A path Traversal vulnerability found in FileCodeBox v2
Description
A path Traversal vulnerability found in FileCodeBox v2
Remediation
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Search and filter 17282 vulnerabilities with AI analyst insights
A path Traversal vulnerability found in FileCodeBox v2
A path Traversal vulnerability found in FileCodeBox v2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a buffer overflow via the ePort parameter in the function setIpPortFilterRules.
TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a buffer overflow via the ePort parameter in the function setIpPortFilterRules.
Update TOTOLINK Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
A cross-site scripting (XSS) vulnerability in the PdfViewer component of Agenzia Impresa Eccobook 2
A cross-site scripting (XSS) vulnerability in the PdfViewer component of Agenzia Impresa Eccobook 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Insecure Direct Object Reference (IDOR) vulnerability in PdfHandler component in Agenzia Impresa Eccobook v2
Insecure Direct Object Reference (IDOR) vulnerability in PdfHandler component in Agenzia Impresa Eccobook v2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Cross-site scripting (XSS) vulnerability in Zone Bitaqati thru 3
Cross-site scripting (XSS) vulnerability in Zone Bitaqati thru 3
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
hippo4j 1
hippo4j 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
An issue was discovered in Shopizer 3
An issue was discovered in Shopizer 3
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A SQL Injection was found in the /exam/user/profile.php page of kashipara Online Exam System V1.0, which allows remote attackers to execute arbitrary...
A SQL Injection was found in the /exam/user/profile.php page of kashipara Online Exam System V1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the rname, rcollage, rnumber, rgender and rpassword parameters in a POST HTTP request.
Executive Summary:
A critical SQL Injection vulnerability has been identified in the kashipara Online Exam System. This flaw allows a remote, unauthenticated attacker to execute arbitrary commands on the application's database, potentially leading to a complete compromise of sensitive student and exam data. Due to the high severity and ease of exploitation, immediate remediation is required to prevent a significant data breach.
Vulnerability Details
CVE-ID: CVE-2025-51567
Affected Software: kashipara Online Exam System
Affected Versions: V1.0
Vulnerability: The vulnerability exists within the user profile update page, specifically /exam/user/profile.php. The application fails to properly sanitize user-supplied input for the rname, rcollage, rnumber, rgender, and rpassword parameters in a POST request. An attacker can inject malicious SQL commands into these parameters, which are then executed directly by the backend database, granting them unauthorized access and control.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.1, posing a significant threat to the organization. Successful exploitation could lead to a catastrophic data breach, exposing sensitive personally identifiable information (PII) of users, exam results, and administrative credentials. The potential consequences include severe reputational damage, financial loss from regulatory fines (e.g., GDPR, FERPA), and the complete loss of data integrity within the exam system.
Remediation Plan
Immediate Action: Update the kashipara Online Exam System to the latest version as recommended by the vendor. After patching, immediately monitor for any signs of exploitation attempts by reviewing server and application access logs for suspicious activity targeting the vulnerable page.
Proactive Monitoring: Implement enhanced monitoring of HTTP traffic to the web server. Specifically, look for POST requests to /exam/user/profile.php that contain common SQL injection payloads (e.g., ', --, UNION, SELECT, SLEEP()). Utilize a Web Application Firewall (WAF) with rulesets designed to detect and block SQL injection attacks in real-time.
Compensating Controls: If patching cannot be performed immediately, implement a WAF rule to specifically block malicious requests to the /exam/user/profile.php endpoint. Restrict access to this page from untrusted networks if feasible. As a last resort, temporarily disable the user profile update functionality until a patch can be applied.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of the published date, Jan 12, 2026, there are no known public exploits or reports of this vulnerability being actively exploited in the wild. However, SQL Injection vulnerabilities are trivial to exploit, and proof-of-concept code is likely to emerge quickly.
Analyst Recommendation
Given the critical CVSS score of 9.1 and the high potential for a complete database compromise, this vulnerability requires immediate attention. Although it is not currently listed on the CISA KEV (Known Exploited Vulnerabilities) catalog, its severity warrants treating it with the highest priority. We strongly recommend that the organization apply the vendor-supplied patch immediately and implement proactive monitoring to detect and prevent any exploitation attempts.
Update A SQL Injection was found in the Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
An issue was discovered in Cicool builder 3.4.4 allowing attackers to reset the administrator's password via the /administrator/auth/reset_password en...
An issue was discovered in Cicool builder 3.4.4 allowing attackers to reset the administrator's password via the /administrator/auth/reset_password endpoint.
