MDaemon Mail Server 23
Description
MDaemon Mail Server 23
Remediation
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Search and filter 17282 vulnerabilities with AI analyst insights
MDaemon Mail Server 23
MDaemon Mail Server 23
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In BYD Atto3, an attacker can obtain an authentication key through Brute Force attack, which is permanently available
In BYD Atto3, an attacker can obtain an authentication key through Brute Force attack, which is permanently available
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
An out-of-bounds read vulnerability has been discovered in Monkey's Audio 11.31, specifically in the CAPECharacterHelper::GetUTF16FromUTF8 function. T...
An out-of-bounds read vulnerability has been discovered in Monkey's Audio 11.31, specifically in the CAPECharacterHelper::GetUTF16FromUTF8 function. The issue arises from improper handling of the leng...
Executive Summary:
A critical vulnerability has been identified in multiple products from the vendor "An," stemming from a flaw in the Monkey's Audio library. This out-of-bounds read vulnerability can be triggered by processing a specially crafted audio file, potentially allowing an attacker to crash the application or read sensitive information from the system's memory.
Vulnerability Details
CVE-ID: CVE-2025-61043
Affected Software: An Multiple Products
Affected Versions: Monkey's Audio version 11.31 is confirmed to be vulnerable. See vendor advisory for a complete list of specific affected products and versions.
Vulnerability: A critical out-of-bounds read vulnerability exists in the CAPECharacterHelper::GetUTF16FromUTF8 function within the Monkey's Audio library. The flaw is due to improper validation of the length parameter during the conversion of UTF-8 character strings to UTF-16. An attacker can exploit this by crafting a malicious audio file with specific metadata that, when processed by the vulnerable function, causes the application to read data from memory locations outside of the intended buffer. This can lead to a denial-of-service (DoS) through an application crash or, more severely, the disclosure of sensitive information residing in the application's memory.
Business Impact
This vulnerability is rated as critical with a CVSS score of 9.1, posing a significant risk to the organization. Successful exploitation could lead to severe consequences, including application or system-wide denial-of-service, which disrupts business operations. Furthermore, the potential for information disclosure could result in a data breach, exposing confidential business data, user credentials, or other sensitive information stored in memory. Such an incident could lead to significant financial loss, reputational damage, and regulatory penalties.
Remediation Plan
Immediate Action:
Proactive Monitoring:
Compensating Controls:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of Oct 28, 2025, there are no known public proof-of-concept exploits or reports of active exploitation in the wild. This vulnerability is not currently listed on CISA's Known Exploited Vulnerabilities (KEV) catalog. However, due to the high severity score, the likelihood of an exploit being developed is high.
Analyst Recommendation
Given the critical severity (CVSS 9.1) of this vulnerability, immediate action is required. We strongly recommend that all affected "An Multiple Products" are patched on a priority basis. Although there is no current evidence of active exploitation or inclusion in the CISA KEV catalog, the high potential for information disclosure and denial-of-service makes this an attractive target for threat actors. If patching cannot be immediately deployed, the compensating controls listed above should be implemented without delay to mitigate risk.
Update An Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
A vulnerability, which was classified as critical, was found in Wifi-soft UniBox Controller up to 20250506
A vulnerability, which was classified as critical, was found in Wifi-soft UniBox Controller up to 20250506
---METADATA---
VENDOR: Wifi-soft
PRODUCT: UniBox Controller
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A critical security vulnerability has been identified in the Wifi-soft UniBox Controller that requires immediate administrative attention to mitigate potential unauthorized access.
Executive Summary:
A critical security flaw within the Wifi-soft UniBox Controller presents a high risk of unauthorized system manipulation and potential service disruption.
Vulnerability Details
CVE-ID: CVE-2025-6104
Affected Software: Wifi-soft UniBox Controller
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability is classified as critical and impacts the core functionality of the UniBox Controller. The flaw likely allows an attacker to bypass security controls, necessitating prompt remediation to prevent exploitation.
Business Impact
With a CVSS score of 8.8, this vulnerability carries significant risk to organizational infrastructure. Exploitation could allow attackers to gain persistent access to the network controller, potentially leading to unauthorized monitoring of network traffic or complete administrative takeover.
Remediation Plan
Immediate Action: Check the vendor support site for the latest security patches and apply them to all affected UniBox units immediately.
Proactive Monitoring: Increase logging verbosity on the controller to capture and analyze suspicious authentication attempts or unexpected API calls.
Compensating Controls: Implement strict network segmentation to isolate the UniBox management interface from untrusted network segments.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 19, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw and the high CVSS score, the potential for exploitation is high.
Analyst Recommendation
Security teams must treat this high-severity vulnerability with urgency. Ensure all affected systems are tracked and patched according to the vendor's guidance to maintain the integrity and security of the network management environment.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability, which was classified as critical, has been found in Wifi-soft UniBox Controller up to 20250506
A vulnerability, which was classified as critical, has been found in Wifi-soft UniBox Controller up to 20250506
---METADATA---
VENDOR: Wifi-soft
PRODUCT: UniBox Controller
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A critical security vulnerability has been identified in the Wifi-soft UniBox Controller that may allow for unauthorized system compromise.
Executive Summary:
A critical vulnerability in the Wifi-soft UniBox Controller poses a significant risk of unauthorized access and potential system compromise.
Vulnerability Details
CVE-ID: CVE-2025-6103
Affected Software: Wifi-soft UniBox Controller
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This is a critical-severity vulnerability residing within the UniBox Controller software. While specific technical triggers are pending further disclosure, such flaws often involve improper input validation or authentication bypass mechanisms that could allow an attacker to gain elevated control.
Business Impact
The CVSS score of 8.8 indicates a high-severity risk that could lead to full system compromise, data exfiltration, or complete loss of service availability. Successful exploitation would disrupt operational continuity and potentially expose sensitive network management data to unauthorized actors.
Remediation Plan
Immediate Action: Review the official Wifi-soft security portal to identify and apply the latest firmware or software patches.
Proactive Monitoring: Audit device access logs for unusual administrative login patterns or unauthorized configuration change attempts.
Compensating Controls: Restrict management interface access to trusted internal IP ranges via firewall rules to minimize exposure.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 19, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw and the high CVSS score, the potential for exploitation is high.
Analyst Recommendation
Given the critical nature of this vulnerability, immediate attention is required. Administrators should prioritize identifying vulnerable UniBox controllers and applying available vendor updates as soon as they are released to prevent potential exploitation.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability classified as critical was found in Wifi-soft UniBox Controller up to 20250506
A vulnerability classified as critical was found in Wifi-soft UniBox Controller up to 20250506
---METADATA---
VENDOR: Wifi-soft
PRODUCT: UniBox Controller
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A critical vulnerability has been found in the Wifi-soft UniBox Controller, which could lead to unauthorized system access.
