no known public exploits or proof-of-concept code available for this vulnerability. However, LFI vulnerabilities are well-understood, and skilled attackers can often develop private exploits quickly following a public disclosure. The vulnerability is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog, but organizations should monitor for this status to change if widespread exploitation is detected in the wild.
Analyst Recommendation
Due to the High severity (CVSS 7.5) of this vulnerability and its potential to cause a significant data breach, immediate action is required. It is strongly recommended to apply the vendor-supplied security patches to all affected StylemixThemes products as the top priority. If patching is delayed, immediately implement compensating controls, particularly by deploying a Web Application Firewall (WAF) to block exploitation attempts. Proactive monitoring of web server logs should be enhanced to detect any signs of compromise. Although this vulnerability is not currently on the CISA KEV list, its high potential for abuse warrants immediate and decisive remediation.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Deserialization of Untrusted Data vulnerability in Chouby Polylang polylang allows Object Injection
Deserialization of Untrusted Data vulnerability in Chouby Polylang polylang allows Object Injection
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
ELOG allows an authenticated user to modify another user's profile
ELOG allows an authenticated user to modify another user's profile
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
ELOG allows an authenticated user to modify or overwrite the configuration file, resulting in denial of service
ELOG allows an authenticated user to modify or overwrite the configuration file, resulting in denial of service
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Apollo Router Core is a configurable Rust graph router written to run a federated supergraph using Apollo Federation 2
Apollo Router Core is a configurable Rust graph router written to run a federated supergraph using Apollo Federation 2
Executive Summary:
A high-severity vulnerability has been discovered in multiple Apollo products, specifically impacting the Apollo Router Core. This flaw could allow an unauthenticated remote attacker to bypass security controls and access sensitive information, posing a significant risk of a data breach. Organizations are urged to apply the vendor-provided security updates immediately to mitigate this threat.
Vulnerability Details
CVE-ID: CVE-2025-64347
Affected Software: Apollo Multiple Products
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability exists within the query processing logic of the Apollo Router Core. An unauthenticated remote attacker can craft a specialized GraphQL query that, when sent to a vulnerable router, is improperly parsed. This parsing error can cause the router to bypass authorization and validation checks for subgraphs, allowing the attacker to retrieve data from federated backend services that they would not normally have access to, leading to sensitive information disclosure.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 7.5, reflecting the potential for significant damage without requiring special privileges or user interaction. Successful exploitation could lead to a severe data breach, exposing confidential company data, customer information, or other sensitive records managed by the federated services. The consequences include reputational damage, loss of customer trust, financial losses from incident response, and potential regulatory fines for non-compliance with data protection standards like GDPR or CCPA.
Remediation Plan
Immediate Action: The primary remediation is to apply the security updates provided by the vendor across all affected Apollo product instances immediately. Priority should be given to internet-facing systems. After patching, organizations should continue to monitor for any signs of exploitation attempts by reviewing application and access logs for anomalous activity.
Proactive Monitoring: Security teams should monitor logs from the Apollo Router for unusually complex or malformed GraphQL queries. Monitor network traffic for unexpected data egress from backend services originating from the router. An increase in error rates or resource consumption on the router could also indicate attempted exploitation.
Compensating Controls: If immediate patching is not feasible, consider implementing a Web Application Firewall (WAF) with custom rules to inspect and block the specific malicious GraphQL query patterns associated with this vulnerability. Additionally, enhance network segmentation to strictly limit the router's access to only essential backend services, reducing the potential scope of a breach.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of November 8, 2025, there are no known public proof-of-concept exploits or active attacks leveraging this vulnerability in the wild. However, vulnerabilities of this severity are prime targets for reverse engineering and weaponization by threat actors. The situation is expected to evolve, and organizations should prepare for potential exploitation.
Analyst Recommendation
Given the high severity (CVSS 7.5) of this vulnerability and its potential for sensitive data exposure, we strongly recommend that organizations treat this as a critical priority. Although CVE-2025-64347 is not currently listed on the CISA KEV list, the risk of a data breach is substantial. All organizations using the affected Apollo products should begin the patching process immediately, prioritizing production and externally-exposed environments to prevent potential exploitation.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
(conda) Constructor is a tool that enables users to create installers for conda package collections
(conda) Constructor is a tool that enables users to create installers for conda package collections
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Sangoma FreePBX OS Command Injection Vulnerability - Active in CISA KEV catalog.