---METADATA---
VENDOR: Cicool
PRODUCT: Cicool builder
AFFECTED_VERSIONS: 3.4.4
CONFIDENCE: high
MISSING: patch, exploit_status
---END_METADATA---
Description Summary:
Cicool builder 3.4.4 allows unauthenticated attackers to reset the administrator password via the /administrator/auth/reset_password endpoint.
Executive Summary:
An unauthenticated password reset vulnerability in Cicool builder 3.4.4 allows attackers to gain unauthorized administrative access to the platform.
Vulnerability Details
CVE-ID: CVE-2025-51543
Affected Software: Cicool Cicool builder
Affected Versions: 3.4.4
Vulnerability: This vulnerability is an authentication flaw residing in the /administrator/auth/reset_password endpoint, which allows an unauthenticated attacker to initiate a password reset for the administrator account.
Business Impact
The CVSS score of 9.8 reflects the high severity of this flaw. By successfully resetting the administrator credentials, an attacker can obtain full control over the Cicool builder instance, leading to complete data compromise, configuration changes, and total loss of system confidentiality.
Remediation Plan
Immediate Action: Update Cicool builder to the latest version immediately to close the vulnerable reset endpoint.
Proactive Monitoring: Audit administrator account activity and password change logs for any unauthorized or unexpected modifications.
Compensating Controls: Temporarily restrict access to the /administrator/ directory using IP allowlisting or a Web Application Firewall (WAF) to prevent access to the reset endpoint by external actors.
Exploitation Status
Public Exploit Available: Unknown
Analyst Notes: As of Aug 19, 2025, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
This is a critical vulnerability that grants immediate administrative access. It is imperative that all users of Cicool builder 3.4.4 apply the latest security updates without delay to prevent unauthorized account takeover.
Update An issue was discovered in Cicool builder Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a hardcoded Administrator password.
Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a hardcoded Administrator password.
Executive Summary:
A critical vulnerability has been identified in Austrian Archaeological Institute's OpenAtlas software, which contains a hardcoded, unchangeable password for the administrator account. This flaw allows any attacker with knowledge of this password to easily gain complete control over the system. Successful exploitation could lead to a total compromise of the application, resulting in data theft, data destruction, and significant operational disruption.
Vulnerability Details
CVE-ID: CVE-2025-51536
Affected Software: Austrian Archaeological Institute OpenAtlas
Affected Versions: v8.11.0. See vendor advisory for a complete list of all affected versions and products.
Vulnerability: The OpenAtlas application contains a hardcoded credential (CWE-798: Use of Hard-coded Credentials) for the 'Administrator' user account. This means a static, default password is built directly into the software's code and cannot be changed by users. An unauthenticated remote attacker can exploit this vulnerability by simply obtaining the hardcoded password from public sources and using it to log into the application's administrative interface, granting them the highest level of privilege.
Business Impact
This vulnerability is rated as Critical with a CVSS score of 9.8, reflecting its extreme severity and ease of exploitation. An attacker with administrative access can perform any action within the OpenAtlas application, including viewing, modifying, and deleting all archaeological project data, user information, and system configurations. The potential consequences include a severe data breach of sensitive research, intellectual property theft, complete data loss, and significant reputational damage to the organization. The risk is exceptionally high as no sophisticated tools are required for exploitation, only knowledge of the publicly available password.
Remediation Plan
Immediate Action: Immediately apply the security update provided by the Austrian Archaeological Institute to patch the vulnerability. After patching, it is critical to thoroughly review all system and application access logs for any unauthorized or suspicious logins to the administrator account that may have occurred prior to the update.
Proactive Monitoring: Implement continuous monitoring of application logs with a specific focus on administrator account activity. Configure alerts for any successful administrator logins, especially from unknown or external IP addresses. Monitor for unusual activities such as mass data exports, significant configuration changes, or the creation of new privileged accounts.
Compensating Controls: If immediate patching is not feasible, implement the following compensating controls to reduce the risk of exploitation:
Exploitation Status
Public Exploit Available: true
Analyst Notes: As of the publication date of August 4, 2025, this vulnerability is publicly disclosed. The "exploit" for a hardcoded password is the password itself, which is now considered public knowledge. Due to the simplicity of exploitation, organizations should assume that active scanning and exploitation attempts are already underway or will begin imminently.
Analyst Recommendation
Given the critical CVSS score of 9.8 and the public availability of the exploit, this vulnerability poses an immediate and severe threat to the organization. We strongly recommend that all affected instances of Austrian Archaeological Institute products be patched immediately as the highest priority. Organizations must operate under the assumption of compromise and conduct a thorough investigation of access logs to identify any malicious activity. Although this CVE is not currently on the CISA KEV list, its characteristics make it a prime candidate for future inclusion, and it must be treated with the utmost urgency.