Executive Summary:
A critical vulnerability in the Wifi-soft UniBox Controller could allow an unauthenticated attacker to gain control of the network management system.
Vulnerability Details
CVE-ID: CVE-2025-6102
Affected Software: Wifi-soft UniBox Controller
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This is a critical vulnerability found in the UniBox Controller software. The nature of the flaw suggests potential for unauthenticated access to the management console, which could lead to complete administrative takeover of the system.
Business Impact
The CVSS score of 8.8 highlights the high risk associated with this controller. Since the UniBox is a central management point, a compromise could result in the loss of control over connected network segments, widespread data exposure, and significant service outages for the organization.
Remediation Plan
Immediate Action: Apply the latest security patches provided by Wifi-soft for the UniBox Controller immediately.
Proactive Monitoring: Review administrative audit logs for any unauthorized access or configuration changes that occurred recently.
Compensating Controls: Restrict access to the UniBox management interface to a dedicated, secure management VLAN and implement strict firewall rules.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 19, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
The UniBox Controller is a sensitive piece of infrastructure. Administrators must prioritize applying the relevant vendor patch to prevent unauthorized access and maintain the integrity of their network management environment.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A reflected cross-site scripted (XSS) vulnerability in Codazon Magento Themes v1
A reflected cross-site scripted (XSS) vulnerability in Codazon Magento Themes v1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Cross Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0076-000 Ver 4
Cross Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0076-000 Ver 4
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute...
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain es...
Executive Summary:
A critical OS command injection vulnerability, identified as CVE-2025-60965, has been discovered in multiple EndRun Technologies Sonoma products. This flaw allows a remote attacker to execute arbitrary commands on the affected system, potentially leading to a full system compromise, denial of service, and unauthorized access to the network infrastructure.
Vulnerability Details
CVE-ID: CVE-2025-60965
Affected Software: EndRun Technologies Sonoma Multiple Products
Affected Versions: Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00. See vendor advisory for a complete list of affected products and versions.
Vulnerability: The vulnerability is an OS Command Injection flaw. It exists because the application fails to properly sanitize user-supplied input before passing it to the operating system for execution. An unauthenticated remote attacker can craft a malicious request containing shell metacharacters (e.g., ;, |, &&) which are then executed by the underlying OS with the privileges of the application, leading to arbitrary code execution.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.1. Successful exploitation could have a severe impact on business operations. An attacker could take complete control of the Network Time Server, which is a critical infrastructure component. Potential consequences include disrupting time synchronization across the network (affecting authentication, logging, and financial transactions), installing malware, exfiltrating sensitive data, or using the compromised device as a pivot point to attack other internal systems.
Remediation Plan
Immediate Action: Apply the security update provided by EndRun Technologies to all affected Sonoma products immediately. After patching, monitor system logs and network traffic for any signs of compromise or further exploitation attempts.
Proactive Monitoring: Implement enhanced monitoring on affected devices. Security teams should look for unusual child processes spawned by the Sonoma application, unexpected outbound network connections from the time server, and review web access logs for requests containing shell command syntax and metacharacters.
Compensating Controls: If immediate patching is not feasible, restrict network access to the device's management interface to a limited set of trusted IP addresses. Additionally, deploy a Web Application Firewall (WAF) or Intrusion Prevention System (IPS) with rulesets designed to detect and block OS command injection attack patterns.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of the publication date, Oct 6, 2025, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, due to the high CVSS score and the simplicity of exploiting command injection flaws, it is highly probable that proof-of-concept exploits will be developed and used by threat actors in the near future.
Analyst Recommendation
Given the critical severity (CVSS 9.1) of this vulnerability, which allows for complete system compromise, immediate action is required. Organizations must prioritize applying the vendor-supplied updates to all affected EndRun Technologies Sonoma devices. Although this vulnerability is not currently listed on the CISA KEV catalog, its high impact and the potential for remote code execution make it an attractive target for threat actors, and prompt remediation is essential to prevent potential exploitation.
Update OS Command Injection vulnerability in EndRun Technologies Sonoma Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute...
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain es...
Executive Summary:
A critical OS Command Injection vulnerability, identified as CVE-2025-60964, has been discovered in multiple EndRun Technologies Sonoma products, including the D12 Network Time Server. This flaw allows an unauthenticated attacker to execute arbitrary commands on the affected device, potentially leading to a full system compromise, denial of critical time services, and unauthorized access to the network. Due to its high severity and the critical role of these devices in network infrastructure, immediate remediation is strongly advised.
Vulnerability Details
CVE-ID: CVE-2025-60964
Affected Software: EndRun Technologies Sonoma Multiple Products
Affected Versions: See vendor advisory for specific affected versions, including Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00.
Vulnerability: This vulnerability is an OS Command Injection flaw that stems from insufficient input validation in the device's software. An attacker can send a specially crafted network request containing malicious shell commands to a vulnerable component of the device's management interface. Because the input is not properly sanitized, the application passes these commands directly to the underlying operating system for execution, granting the attacker the ability to run arbitrary code with the privileges of the application process, which may lead to full system control.
Business Impact
With a CVSS score of 9.1, this vulnerability is rated as critical. Exploitation could have a severe business impact, as network time servers are fundamental to network operations. Successful exploitation allows an attacker to take complete control of the time server, leading to consequences such as: disruption of time synchronization services (Denial of Service), which can impact authentication protocols like Kerberos, transaction logging, and overall network stability; unauthorized access to sensitive configuration data; and using the compromised device as a pivot point to launch further attacks against the internal network.
Remediation Plan
Immediate Action: Apply the latest firmware updates provided by EndRun Technologies to all affected Sonoma devices to patch the vulnerability. Following the update, actively monitor for any signs of exploitation attempts by reviewing system and access logs for anomalous activity.
Proactive Monitoring:
;, |, &&, $(...)).Compensating Controls:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of October 6, 2025, there are no known public proof-of-concept exploits or observed instances of this vulnerability being actively exploited in the wild. However, given the critical severity (CVSS 9.1) and the straightforward nature of OS command injection vulnerabilities, it is highly probable that threat actors will develop exploits in the near future.
Analyst Recommendation
Given the critical severity of this vulnerability and the essential function of network time servers, organizations are urged to treat this as a high-priority threat. The potential for complete system compromise and disruption to core network services presents a significant risk. Although CVE-2025-60964 is not currently on the CISA KEV list, its high impact makes it a likely candidate for future inclusion. We strongly recommend that all affected EndRun Technologies Sonoma devices are patched immediately. If patching is delayed, the compensating controls listed above should be implemented without delay to reduce the attack surface.
Update OS Command Injection vulnerability in EndRun Technologies Sonoma Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Cross Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4
Cross Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute...
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain es...