Sangoma FreePBX OS Command Injection Vulnerability - Active in CISA KEV catalog.
FEDERAL DEADLINE: February 23, 2026 (20 days). Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. FEDERAL DEADLINE: February 23, 2026 (20 days). Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Deadline: February 23, 2026
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Permission control vulnerability in the memory management module. Impact: Successful exploitation of this vulnerability may affect confidentiality.
Permission control vulnerability in the memory management module. Impact: Successful exploitation of this vulnerability may affect confidentiality.
Executive Summary:
A critical vulnerability has been identified in the memory management module affecting multiple products. This flaw allows an attacker to bypass permission controls, potentially leading to the unauthorized disclosure of sensitive information. Due to the high severity score, successful exploitation could result in a significant confidentiality breach.
Vulnerability Details
CVE-ID: CVE-2025-64314
Affected Software: Permission control vulnerability in the memory management Multiple Products
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability is a permission control flaw within the memory management module. An unauthenticated, remote attacker can send a specially crafted request to a vulnerable system. This request exploits improper validation of memory access permissions, allowing the attacker to read from arbitrary memory locations that should be protected. This could expose sensitive data such as credentials, encryption keys, personal information, and other confidential business data stored in the system's memory. The high CVSS score indicates that the exploit requires low complexity and no user interaction.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.3. A successful exploit could lead to a severe data breach, resulting in the theft of intellectual property, customer data, or internal corporate information. The potential consequences include significant financial loss from regulatory fines (e.g., GDPR, CCPA), loss of customer trust, brand damage, and a diminished competitive advantage. The wide range of potentially affected products increases the organization's attack surface and the overall risk.
Remediation Plan
Immediate Action: Update all affected products to the latest patched versions as specified by their respective vendors. Until patching is complete, actively monitor systems for signs of exploitation by reviewing access logs and system event logs for anomalous activity.
Proactive Monitoring: Implement enhanced monitoring on affected systems. Look for unusual memory access patterns, unexpected process behavior, or crashes related to the memory management module. In network traffic, monitor for malformed requests or connections from untrusted IP addresses attempting to interact with services that utilize the vulnerable component.
Compensating Controls: If immediate patching is not feasible, apply the following compensating controls to reduce risk:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of November 28, 2025, there are no known public proof-of-concept exploits or observed instances of active exploitation in the wild. However, given the critical CVSS score and the broad potential impact across multiple products, it is highly likely that threat actors will prioritize developing an exploit for this vulnerability.
Analyst Recommendation
Given the critical severity (CVSS 9.3) of this vulnerability and its direct impact on data confidentiality, immediate action is required. Organizations must prioritize applying the vendor-supplied patches to all affected systems. Although this vulnerability is not yet on the CISA KEV list, its high score makes it a prime candidate for future inclusion and widespread exploitation. If patching cannot be performed immediately, the compensating controls outlined above should be implemented without delay to mitigate the risk of a data breach.
Update Permission control vulnerability in the memory management Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
EPSON WebConfig and Epson Web Control for SEIKO EPSON Projector Products do not restrict excessive authentication attempts. An administrative user's p...
EPSON WebConfig and Epson Web Control for SEIKO EPSON Projector Products do not restrict excessive authentication attempts. An administrative user's password may be identified through a brute force attack.
Executive Summary:
A critical vulnerability exists in the web management interface of multiple EPSON projector products. This flaw allows an attacker to make unlimited password guesses, which could enable them to gain complete administrative control over the affected device by using a brute-force attack to discover the password.
Vulnerability Details
CVE-ID: CVE-2025-64310
Affected Software: EPSON WebConfig and Epson Web Control for SEIKO EPSON Projector Products
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The affected software lacks a mechanism to limit or block repeated login attempts on its web-based management interfaces (EPSON WebConfig and Epson Web Control). An unauthenticated attacker with network access to the projector can leverage automated tools to perform a brute-force attack, systematically trying thousands or millions of passwords against the administrative account. Without rate-limiting, account lockout, or CAPTCHA-like protections, the attacker can continue these attempts until the correct password is identified, leading to a full compromise of the device's administrative functions.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation would grant an attacker full administrative control over the projector. This could lead to significant operational disruptions, such as interrupting presentations, displaying unauthorized or malicious content, or rendering the device inoperable. An attacker could also alter network configurations, potentially using the compromised projector as a pivot point to launch further attacks against the internal network. The business risks include reputational damage, disruption of business operations, and potential exposure of sensitive information if the projector is used in confidential settings.