Update Austrian Archaeological Institute Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a SQL injection vulnerability.
Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a SQL injection vulnerability.
Executive Summary:
A critical SQL injection vulnerability has been discovered in multiple products from the Austrian Archaeological Institute, including OpenAtlas v8.11.0. This flaw allows an unauthenticated attacker to execute arbitrary commands on the backend database, potentially leading to a complete compromise of the application's data. Successful exploitation could result in the theft, modification, or deletion of sensitive archaeological research data.
Vulnerability Details
CVE-ID: CVE-2025-51535
Affected Software: Austrian Archaeological Institute Multiple Products
Affected Versions: OpenAtlas version 8.11.0 is confirmed to be affected. Other products and versions may also be vulnerable; refer to the vendor advisory for a complete list.
Vulnerability: The application is vulnerable to SQL injection. An unauthenticated remote attacker can inject malicious SQL queries into user-supplied input fields that are not properly sanitized before being passed to the database. By crafting a specific payload, the attacker can bypass security controls and directly interact with the database to exfiltrate sensitive information, modify or delete records, and in some configurations, execute commands on the underlying operating system.
Business Impact
This vulnerability is rated as Critical with a CVSS score of 9.1. Exploitation could have a severe impact on the organization's operations and reputation. An attacker could gain unauthorized access to the entire database, which may contain irreplaceable historical and archaeological research data. The specific risks include the theft of intellectual property, manipulation of research data leading to a loss of academic integrity, complete data destruction, and potential disruption of the OpenAtlas service.
Remediation Plan
Immediate Action: Immediately apply the security updates provided by the Austrian Archaeological Institute to all affected products. Prioritize patching public-facing instances of OpenAtlas and other vulnerable applications to the latest secure version.
Proactive Monitoring: Implement enhanced monitoring on web and database servers. Review web server access logs and Web Application Firewall (WAF) logs for suspicious patterns indicative of SQL injection attempts, such as ' OR '1'='1', UNION SELECT, SLEEP(), and other SQL keywords in request parameters. Monitor database logs for unusual or unauthorized queries.
Compensating Controls: If immediate patching is not feasible, implement a Web Application Firewall (WAF) with strict rules designed to detect and block SQL injection attacks. Restrict access to the application at the network level, allowing connections only from trusted IP ranges. Ensure the application's database user account adheres to the principle of least privilege, limiting its permissions to prevent severe damage.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of August 4, 2025, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, given the critical severity and the straightforward nature of SQL injection flaws, it is highly probable that a functional exploit will be developed and made public quickly. The vulnerability is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.
Analyst Recommendation
Due to the critical severity (CVSS 9.1) of this vulnerability, immediate action is required. We strongly recommend that the organization prioritizes patching all affected systems without delay. Although there is no evidence of active exploitation, the risk of data compromise is significant. Until patching is complete, the compensating controls listed above should be implemented to reduce the attack surface and mitigate potential impact.
Update Austrian Archaeological Institute Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
A cross-site scripting (XSS) vulnerability in Austrian Archaeological Institute (AI) OpenAtlas v8
A cross-site scripting (XSS) vulnerability in Austrian Archaeological Institute (AI) OpenAtlas v8
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Incorrect access control in Sage DPW v2024
Incorrect access control in Sage DPW v2024
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Cadmium CMS v.0.4.9 has a background arbitrary file upload vulnerability in /admin/content/filemanager/uploads.
Cadmium CMS v.0.4.9 has a background arbitrary file upload vulnerability in /admin/content/filemanager/uploads.
---METADATA---
VENDOR: Cadmium
PRODUCT: CMS
AFFECTED_VERSIONS: 0.4.9
CONFIDENCE: high
MISSING: patch, exploit_status
---END_METADATA---
Description Summary:
Cadmium CMS version 0.4.9 contains a critical arbitrary file upload vulnerability within the /admin/content/filemanager/uploads endpoint.
Executive Summary:
An arbitrary file upload vulnerability in Cadmium CMS version 0.4.9 poses a critical risk of remote code execution for affected installations.
Vulnerability Details
CVE-ID: CVE-2025-51511
Affected Software: Cadmium CMS
Affected Versions: 0.4.9
Vulnerability: This vulnerability involves an insecure file upload mechanism that allows an unauthenticated or low-privileged attacker to upload arbitrary files to the server. The flaw resides in the file manager utility, potentially allowing the execution of malicious scripts if uploaded to a web-accessible directory.