Executive Summary:
A critical OS command injection vulnerability has been identified in multiple EndRun Technologies Sonoma products, including the Sonoma D12 Network Time Server. This flaw allows an unauthenticated remote attacker to execute arbitrary commands on the affected device, potentially leading to a complete system compromise, denial of service, and unauthorized access to the network. Due to the critical nature and high severity score, immediate remediation is required to prevent exploitation.
Vulnerability Details
CVE-ID: CVE-2025-60957
Affected Software: OS Command Injection vulnerability in EndRun Technologies Sonoma Multiple Products
Affected Versions: Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00. See vendor advisory for a complete list of other affected products and versions.
Vulnerability: This is an OS Command Injection vulnerability. The flaw exists because the device's software does not properly sanitize user-supplied input before passing it to a system shell command. An attacker can exploit this by crafting a malicious request, likely through the web management interface or an API endpoint, that includes operating system commands. These commands are then executed on the device with the privileges of the running service, leading to arbitrary code execution.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.9, indicating a high likelihood of exploitation with severe consequences. Successful exploitation could lead to a complete compromise of the network time server, which is a critical infrastructure component. An attacker could disrupt time synchronization across the entire network, causing failures in logging, authentication systems (like Kerberos), and financial transaction processing. Furthermore, an attacker could install persistent malware, exfiltrate sensitive network data, or use the compromised device as a pivot point to launch further attacks against the internal network, resulting in significant operational downtime, data breaches, and loss of system integrity.
Remediation Plan
Immediate Action: Immediately update the firmware of all affected EndRun Technologies Sonoma devices to the latest version provided by the vendor to patch the vulnerability. After patching, closely monitor system and access logs for any signs of compromise or attempted exploitation that may have occurred prior to the update.
Proactive Monitoring: Implement enhanced monitoring for affected devices. Security teams should look for unusual or suspicious commands in shell execution logs, unexpected outbound network connections from the time server, unauthorized changes to system configuration files, and abnormal spikes in CPU or memory utilization. Review web server access logs for requests containing special characters or shell commands (e.g., ;, |, &&, $(...)).
Compensating Controls: If patching cannot be performed immediately, apply compensating controls to reduce the risk. Restrict network access to the device's management interface to a dedicated, trusted administrative VLAN or IP address range. If the device's web interface must be exposed, place it behind a Web Application Firewall (WAF) with rules designed to block command injection attack patterns.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of the publication date of October 6, 2025, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, vulnerabilities of this type in network infrastructure devices are highly sought after by threat actors. It is likely that proof-of-concept exploits will be developed quickly by reverse-engineering the vendor's patch.
Analyst Recommendation
Given the critical CVSS score of 9.9 and the potential for complete system compromise, organizations must treat this vulnerability with the highest priority. The immediate application of the vendor-supplied patch is the most effective course of action. Although this CVE is not currently listed on the CISA KEV list, its critical nature makes it a prime candidate for future inclusion. If patching is delayed, the compensating controls outlined above must be implemented immediately to mitigate the significant risk of exploitation.
Update OS Command Injection vulnerability in EndRun Technologies Sonoma Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Cross Site Request Forgery (CSRF) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4
Cross Site Request Forgery (CSRF) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Microweber CMS 2
Microweber CMS 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Census CSWeb 8.0.1 exposes the "app/config" directory via HTTP, allowing unauthenticated attackers to download configuration files and obtain sensitiv...
Census CSWeb 8.0.1 exposes the "app/config" directory via HTTP, allowing unauthenticated attackers to download configuration files and obtain sensitive secrets.
---METADATA---
VENDOR: Census
PRODUCT: CSWeb
AFFECTED_VERSIONS: 8.0.1 (Fixed in 8.1.0 alpha)
---END_METADATA---
Description Summary:
Census CSWeb 8.0.1 exposes the "app/config" directory via HTTP, allowing unauthenticated attackers to download configuration files and obtain sensitive secrets.
Executive Summary:
An information disclosure vulnerability in Census CSWeb allows unauthenticated remote attackers to obtain sensitive configuration secrets by accessing exposed directories.
Vulnerability Details
CVE-ID: CVE-2025-60949
Affected Software: Census CSWeb
Affected Versions: 8.0.1
Vulnerability: In certain deployments, the app/config directory is reachable via standard HTTP requests. An unauthenticated remote attacker can directly request configuration files, which often contain database credentials, API keys, and other cryptographic secrets.
Business Impact
The exposure of configuration files is a critical security risk that typically leads to full system compromise. Attackers can use leaked database credentials to steal or modify census data, or use leaked secrets to impersonate legitimate users. The CVSS score of 9.1 reflects the severe impact on data confidentiality and the high likelihood of further exploitation following secret discovery.
Remediation Plan
Immediate Action: Update Census CSWeb to version 8.1.0 alpha or later. If an update is not possible, immediately restrict HTTP access to the app/config directory via web server configuration.
Proactive Monitoring: Check web server access logs for any HTTP GET requests targeting the app/config directory or common configuration file names (e.g., .env, config.php).
Compensating Controls: Use .htaccess (Apache) or location blocks (Nginx) to explicitly deny all public access to the app and config directories.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of Mar 23, 2026, there is no public information indicating active exploitation. However, directory traversal and exposure of config files are among the first things attackers look for during the reconnaissance phase.
Analyst Recommendation
Immediate remediation is required to prevent the leakage of environment secrets. Administrators should apply the 8.1.0 alpha update or manually secure the directory structure. Once secured, it is highly recommended to rotate all secrets found within those configuration files, as they should be considered compromised.
Update Census Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Census CSWeb 8
Census CSWeb 8
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Census CSWeb 8
Census CSWeb 8
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Emoncms 11
Emoncms 11
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
An issue in the size query parameter (/views/file
An issue in the size query parameter (/views/file
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in H3C GR-3000AX V100R007L50
A vulnerability was found in H3C GR-3000AX V100R007L50
---METADATA---
VENDOR: H3C
PRODUCT: GR-3000AX
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A security vulnerability has been identified in the H3C GR-3000AX router that may pose a risk to network security.
Executive Summary:
A high-severity vulnerability in the H3C GR-3000AX router could potentially allow an attacker to compromise network infrastructure.
Vulnerability Details
CVE-ID: CVE-2025-6091
Affected Software: H3C GR-3000AX
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability affects the firmware of the H3C GR-3000AX model. Given the classification, it is likely that this flaw allows an unauthenticated attacker to perform unauthorized actions, potentially leading to a complete compromise of the network device.
Business Impact
The CVSS score of 8.8 indicates a high level of risk for this network appliance. Successful exploitation could compromise all traffic passing through the router, leading to potential data exfiltration, man-in-the-middle attacks, and significant disruption to business operations.
Remediation Plan
Immediate Action: Upgrade the firmware of all affected H3C GR-3000AX units to the latest version released by the vendor.