Remediation Plan
Immediate Action: The primary remediation is to apply the security updates provided by the vendor. Administrators should update the firmware or software for all affected EPSON WebConfig and Epson Web Control for SEIKO EPSON Projector Products to the latest version, which addresses the lack of authentication controls.
Proactive Monitoring: Security teams should monitor device and web server access logs for an unusually high volume of failed authentication attempts, particularly from a single source IP address. Network monitoring should be configured to detect and alert on brute-force patterns, such as a large number of connection attempts to the projector's web interface (typically on TCP ports 80 or 443) over a short period.
Compensating Controls: If immediate patching is not feasible, implement the following controls to mitigate risk:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of November 21, 2025, there are no known public exploits or active exploitation campaigns targeting this vulnerability. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog. However, the simplicity of the attack vector (brute-force) means that proof-of-concept exploits could be developed easily by threat actors.
Analyst Recommendation
Given the critical CVSS score of 9.8 and the potential for complete device compromise, it is strongly recommended that organizations prioritize the immediate patching of all affected EPSON projector products. While there is no current evidence of active exploitation, the low complexity of the attack makes these devices attractive targets. If patching cannot be performed immediately, the compensating controls listed above, particularly network segmentation and access restriction, must be implemented as a matter of urgency to reduce the attack surface.
Update EPSON WebConfig and Epson Web Control for SEIKO EPSON Projector Products do not restrict excessive authentication Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Brightpick Mission Control discloses device telemetry, configuration, and credential information via WebSocket traffic to unauthenticated users when...
Brightpick Mission Control discloses device telemetry, configuration, and credential information via WebSocket traffic to unauthenticated users when they connect to a specific URL
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle
The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle
Executive Summary:
A high-severity vulnerability has been identified in the Brightpick Mission Control web application, where hardcoded credentials are exposed within its client-side code. This allows any user with access to the application to easily retrieve these credentials, potentially leading to unauthorized access, data compromise, and disruption of controlled systems. Immediate patching is required to mitigate the risk of exploitation.
Vulnerability Details
CVE-ID: CVE-2025-64308
Affected Software: its Multiple Products
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The Brightpick Mission Control web application includes hardcoded credentials (e.g., username and password) directly within its client-side JavaScript files. An attacker can exploit this vulnerability by simply using a web browser's developer tools to inspect the application's source code. By searching through the JavaScript bundle, the attacker can locate and extract the credentials, which can then be used to gain unauthorized access to the application or connected backend services.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 7.5. Successful exploitation could grant an attacker unauthorized access to the Mission Control system, which may control critical operational technology or warehouse logistics. Potential consequences include theft of sensitive operational data, manipulation of system configurations, disruption of business operations, and reputational damage. The exposed credentials could provide privileged access, escalating the potential for significant financial and operational impact.
Remediation Plan
Immediate Action: Apply the security updates provided by the vendor immediately to remove the hardcoded credentials from the application code. Before or immediately after patching, change the password for the compromised account to invalidate the exposed credentials. Review all access logs for any login activity using the hardcoded credentials, especially from unrecognized IP addresses or at unusual times.
Proactive Monitoring: Implement enhanced monitoring on the Brightpick Mission Control application. Specifically, look for multiple login attempts from a single IP address, successful logins from unusual geographic locations, and any anomalous behavior or configuration changes made by the account associated with the exposed credentials. Monitor web server logs for an unusual number of requests to the specific JavaScript files containing the credentials.
Compensating Controls: If patching is not immediately possible, restrict network access to the web application to only trusted IP ranges. Implement a Web Application Firewall (WAF) to potentially limit access from untrusted sources. If the application supports it, enforce multi-factor authentication (MFA) on the affected account to prevent its use with only the compromised password.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of November 14, 2025, there are no known public exploit scripts circulating. However, the nature of this vulnerability is such that it is trivial to exploit manually by anyone with basic web development knowledge. The vulnerability is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.
Analyst Recommendation
Given the high severity (CVSS 7.5) and the trivial nature of exploitation, it is strongly recommended that organizations apply the vendor-supplied patches immediately. The risk of unauthorized access to critical operational systems is significant. In addition to patching, organizations should conduct a thorough review of access logs to identify any potential compromise that may have already occurred and perform a code review of other internal applications to ensure similar insecure practices are not present.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
An out‑of‑bounds write vulnerability exists in the EMF functionality of Canva Affinity
An out‑of‑bounds write vulnerability exists in the EMF functionality of Canva Affinity
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
NMIS/BioDose V22
NMIS/BioDose V22
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Golemiq 0 Day Analytics allows SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Golemiq 0 Day Analytics allows SQL Injection
Apply vendor patches immediately. Review database access controls and enable query logging.
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge-Themes Alloggio - Hotel...
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge-Themes Alloggio - Hotel Booking alloggio allows PHP Local File Inclusion
Executive Summary:
A high-severity vulnerability has been identified in the Edge-Themes Alloggio - Hotel Booking software. This flaw, known as a Local File Inclusion, could allow an unauthenticated attacker to read sensitive files on the server, potentially leading to the exposure of confidential data, system credentials, and ultimately, full server compromise.
Vulnerability Details
CVE-ID: CVE-2025-64287
Affected Software: Edge-Themes Alloggio - Hotel Booking
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability exists due to an improper control of filenames used in PHP's include or require statements. An attacker can exploit this by manipulating an input parameter to include arbitrary files from the local server's filesystem. This could allow the attacker to read sensitive files such as configuration files containing database credentials (wp-config.php), system user files (/etc/passwd), or application source code. In certain scenarios, if the attacker can control the content of a file on the server (e.g., through log poisoning or a separate file upload vulnerability), this flaw could be escalated to achieve Remote Code Execution (RCE).
Business Impact
This vulnerability is rated as high severity with a CVSS score of 8.1. Successful exploitation could have a significant negative impact on the business. An attacker could gain unauthorized access to sensitive company and customer data, leading to a data breach. The disclosure of system credentials or source code could facilitate further attacks on the organization's infrastructure. The potential for full server compromise would grant an attacker complete control, enabling them to disrupt services, install malware, or use the server for malicious activities, resulting in reputational damage, regulatory fines, and financial loss.
Remediation Plan
Immediate Action: Apply the security updates provided by the vendor across all affected systems immediately. Before deployment, test the patches in a non-production environment to ensure stability. Concurrently, begin reviewing web server access logs for any signs of exploitation attempts that may have occurred prior to patching.
Proactive Monitoring: Configure security monitoring tools to search for indicators of compromise related to this vulnerability. In web server logs, look for suspicious requests containing directory traversal sequences (e.g., ../, %2e%2e/) or attempts to access common sensitive files (e.g., /etc/passwd, wp-config.php, .env) in request parameters. Monitor for any unusual file read operations by the web server process.
Compensating Controls: If immediate patching is not feasible, implement a Web Application Firewall (WAF) with rules designed to detect and block Local File Inclusion and directory traversal attack patterns. Additionally, enforce strict file system permissions to limit the web server process's access to only necessary files and directories, reducing the impact of a potential breach.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of November 6, 2025, there are no known public proof-of-concept exploits or active exploitation campaigns targeting this vulnerability. However, Local File Inclusion vulnerabilities are well-understood, and security researchers or malicious actors could develop exploit code relatively quickly.
Analyst Recommendation
Given the high severity (CVSS 8.1) of this vulnerability and its potential to cause a full server compromise, we strongly recommend that organizations prioritize the immediate application of the vendor-supplied security patches. Although this vulnerability is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog, its critical nature warrants urgent attention. All internet-facing instances of the affected software should be considered at high risk and must be patched or protected with compensating controls without delay.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Majestic Support Majestic Sup...
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Majestic Support Majestic Support majestic-support allows PHP Local File Inclusion
Executive Summary:
A high-severity vulnerability has been discovered in multiple Majestic Support products, allowing for Local File Inclusion. An unauthenticated attacker could exploit this flaw to read sensitive files on the server, potentially exposing confidential data, system credentials, and application source code. This could lead to further system compromise, data breaches, and service disruption.