Proactive Monitoring: Monitor logs for unauthorized login attempts or unexpected changes to the device configuration.
Compensating Controls: Isolate the management plane of the router from the public internet and use VPNs for any necessary remote administrative access.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 19, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Because this vulnerability targets critical network hardware, it is imperative to apply patches immediately. Failure to address this could lead to widespread network compromise and loss of data confidentiality.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in H3C GR-5400AX V100R009L50 and classified as critical
A vulnerability was found in H3C GR-5400AX V100R009L50 and classified as critical
---METADATA---
VENDOR: H3C
PRODUCT: GR-5400AX
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A critical vulnerability has been identified in the H3C GR-5400AX router, potentially allowing unauthorized access or control.
Executive Summary:
A critical, high-severity vulnerability in the H3C GR-5400AX router could permit unauthorized access, threatening network integrity.
Vulnerability Details
CVE-ID: CVE-2025-6090
Affected Software: H3C GR-5400AX
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This is a critical security vulnerability identified in the firmware of the H3C GR-5400AX device. While specific technical details are limited, such flaws often involve authentication bypass or command injection vulnerabilities that allow an unauthenticated attacker to gain administrative control.
Business Impact
With a CVSS score of 8.8, this vulnerability represents a significant risk to edge network security. Exploitation could allow an attacker to intercept traffic, redirect connections, or gain a foothold within the internal corporate network, leading to potential data breaches and unauthorized lateral movement.
Remediation Plan
Immediate Action: Apply the latest firmware update provided by H3C immediately to patch the affected device.
Proactive Monitoring: Inspect network traffic logs for unauthorized administrative access attempts or irregular outbound connections originating from the router.
Compensating Controls: Ensure the router management interface is not exposed to the public internet and restrict access to trusted internal IP addresses.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 19, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Network infrastructure vulnerabilities are critical as they provide broad access. Organizations utilizing the H3C GR-5400AX should prioritize firmware updates and verify that management interfaces are properly secured from external access.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
An authenticated stored XSS vulnerability exists in the Bagisto 2
An authenticated stored XSS vulnerability exists in the Bagisto 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Publii CMS v0
Publii CMS v0
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Insecure Permissions vulnerability in avanquest Driver Updater v
Insecure Permissions vulnerability in avanquest Driver Updater v
---METADATA---
VENDOR: Avanquest
PRODUCT: Driver Updater
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
Avanquest Driver Updater contains an insecure permissions vulnerability that could allow local users to perform unauthorized actions or escalate privileges on the affected system.
Executive Summary:
Avanquest Driver Updater is vulnerable to an insecure permissions flaw that allows local attackers to compromise system integrity and potentially escalate privileges.
Vulnerability Details
CVE-ID: CVE-2025-60865
Affected Software: Avanquest Driver Updater
Affected Versions: See vendor advisory for affected versions
Vulnerability: This vulnerability stems from insecure permissions within the Avanquest Driver Updater application. A local, authenticated attacker can exploit these weak access controls to modify sensitive files or execute arbitrary code with elevated permissions.
Business Impact
A successful exploit of this vulnerability could lead to a total compromise of the local workstation. In a corporate environment, this allows an attacker with low-level access to gain administrative rights, potentially leading to data exfiltration, the installation of persistent malware, or lateral movement across the network. The CVSS score of 7.8 reflects a High severity, as the flaw directly undermines the security boundary of the operating system.
Remediation Plan
Immediate Action: Apply the latest security updates provided by Avanquest immediately to correct file system and registry permissions.
Proactive Monitoring: Monitor for unusual process creation originating from the Driver Updater directory and audit local group membership changes for unauthorized additions.
Compensating Controls: Restrict administrative privileges for standard users and employ Endpoint Detection and Response (EDR) tools to block suspicious file system modifications in application directories.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of February 5, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw involving local privilege escalation, the potential for exploitation remains high once technical details are reverse-engineered.
Analyst Recommendation
The severity of this vulnerability necessitates immediate patching of all workstations running Avanquest Driver Updater. System administrators should prioritize this update to prevent local attackers from gaining full control over enterprise endpoints.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Reolink Video Doorbell Wi-Fi DB_566128M5MP_W stores and transmits DDNS credentials in plaintext within its configuration and update scripts, allowing...
Reolink Video Doorbell Wi-Fi DB_566128M5MP_W stores and transmits DDNS credentials in plaintext within its configuration and update scripts, allowing attackers to intercept or extract sensitive information
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in D-Link R15 (AX1500) 1.20.01 and below. By manipulating the model name parameter during a password change request in...
A vulnerability has been found in D-Link R15 (AX1500) 1.20.01 and below. By manipulating the model name parameter during a password change request in the web administrator page, it is possible to trigger a command injection in httpd.
---METADATA---
VENDOR: D-Link
PRODUCT: R15 (AX1500)
AFFECTED_VERSIONS: 1.20.01 and below
CONFIDENCE: high
MISSING: patch, exploit_status
---END_METADATA---
Description Summary:
The D-Link R15 (AX1500) router contains a command injection vulnerability in the httpd service, reachable via the model name parameter during password changes.
Executive Summary:
A critical command injection vulnerability in the D-Link R15 (AX1500) router allows authenticated administrators to execute arbitrary system commands via the web interface.
Vulnerability Details
CVE-ID: CVE-2025-60854
Affected Software: D-Link R15 (AX1500)
Affected Versions: 1.20.01 and below
Vulnerability: The vulnerability exists within the web administrator page where the "model name" parameter is not correctly sanitized. An attacker with administrative access can manipulate this parameter during a password change request to trigger command injection within the httpd daemon.
Business Impact
A CVSS score of 9.8 reflects the severity of full system compromise. If exploited, an attacker could gain complete control over the network device, potentially facilitating lateral movement, man-in-the-middle attacks, or persistent access to the internal network.
Remediation Plan
Immediate Action: Apply the latest firmware update provided by D-Link for the R15 (AX1500) router.
Proactive Monitoring: Review administrative access logs for suspicious activity and monitor for unexpected changes to device configuration or system processes.
Compensating Controls: Restrict access to the router's web administration interface to trusted internal IP addresses only and disable remote management features.
Exploitation Status
Public Exploit Available: Not specified
Analyst Notes: As of Dec 2, 2025, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
The ability to execute arbitrary commands on network infrastructure is a high-risk scenario. Administrators must apply available patches immediately to mitigate the risk of device takeover. If a patch is not immediately available, ensure the device is isolated from the public internet.
Update A vulnerability has been found in Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
An issue was discovered in BESSystem BES Application Server thru 9
An issue was discovered in BESSystem BES Application Server thru 9
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Antabot White-Jotter up to commit 9bcadc was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the component /api...
Antabot White-Jotter up to commit 9bcadc was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the component /api/aaa;/../register.