Vulnerability Details
CVE-ID: CVE-2025-64284
Affected Software: Majestic Support Multiple Products
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability is an Improper Control of a Filename for an Include/Require Statement in a PHP Program, which allows for Local File Inclusion (LFI). An attacker can manipulate an input parameter, likely in a URL, to trick the application into including and processing a file from an arbitrary location on the server's local file system. For example, an attacker could craft a request to read sensitive files such as /etc/passwd, application configuration files containing database credentials, or private keys. In some scenarios, this LFI vulnerability could be escalated to achieve remote code execution (RCE) if the attacker can write to a file on the server (e.g., a log file) and then trick the application into including and executing it as PHP code.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 7.5. Successful exploitation could have a significant negative impact on the business. The primary risks include the breach of confidential data (customer information, intellectual property, credentials), which can lead to regulatory fines, reputational damage, and loss of customer trust. If an attacker escalates the vulnerability to achieve remote code execution, they could gain full control of the affected server, leading to complete system compromise, installation of ransomware or other malware, and prolonged operational downtime.
Remediation Plan
Immediate Action: Apply vendor-supplied security updates immediately to patch the vulnerability. Concurrently, initiate monitoring for any signs of exploitation and conduct a thorough review of web server and application access logs for suspicious activity patterns indicative of LFI attacks.
Proactive Monitoring:
../, ..\/) or absolute file paths (/etc/passwd) in URL parameters. Look for requests using PHP wrappers like php://filter/convert.base64-encode/resource=.Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce risk:
php.ini configuration, disable allow_url_fopen and allow_url_include to prevent the vulnerability from being escalated to Remote File Inclusion (RFI).Exploitation Status
Public Exploit Available: false
Analyst Notes: As of October 29, 2025, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, file inclusion vulnerabilities are well understood and easy to exploit. It is highly probable that proof-of-concept (PoC) code will be developed and released by security researchers or threat actors in the near future.
Analyst Recommendation
This vulnerability presents a high risk to the organization due to the potential for sensitive data exposure and full system compromise. Although this CVE is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog, its high CVSS score and the trivial nature of exploitation warrant immediate action. We strongly recommend that system administrators prioritize identifying all vulnerable Majestic Support products within the environment and applying the vendor-provided security patches without delay. If patching cannot be performed immediately, the compensating controls outlined above must be implemented as a temporary mitigation while a permanent patching plan is executed.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Deserialization of Untrusted Data vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Object...
Deserialization of Untrusted Data vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Object Injection
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Authentication Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Tuturn allows Authentication Abuse.This issue affects Tuturn: fro...
Authentication Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Tuturn allows Authentication Abuse.This issue affects Tuturn: from n/a before 3.6.
---METADATA---
VENDOR: AmentoTech
PRODUCT: Tuturn
AFFECTED_VERSIONS: before 3.6
CONFIDENCE: high
MISSING: patch, exploit_status
---END_METADATA---
Description Summary:
An authentication bypass vulnerability in the AmentoTech Tuturn plugin allows unauthorized actors to circumvent security controls.
Executive Summary:
An authentication bypass flaw in the AmentoTech Tuturn plugin could allow an unauthenticated attacker to gain unauthorized access to the application.
Vulnerability Details
CVE-ID: CVE-2025-64236
Affected Software: AmentoTech Tuturn
Affected Versions: Before 3.6
Vulnerability: The vulnerability is an authentication bypass using an alternate path or channel, which allows an attacker to gain access without proper credentials. This flaw indicates a failure in the plugin's security logic to verify user authorization.
Business Impact
Successful exploitation grants unauthorized access to the application, potentially exposing sensitive user data, intellectual property, or administrative interfaces. Given the CVSS score of 9.8, this vulnerability poses a severe risk of data breach and unauthorized system manipulation.
Remediation Plan
Immediate Action: Update the Tuturn plugin to version 3.6 or higher immediately to close the authentication bypass vector.
Proactive Monitoring: Review application logs for unauthorized authentication attempts or access to administrative dashboards from non-standard IP addresses.
Compensating Controls: Utilize a Web Application Firewall (WAF) to detect and block abnormal traffic patterns associated with authentication bypass attempts.
Exploitation Status
Public Exploit Available: Unknown
Analyst Notes: As of Dec 18, 2025, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
This vulnerability is critical as it fundamentally breaks the application's access control mechanisms. It is imperative that administrators apply the update to version 3.6 immediately to ensure the security and privacy of the platform.
Update Authentication Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Tuturn allows Authentication Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Deserialization of Untrusted Data vulnerability in BoldThemes Codiqa codiqa allows Object Injection.This issue affects Codiqa: from n/a through < 1.2....
Deserialization of Untrusted Data vulnerability in BoldThemes Codiqa codiqa allows Object Injection.This issue affects Codiqa: from n/a through < 1.2.8.
---METADATA---
VENDOR: BoldThemes
PRODUCT: Codiqa
AFFECTED_VERSIONS: n/a through < 1.2.8
CONFIDENCE: high
MISSING: exploit_status, technical_details
---END_METADATA---
Description Summary:
A Deserialization of Untrusted Data vulnerability in the BoldThemes Codiqa plugin allows for Object Injection attacks.
Executive Summary:
A critical deserialization vulnerability in the BoldThemes Codiqa plugin allows unauthenticated attackers to perform object injection, potentially leading to remote code execution.
Vulnerability Details
CVE-ID: CVE-2025-64233
Affected Software: BoldThemes Codiqa
Affected Versions: n/a through < 1.2.8
Vulnerability: This is a Deserialization of Untrusted Data vulnerability, which allows an unauthenticated attacker to inject malicious objects into the application. If successfully exploited, this can lead to arbitrary code execution within the context of the web server.
Business Impact
The CVSS score of 9.8 reflects the high probability of full system compromise. Successful exploitation grants an attacker the ability to execute arbitrary code, which could result in complete data exfiltration, unauthorized access to sensitive backend systems, and significant operational downtime.
Remediation Plan
Immediate Action: Update the BoldThemes Codiqa plugin to version 1.2.8 or later immediately to patch the deserialization flaw.
Proactive Monitoring: Review web server access logs for anomalous traffic patterns or serialized data strings in unexpected request parameters.
Compensating Controls: Deploy a Web Application Firewall (WAF) with rules configured to detect and block malicious serialized PHP objects.
Exploitation Status
Public Exploit Available: Unknown
Analyst Notes: As of Dec 18, 2025, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
This vulnerability presents a critical risk to the integrity and confidentiality of the host environment. Administrators must prioritize updating the plugin to the latest version immediately to eliminate the underlying deserialization flaw and prevent potential unauthorized remote code execution.
Update Deserialization of Untrusted Data vulnerability in BoldThemes Codiqa codiqa allows Object Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in icopydoc Import from YML import-from-yml allows...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in icopydoc Import from YML import-from-yml allows Reflected XSS
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Unrestricted Upload of File with Dangerous Type vulnerability in RedefiningTheWeb WordPress Contact Form 7 PDF, Google Sheet & Database rtwwcfp-wordpr...
Unrestricted Upload of File with Dangerous Type vulnerability in RedefiningTheWeb WordPress Contact Form 7 PDF, Google Sheet & Database rtwwcfp-wordpress-contact-form-7-pdf allows Using Malicious Files.This issue affects WordPress Contact Form 7 PDF, Google Sheet & Database: from n/a through <= 3.0.0.
Executive Summary:
A critical vulnerability has been identified in the "WordPress Contact Form 7 PDF, Google Sheet & Database" plugin, which allows unauthenticated attackers to upload malicious files to a website's server. Successful exploitation could lead to a complete compromise of the affected website, enabling attackers to steal data, deface the site, or use the server for further malicious activities. Due to the high severity (CVSS 9.8), immediate remediation is strongly recommended to prevent a potential breach.
Vulnerability Details
CVE-ID: CVE-2025-64231
Affected Software: RedefiningTheWeb WordPress Contact Form 7 PDF, Google Sheet & Database
Affected Versions: All versions up to and including 3.0.0
Vulnerability: The vulnerability is an "Unrestricted Upload of File with Dangerous Type." The plugin fails to properly validate the types of files being uploaded through the contact form functionality. An unauthenticated attacker can craft a malicious file, such as a PHP web shell, and upload it disguised as a legitimate file type. Once the file is on the server, the attacker can navigate to its location via a URL to execute the embedded code, granting them remote code execution capabilities within the security context of the web server.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8. A successful exploit would result in a complete compromise of the web server hosting the WordPress site. The potential business impact includes, but is not limited to, theft of sensitive data (customer information, PII, payment details), significant reputational damage from website defacement, loss of customer trust, and the potential for the compromised server to be used as a pivot point for further attacks against the internal network or to host malware for distribution. Financial costs associated with incident response, cleanup, and potential regulatory fines can be substantial.