Executive Summary:
A critical vulnerability, identified as CVE-2025-60803, has been discovered in multiple Antabot products. This flaw allows an unauthenticated remote attacker to execute arbitrary code on an affected system, potentially leading to a complete system compromise, data theft, and service disruption. Due to its critical severity and ease of exploitation, immediate remediation is strongly advised.
Vulnerability Details
CVE-ID: CVE-2025-60803
Affected Software: Antabot Multiple Products
Affected Versions: Antabot White-Jotter up to commit 9bcadc. See vendor advisory for a complete list of affected products and versions.
Vulnerability: This is an unauthenticated Remote Code Execution (RCE) vulnerability. It exists due to a path confusion flaw in a specific API endpoint. An attacker can send a specially crafted HTTP request to the /api/aaa;/../register component. The use of a semicolon (;) followed by a path traversal sequence (/../) can confuse the server's path parsing logic, causing it to bypass authentication and authorization checks intended for the /api/aaa path and improperly process the /register endpoint, leading to code execution with the privileges of the web server process.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation by an unauthenticated attacker could result in a complete compromise of the affected server. The potential consequences include theft of sensitive corporate or customer data, deployment of ransomware, disruption of business-critical services hosted on the server, and using the compromised system as a pivot point to launch further attacks against the internal network. A public breach resulting from this vulnerability could lead to significant financial loss, regulatory fines, and severe reputational damage.
Remediation Plan
Immediate Action:
/api/aaa;/../register endpoint or containing similar path traversal patterns.Proactive Monitoring:
;/../ or other path traversal sequences (../, ..%2f, etc.), particularly those targeting API endpoints.Compensating Controls:
If patching cannot be performed immediately, implement the following controls:
;/../ in the URL.Exploitation Status
Public Exploit Available: False
Analyst Notes:
As of October 24, 2025, there are no known public proof-of-concept exploits or active exploitation campaigns targeting this vulnerability. However, given the critical severity and the unauthenticated nature of the RCE, it is highly probable that threat actors will reverse-engineer the patch and develop a functional exploit rapidly.
Analyst Recommendation
Given the critical CVSS score of 9.8 and the potential for a complete system compromise without authentication, immediate action is required. All organizations using the affected Antabot products must prioritize applying the vendor-supplied patches immediately. Although this vulnerability is not currently on the CISA Known Exploited Vulnerabilities (KEV) catalog, its severity makes it a prime candidate for future inclusion. If patching is delayed, compensating controls such as WAF rules and network segmentation must be implemented as an urgent temporary measure to mitigate the significant risk.
Update Antabot Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
jshERP up to commit fbda24da was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the jsh_erp function
jshERP up to commit fbda24da was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the jsh_erp function
Executive Summary:
A critical vulnerability has been discovered in multiple jshERP products, allowing an unauthenticated attacker to remotely execute arbitrary code on the server. Successful exploitation could lead to a complete system compromise, enabling an attacker to steal sensitive data, disrupt business operations, or use the server for further malicious activities. Immediate patching of all affected systems is required to mitigate this high-severity risk.
Vulnerability Details
CVE-ID: CVE-2025-60801
Affected Software: jshERP Multiple Products
Affected Versions: All versions up to and including commit fbda24da.
Vulnerability: The vulnerability is an unauthenticated Remote Code Execution (RCE) flaw within the jsh_erp function. An attacker can exploit this weakness by sending a specially crafted, unauthenticated request to an exposed application endpoint that utilizes this function. The application fails to properly sanitize the input, allowing the attacker's malicious payload to be executed on the underlying server with the privileges of the jshERP service account.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.2. Exploitation by a remote, unauthenticated attacker could result in a complete compromise of the affected server. The potential business impact includes theft of sensitive corporate or customer data, deployment of ransomware, disruption of critical business services relying on the ERP system, and reputational damage. A compromised system could also be used as a pivot point to launch further attacks against the internal network, escalating the security incident.
Remediation Plan
Immediate Action:
Proactive Monitoring:
jsh_erp function.Compensating Controls:
Exploitation Status
Public Exploit Available: false
Analyst Notes:
As of October 24, 2025, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, due to the critical nature of unauthenticated RCE vulnerabilities and the low complexity of exploitation, it is highly probable that a functional proof-of-concept exploit will be developed and made public by threat actors or security researchers in the near future.
Analyst Recommendation
Given the high CVSS score of 8.2 and the critical impact of a potential remote code execution attack, immediate remediation is strongly recommended. Although this vulnerability is not yet listed on the CISA Known Exploited Vulnerabilities (KEV) catalog, its severity and the ease of exploitation for an unauthenticated attacker make it a prime target. Organizations must prioritize applying the vendor-supplied patches to all affected jshERP systems, starting with those exposed to the internet, to prevent a full system compromise.
Apply security patches immediately for internet-facing systems. Monitor for exploitation attempts and review access logs.
Incorrect access control in the /jshERP-boot/user/info interface of jshERP up to commit 90c411a allows attackers to access sensitive information via a...
Incorrect access control in the /jshERP-boot/user/info interface of jshERP up to commit 90c411a allows attackers to access sensitive information via a crafted GET request
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to unauthorized admin account creation in all versions up to, and inclu...
The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to unauthorized admin account creation in all versions up to, and including, 67
Executive Summary:
A critical vulnerability has been identified in the WPGYM - Wordpress Gym Management System plugin, which allows an unauthenticated attacker to create an administrative account on the affected WordPress site. Successful exploitation grants the attacker full control over the website, enabling them to steal sensitive data, deface the site, or launch further attacks. This represents a significant security risk that requires immediate attention.
Vulnerability Details
CVE-ID: CVE-2025-6080
Affected Software: WPGYM - Wordpress Gym Management System plugin
Affected Versions: All versions up to, and including, 67
Vulnerability: The vulnerability exists within the user registration functionality of the WPGYM plugin. A flaw in the code fails to properly enforce authentication and authorization checks, allowing an unauthenticated remote attacker to send a specially crafted request to the application. This request is processed with administrative privileges, resulting in the creation of a new user account with full administrator rights on the WordPress site.
Business Impact
This is a High severity vulnerability with a CVSS score of 8.8. An attacker who successfully exploits this flaw gains complete administrative control over the affected website. This could lead to severe business consequences, including the theft of sensitive customer or business data, website defacement causing reputational damage, distribution of malware to site visitors, and disruption of business operations. The compromised website could also be used as a platform to launch further attacks against other internal or external systems, posing a significant risk to the organization's security posture.
Remediation Plan
Immediate Action:
Proactive Monitoring:
Compensating Controls:
/wp-admin/) to only trusted IP addresses at the firewall or web server level.Exploitation Status
Public Exploit Available: False
Analyst Notes: As of August 17, 2025, there is no known public proof-of-concept exploit code, and the vulnerability is not reported to be actively exploited in the wild. However, vulnerabilities that allow for unauthenticated administrative access are highly sought after by threat actors. It is highly probable that exploit code will be developed and published in the near future, increasing the risk of widespread attacks.
Analyst Recommendation
Immediate patching is strongly recommended for all systems running a vulnerable version of the WPGYM plugin. The high severity score (CVSS 8.8) and the critical impact of a successful exploit—complete system compromise—make this a high-priority vulnerability. Although this CVE is not currently on the CISA KEV list, its characteristics make it a likely candidate if widespread exploitation is observed. Organizations must prioritize the immediate actions outlined in the remediation plan to prevent a potential compromise.
The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the hom...
The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the homework
Executive Summary:
A high-severity vulnerability exists within the School Management System for Wordpress plugin, allowing attackers to upload malicious files to the server. Successful exploitation could lead to a complete website takeover, theft of sensitive data, and further compromise of the organization's network. Immediate patching is required to mitigate the significant risk posed by this flaw.
Vulnerability Details
CVE-ID: CVE-2025-6079
Affected Software: The School Management System for Wordpress plugin
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability is an arbitrary file upload weakness found in the homework submission functionality of the plugin. The system fails to properly validate the types of files being uploaded, allowing an attacker to bypass intended restrictions (e.g., .pdf, .docx). An attacker can upload a file with a malicious executable extension, such as a PHP web shell (.php), which is then saved to a web-accessible directory on the server. By navigating to the URL of the uploaded file, the attacker can trigger its execution, granting them the ability to run arbitrary commands on the server, access the database, and deface the website.
Business Impact
This is a high-severity vulnerability with a CVSS score of 8.8, posing a significant risk to the organization. Successful exploitation can lead to a full compromise of the web server. The potential consequences include a breach of sensitive data (e.g., student and faculty information), reputational damage from website defacement, and operational disruption. A compromised server could also be used as a staging point to launch further attacks against the internal network, escalating the incident's impact and recovery costs.
Remediation Plan
Immediate Action: Update the "School Management System for Wordpress" plugin to the latest available version to apply the security patch. After updating, review all WordPress security settings to ensure they are properly configured. If the plugin is no longer essential for business operations, it should be deactivated and removed entirely to reduce the overall attack surface.
Proactive Monitoring: Monitor web server access logs for unusual POST requests to the plugin's file upload endpoints, specifically looking for attempts to upload files with executable extensions (e.g., .php, .phtml, .sh). Implement file integrity monitoring on the web server's upload directories to detect the creation of unauthorized files. Monitor for any suspicious outbound network traffic from the web server, which could indicate a successful compromise.
Compensating Controls: If patching cannot be performed immediately, configure a Web Application Firewall (WAF) with rules to inspect file uploads and block requests containing malicious file types. Harden server permissions by ensuring that the directory where files are uploaded does not have execute permissions, which can prevent uploaded web shells from running. As a last resort, temporarily disable the homework upload feature within the plugin until a patch can be applied.
Exploitation Status
Public Exploit Available: False
Analyst Notes: As of August 17, 2025, there are no known public exploits or reports of this vulnerability being actively exploited in the wild. However, arbitrary file upload vulnerabilities are trivial to exploit once discovered, and proof-of-concept code is likely to be developed and published by security researchers or threat actors in the near future.
Analyst Recommendation
Given the high severity (CVSS 8.8) of this vulnerability and its potential for complete system compromise, immediate action is required. We strongly recommend that all organizations using the "School Management System for Wordpress" plugin prioritize the installation of the vendor-supplied patch. Although this CVE is not currently on the CISA KEV list, its critical impact and the popularity of the WordPress platform make it an attractive target for attackers, and it should be treated with the highest urgency.
MotionEye v0
MotionEye v0
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A Zip Slip vulnerability in the import a Project component of iceScrum v7
A Zip Slip vulnerability in the import a Project component of iceScrum v7
Executive Summary:
A high-severity vulnerability has been identified in the "import a Project" component, affecting multiple products including iceScrum v7. This flaw, known as a Zip Slip vulnerability, allows a remote attacker to upload a malicious archive file that can write files to arbitrary locations on the server. Successful exploitation could lead to remote code execution and a complete compromise of the affected system.
Vulnerability Details
CVE-ID: CVE-2025-60786
Affected Software: import a Project component in products such as iceScrum.
Affected Versions: iceScrum v7. See vendor advisory for a complete list of affected versions and products.
Vulnerability: This vulnerability is a path traversal flaw, commonly referred to as "Zip Slip." An attacker can exploit this by crafting a malicious zip archive containing files with path traversal sequences in their filenames (e.g., ../../../../etc/passwd). When the vulnerable "import a Project" component processes this archive, it fails to sanitize the file paths before extraction. This allows the attacker-controlled file to be written outside of the intended destination directory, enabling them to overwrite critical system files, configuration files, or upload a web shell to achieve remote code execution on the server.
Business Impact
This is a high-severity vulnerability with a CVSS score of 8.8, posing a significant risk to the organization. Successful exploitation could grant an attacker full control over the affected server, leading to severe consequences. These include the theft of sensitive project data, customer information, and intellectual property; disruption of business operations through system downtime or data corruption; and reputational damage. A compromised server could also be used as a pivot point to launch further attacks against the internal network, escalating the security incident.
Remediation Plan
Immediate Action: The primary remediation is to apply the security updates provided by the vendor to all affected systems immediately. After patching, it is crucial to monitor for any signs of post-exploitation activity by reviewing access logs for unusual file upload events or access to suspicious files.
Proactive Monitoring: Implement enhanced logging and monitoring for the application server. Security teams should look for:
Compensating Controls: If immediate patching is not feasible, implement the following controls to mitigate risk:
../).Exploitation Status
Public Exploit Available: false
Analyst Notes: As of December 16, 2025, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, Zip Slip is a well-understood vulnerability class, and proof-of-concept exploits can be developed with relative ease. Organizations should assume that attackers will develop exploit code and begin scanning for vulnerable systems shortly.
Analyst Recommendation
Given the high severity (CVSS 8.8) of this vulnerability and its potential to allow for remote code execution, it is strongly recommended that organizations prioritize the immediate application of the vendor-supplied security patches to all affected systems. While this vulnerability is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog, its high severity and the ease of exploitation represent a significant and immediate risk. If patching is delayed, the compensating controls outlined above must be implemented as a temporary measure to reduce the attack surface.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A remote code execution (RCE) vulnerability in the Postgres Drivers component of iceScrum v7
A remote code execution (RCE) vulnerability in the Postgres Drivers component of iceScrum v7
Executive Summary:
A critical remote code execution (RCE) vulnerability, identified as CVE-2025-60785, has been discovered in the Postgres Drivers component utilized by iceScrum v7. This high-severity flaw could allow a remote, unauthenticated attacker to execute arbitrary code on the server, potentially leading to a full system compromise, data theft, and service disruption. Organizations using the affected software are urged to apply security patches immediately to mitigate this significant risk.