Remediation Plan
Immediate Action: Immediately update the "WordPress Contact Form 7 PDF, Google Sheet & Database" plugin to the latest version available from the vendor, which should be a version greater than 3.0.0. After patching, review web server access logs and the file system for any indicators of compromise, such as suspicious file uploads or unusual web requests, that may have occurred prior to the update.
Proactive Monitoring: Monitor web server logs for POST requests to form submission endpoints followed by GET requests to files in the WordPress uploads directory, particularly for files with executable extensions (e.g., .php, .phtml, .php5). Implement file integrity monitoring (FIM) on the web server to generate alerts for any new or modified files in web-accessible directories. Monitor for unusual outbound network traffic originating from the web server, which could indicate a web shell communicating with a command-and-control server.
Compensating Controls: If immediate patching is not feasible, consider the following mitigating actions:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of the publication date of December 18, 2025, there are no known public proof-of-concept exploits for this vulnerability. However, unrestricted file upload vulnerabilities are trivial to exploit, and it is highly likely that threat actors will develop exploits rapidly. The vulnerability is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.
Analyst Recommendation
Given the critical CVSS score of 9.8 and the low complexity of exploitation, we strongly recommend that organizations treat this vulnerability with the highest priority. All instances of the affected plugin must be updated to a patched version immediately. Due to the risk of pre-patch compromise, security teams should proactively hunt for indicators of compromise on all servers running this plugin. Do not wait for public exploit code to become available or for this CVE to be added to the CISA KEV catalog before taking action, as exploitation is likely to precede widespread public disclosure.
Update Unrestricted Upload of File with Dangerous Type vulnerability in RedefiningTheWeb WordPress Contact Form Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Executive Summary:
A critical vulnerability has been identified in the Coolify server management tool, allowing low-privileged users to gain complete administrative control. An authenticated attacker with minimal access can view the root user's private SSH key, enabling them to log into the underlying server as the root user and execute arbitrary commands. This represents a total compromise of the server's confidentiality, integrity, and availability.
Vulnerability Details
CVE-ID: CVE-2025-64420
Affected Software: Coolify is an Multiple Products
Affected Versions: Versions prior to and including v4.0.0-beta.434
Vulnerability: The vulnerability is an improper access control and information disclosure flaw within the Coolify platform. Authenticated users with low-level privileges are able to access and view the private SSH key belonging to the root user of the host server. An attacker can exploit this by logging into the Coolify web interface with a low-privileged account, retrieving the exposed private key, and then using a standard SSH client to establish a remote session on the server as the root user, thereby bypassing all intended security mechanisms.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.9, posing a severe and immediate risk to the organization. Successful exploitation results in a complete system compromise, granting the attacker full administrative control over the server managed by Coolify. This could lead to catastrophic consequences, including theft or destruction of sensitive data, deployment of ransomware, disruption of critical business services, and the use of the compromised server as a pivot point to attack other internal network resources.
Remediation Plan
Immediate Action: Organizations must immediately investigate their Coolify instances to identify the running version. If a version later than v4.0.0-beta.434 is available, update immediately. If a patch is not yet available, treat this as a zero-day vulnerability and proceed with compensating controls while actively monitoring vendor announcements for a security patch.
Proactive Monitoring: System administrators should immediately begin monitoring for signs of compromise. This includes reviewing SSH authentication logs (
/var/log/auth.logor equivalent) for any unusual or successful root logins, particularly from unexpected source IP addresses. Scrutinize Coolify application logs for any unauthorized user activity or access to system configuration sections. Monitor the server for unexpected running processes, new user accounts, or outbound network connections.Compensating Controls: If immediate patching is not feasible, implement the following controls to mitigate risk:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of January 5, 2026, there are no known public proof-of-concept exploits or active exploitation campaigns targeting this vulnerability. However, given the simplicity of exploitation, it is highly likely that threat actors will develop exploits and begin scanning for vulnerable instances.
Analyst Recommendation
This vulnerability represents a critical and direct path to full system compromise and must be addressed with the highest priority. Due to the CVSS score of 9.9, we recommend immediate action. Organizations must prioritize applying the vendor-supplied patch as soon as it becomes available. In the absence of a patch, the compensating controls listed above, particularly the restriction of low-privileged user access and SSH firewall rules, should be implemented without delay to reduce the attack surface. Although this CVE is not currently on the CISA KEV list, the severity warrants treating it as if it were.