Vulnerability Details
CVE-ID: CVE-2025-60785
Affected Software: Postgres Drivers Multiple Products
Affected Versions: The vulnerability impacts the Postgres Drivers as implemented within iceScrum v7. See vendor advisory for specific affected driver versions.
Vulnerability: This vulnerability is a remote code execution (RCE) flaw that exists due to improper input validation within the Postgres database driver. An unauthenticated remote attacker can exploit this by sending a specially crafted request to the iceScrum application. The application, in turn, passes this malicious data to the vulnerable driver, which fails to sanitize it, leading to code execution with the privileges of the application's service account on the underlying server.
Business Impact
This vulnerability is classified as High severity with a CVSS score of 8.8. Successful exploitation could result in a complete compromise of the affected server, granting an attacker full control. The potential consequences include unauthorized access to and exfiltration of sensitive project data, intellectual property, and customer information (loss of confidentiality); modification or deletion of critical data (loss of integrity); and complete service unavailability (loss of availability). This could lead to significant financial loss, reputational damage, and regulatory penalties.
Remediation Plan
Immediate Action: Apply the security patches provided by the vendor to all affected systems immediately, prioritizing internet-facing instances of iceScrum v7. After patching, it is crucial to review application and system access logs for any signs of compromise or unusual activity preceding the patch application.
Proactive Monitoring: Implement enhanced monitoring to detect potential exploitation attempts. Security teams should look for:
Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce the risk of exploitation:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of November 4, 2025, there are no known public proof-of-concept exploits or active exploitation campaigns targeting this vulnerability. However, given the high severity and the nature of the RCE vulnerability, it is highly likely that threat actors will reverse-engineer the patch and develop exploits in the near future.
Analyst Recommendation
Due to the critical risk of remote code execution (CVSS 8.8), this vulnerability requires immediate attention. We strongly recommend that all organizations apply the necessary security patches to affected systems without delay, starting with those exposed to the internet. Although this CVE is not currently listed on the CISA KEV list, its high impact warrants treating it with the highest priority to prevent potential system compromise and data breaches.
Apply security patches immediately for internet-facing systems. Monitor for exploitation attempts and review access logs.
Improper authentication in the web-based management interface of NETLINK HG322G V1.0.00-231017, allows a remote unauthenticated attacker to escalate p...
Improper authentication in the web-based management interface of NETLINK HG322G V1.0.00-231017, allows a remote unauthenticated attacker to escalate privileges and lock out the legitimate administrato...
Executive Summary:
A critical improper authentication vulnerability has been identified in the web-based management interface of certain NETLINK devices. This flaw allows a remote, unauthenticated attacker to gain full administrative control, potentially leading to a complete system compromise and the lockout of legitimate administrators from the device.
Vulnerability Details
CVE-ID: CVE-2025-60772
Affected Software: NETLINK HG322G
Affected Versions: V1.0.00-231017
Vulnerability: The vulnerability exists within the web-based management interface of the affected device. Due to an improper authentication mechanism, the system fails to adequately verify user identity. A remote attacker can exploit this weakness by sending specially crafted requests to the management interface, bypassing authentication controls entirely and gaining administrative-level privileges. This access allows the attacker to view or modify system configurations, disrupt services, or change the administrator's password, thereby locking them out of the device.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation could lead to a complete compromise of the affected network device. The business impact includes the potential for network traffic interception, unauthorized access to sensitive internal network segments, and service disruption. An attacker could use the compromised device as a pivot point to launch further attacks against the internal network, leading to a significant data breach or operational outage. The ability to lock out administrators would also delay detection and remediation efforts, increasing the overall impact of an incident.
Remediation Plan
Immediate Action: Immediately apply security updates provided by the vendor to patch the affected devices. Prioritize patching for devices with management interfaces exposed to the internet. After patching, verify that the update has been successfully applied and that administrative access is functioning correctly.
Proactive Monitoring: Monitor device access logs for any unusual or unauthorized login attempts, especially from untrusted or external IP addresses. Scrutinize logs for unexpected configuration changes, such as password modifications or the creation of new administrative accounts. Network monitoring should be configured to detect anomalous traffic patterns originating from the affected devices, which could indicate a compromise.
Compensating Controls: If immediate patching is not feasible, implement network-level access controls to mitigate risk. Use a firewall to restrict access to the device's web-based management interface, allowing connections only from a dedicated, trusted management network or specific administrative IP addresses. Disable WAN/remote management on the device if it is not essential for business operations.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of October 21, 2025, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, given the critical severity (CVSS 9.8) and the simplicity of exploitation typically associated with authentication bypass flaws, it is highly probable that a functional exploit will be developed and used by threat actors in the near future.
Analyst Recommendation
Due to the critical severity of this vulnerability, immediate action is required. We strongly recommend that all affected NETLINK devices be patched immediately, starting with those that are internet-facing. Although this CVE is not currently listed on the CISA KEV (Known Exploited Vulnerabilities) catalog, its high-impact nature makes it a prime target for exploitation. Organizations should treat this vulnerability with the highest priority and apply both the recommended remediation and compensating controls without delay to prevent a full network compromise.
Update Improper authentication in the Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
GeographicLib 2
GeographicLib 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
DLL Hijacking vulnerability in Trimble SketchUp desktop 2025 via crafted libcef
DLL Hijacking vulnerability in Trimble SketchUp desktop 2025 via crafted libcef
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Cross Site Request Forgery (CSRF) vulnerability in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before, Logic Version v6.00 - 2025_07_21 a...
Cross Site Request Forgery (CSRF) vulnerability in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before, Logic Version v6.00 - 2025_07_21 allows a remote attacker to execute arbitrary code via the /bh_web_backend component
Executive Summary:
A critical Cross-Site Request Forgery (CSRF) vulnerability has been identified in Ilevia EVE X1 Server Firmware. This flaw, rated 9.6 on the CVSS scale, allows a remote attacker to execute arbitrary code by tricking an authenticated administrator into visiting a malicious webpage. Successful exploitation could lead to a complete compromise of the affected server, posing a significant risk to data confidentiality, integrity, and availability.
Vulnerability Details
CVE-ID: CVE-2025-60739
Affected Software: Ilevia EVE X1 Server Firmware
Affected Versions: Version v4.7.18.0.eden and before, Logic Version v6.00 - 2025_07_21 and before.
Vulnerability: The vulnerability exists within the /bh_web_backend component of the Ilevia EVE X1 Server's web interface, which lacks adequate Cross-Site Request Forgery (CSRF) protections. An attacker can craft a malicious website or link that, when visited by a logged-in administrator, sends a forged request to the vulnerable endpoint on the server. Because the server cannot distinguish this forged request from a legitimate one, it processes the request with the administrator's privileges, leading to arbitrary code execution on the underlying system.
Business Impact
This vulnerability is rated as critical with a CVSS score of 9.6, indicating a high likelihood of exploitation and severe potential impact. A successful attack would grant an adversary complete control over the affected Ilevia EVE X1 Server. This could result in the theft of sensitive data, disruption of critical services managed by the server, and the use of the compromised system as a pivot point to launch further attacks against the internal network. The potential consequences include significant financial loss, operational downtime, and severe reputational damage.
Remediation Plan
Immediate Action:
/bh_web_backend component.Proactive Monitoring:
/bh_web_backend endpoint. Pay close attention to requests originating from unexpected referrers.Compensating Controls:
Exploitation Status
Public Exploit Available: false
Analyst Notes:
As of November 25, 2025, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, due to the critical severity (CVSS 9.6) and the direct path to remote code execution, it is highly probable that threat actors will develop and deploy exploits in the near future.
Analyst Recommendation
Given the critical CVSS score of 9.6 and the risk of complete system compromise, this vulnerability represents a severe threat. It is strongly recommended that organizations immediately identify all affected Ilevia EVE X1 Servers and apply the vendor-provided firmware updates as a top priority. Although this CVE is not currently listed on the CISA KEV catalog, its severity warrants immediate attention. If patching is delayed, the compensating controls listed above should be implemented without delay to reduce the attack surface.
Update Cross Site Request Forgery Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
An issue in Ilevia EVE X1 Server Firmware Version v4
An issue in Ilevia EVE X1 Server Firmware Version v4
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
code-projects Online Medicine Guide 1.0 is vulnerable to SQL Injection in /login.php via the upass parameter.
code-projects Online Medicine Guide 1.0 is vulnerable to SQL Injection in /login.php via the upass parameter.
Executive Summary:
A critical SQL Injection vulnerability has been identified in the login functionality of code-projects Online Medicine Guide 1.0. This flaw allows an unauthenticated attacker to bypass login controls and potentially gain full access to the application's underlying database, leading to a complete compromise of system data and integrity.
Vulnerability Details
CVE-ID: CVE-2025-60736
Affected Software: Unknown Multiple Products (Specifically code-projects Online Medicine Guide)
Affected Versions: 1.0. See vendor advisory for other potentially affected products.
Vulnerability: The application is vulnerable to SQL Injection via the upass parameter on the /login.php page. An unauthenticated remote attacker can submit a specially crafted SQL query in the password field of the login form. Because the application fails to properly sanitize this input, the malicious query is executed directly by the database, which can allow the attacker to bypass authentication, exfiltrate sensitive data, modify or delete database records, and potentially achieve remote code execution on the underlying server.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8, posing a significant and immediate threat to the organization. Successful exploitation could lead to a severe data breach, exposing sensitive user information, medical guide data, and administrative credentials. The business risks include unauthorized access to the entire system, loss of data integrity, significant reputational damage, and potential legal or regulatory penalties if sensitive personal or health information is compromised.
Remediation Plan
Immediate Action: The primary remediation is to apply the security updates provided by the vendor immediately. Identify all instances of the affected software and upgrade "Unknown Multiple Products" to the latest patched version. After patching, it is crucial to review access logs for any signs of compromise that may have occurred prior to the update.
Proactive Monitoring: Implement enhanced monitoring of web server and database logs. Specifically, look for suspicious requests to /login.php containing SQL syntax (e.g., ', UNION, SELECT, --, SLEEP()) in the upass parameter. Monitor for unusual database queries, unexpected database user activity, or large data egress from the database server.
Compensating Controls: If immediate patching is not feasible, deploy a Web Application Firewall (WAF) with rules specifically designed to detect and block SQL Injection attacks. Configure WAF rules to scrutinize the upass parameter on the /login.php endpoint. Additionally, ensure the database user account has minimum necessary privileges to limit the impact of a potential breach.
Exploitation Status
Public Exploit Available: true
Analyst Notes: As of Dec 2, 2025, this vulnerability is publicly disclosed. While the CISA KEV status is "No", the nature of this vulnerability (unauthenticated SQL Injection in a login parameter) makes it trivial to exploit. It is highly likely that threat actors will develop and use exploits for this vulnerability in the near future, targeting any publicly accessible instances of the affected software.
Analyst Recommendation
Given the critical CVSS score of 9.8 and the ease of exploitation, this vulnerability requires immediate attention. We strongly recommend that all affected systems be patched without delay. Organizations should treat this vulnerability with the highest priority, similar to a CISA KEV-listed vulnerability, due to the high probability of exploitation and the severe potential impact. If patching is delayed, the implementation of a WAF and proactive monitoring are critical to mitigate the immediate risk.
Update Unknown Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
PerfreeBlog v4
PerfreeBlog v4
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
PerfreeBlog v4
PerfreeBlog v4
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
PerfreeBlog v4
PerfreeBlog v4
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Stack-based Buffer Overflow vulnerability in ABB RMC-100, ABB RMC-100 LITE
Stack-based Buffer Overflow vulnerability in ABB RMC-100, ABB RMC-100 LITE
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
---METADATA---
VENDOR: BYD
PRODUCT: Atto3
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
CONFIDENCE: medium
MISSING: patch, technical_details
---END_METADATA---
Description Summary:
The BYD Atto3 vehicle authentication system is susceptible to brute-force attacks, allowing attackers to obtain persistent authentication keys.
Executive Summary:
A critical authentication flaw in the BYD Atto3 allows attackers to brute-force authentication keys, potentially leading to unauthorized vehicle access.
Vulnerability Details
CVE-ID: CVE-2025-61081
Affected Software: BYD Atto3
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability stems from insufficient rate-limiting or protection against brute-force attempts on the authentication mechanism, enabling an attacker to derive a valid authentication key that remains permanently valid.
Business Impact
A successful exploit could result in unauthorized control or access to vehicle systems, posing significant safety and security risks to the owner. Given the CVSS score of 7.5, this high-severity vulnerability requires immediate attention from affected users and coordination with the manufacturer to ensure security patches are implemented.
Remediation Plan
Immediate Action: Contact the vehicle manufacturer or authorized service center to inquire about available firmware updates or security bulletins addressing this specific authentication flaw.
Proactive Monitoring: Monitor any associated mobile application or vehicle portal accounts for unusual login activity or unrecognized device pairings.
Compensating Controls: If available, enable multi-factor authentication (MFA) on the associated account management portal to provide an additional layer of security beyond the vulnerable key.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of May 20, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Authentication vulnerabilities in automotive systems present unique physical and digital safety risks. Owners of the BYD Atto3 should verify their current firmware version and coordinate with authorized service providers to ensure the latest security mitigations are applied to prevent unauthorized access.