Business Impact
The ability to upload arbitrary files typically results in complete server compromise, as attackers can upload web shells to execute arbitrary commands. Given the CVSS score of 9.8, this vulnerability is critical, posing a severe risk of data exfiltration, unauthorized access to sensitive content, and complete system takeover.
Remediation Plan
Immediate Action: Upgrade to the latest available version of Cadmium CMS immediately to patch the insecure upload handler.
Proactive Monitoring: Review web server access logs for requests directed at /admin/content/filemanager/uploads that return 200 OK statuses but contain suspicious file extensions or unusual user-agent strings.
Compensating Controls: Implement a Web Application Firewall (WAF) rule to block unauthorized access to the file manager upload path and restrict file uploads to verified administrative sessions only.
Exploitation Status
Public Exploit Available: Unknown
Analyst Notes: As of Dec 23, 2025, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
This vulnerability represents a critical security gap that could lead to full system compromise. Organizations running Cadmium CMS version 0.4.9 should prioritize applying the vendor-supplied update immediately to mitigate the risk of remote command execution.
Update Cadmium CMS Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Microweber CMS 2
Microweber CMS 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A Stored Cross-Site Scripting (XSS) vulnerability in Microweber CMS 2
A Stored Cross-Site Scripting (XSS) vulnerability in Microweber CMS 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
An integer overflow vulnerability exists in the WebSocket component of Mongoose 7
An integer overflow vulnerability exists in the WebSocket component of Mongoose 7
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Remote Code Execution in letta
Remote Code Execution in letta
Apply security patches immediately for internet-facing systems. Monitor for exploitation attempts and review access logs.
Path Traversal vulnerability in onnx
Path Traversal vulnerability in onnx
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Cross-site Scripting (XSS) in aimhubio Aim 3
Cross-site Scripting (XSS) in aimhubio Aim 3
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Path Traversal in restore_run_backup() in AIM 3
Path Traversal in restore_run_backup() in AIM 3
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In TOTOLINK A7000R firmware 9.1.0u.6115_B20201022, an attacker can bypass login by sending a specific request through formLoginAuth.htm.
In TOTOLINK A7000R firmware 9.1.0u.6115_B20201022, an attacker can bypass login by sending a specific request through formLoginAuth.htm.
---METADATA---
VENDOR: TOTOLINK
PRODUCT: A7000R
AFFECTED_VERSIONS: 9.1.0u.6115_B20201022
CONFIDENCE: high
MISSING: patch, exploit_status
---END_METADATA---
Description Summary:
A critical authentication bypass vulnerability exists in the TOTOLINK A7000R router firmware, allowing unauthenticated attackers to gain unauthorized access via the formLoginAuth.htm endpoint.
Executive Summary:
A critical authentication bypass vulnerability in TOTOLINK A7000R firmware allows unauthenticated attackers to gain full administrative access to the device.
Vulnerability Details
CVE-ID: CVE-2025-51452
Affected Software: TOTOLINK A7000R
Affected Versions: 9.1.0u.6115_B20201022
Vulnerability: This is an unauthenticated authentication bypass vulnerability triggered by sending a crafted request to the formLoginAuth.htm file. The flaw allows remote attackers to circumvent login requirements entirely.
Business Impact
With a CVSS score of 9.8, this vulnerability poses a critical risk to network integrity. Successful exploitation grants an attacker full control over the router, enabling traffic interception, configuration changes, or the ability to pivot into the internal network, leading to significant data compromise and service disruption.
Remediation Plan
Immediate Action: Identify and update affected TOTOLINK A7000R devices to the latest available firmware provided by the vendor.
Proactive Monitoring: Inspect network traffic and device logs for anomalous requests directed at the formLoginAuth.htm endpoint.
Compensating Controls: Restrict administrative access to the router interface to trusted internal IP addresses only, and ensure the management interface is not exposed to the public internet.
Exploitation Status
Public Exploit Available: Unknown
Analyst Notes: As of Aug 13, 2025, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the critical nature of this authentication bypass, administrators must prioritize patching the affected firmware immediately. If an update is not immediately available, ensure the device management interface is isolated from any untrusted or public-facing networks to prevent unauthorized access.
Update In TOTOLINK Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
In TOTOLINK EX1200T firmware 4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm.
In TOTOLINK EX1200T firmware 4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm.
---METADATA---
VENDOR: TOTOLINK
PRODUCT: EX1200T
AFFECTED_VERSIONS: 4.1.2cu.5215
CONFIDENCE: high
MISSING: patch, exploit_status
---END_METADATA---
Description Summary:
A critical authentication bypass vulnerability exists in the TOTOLINK EX1200T range extender firmware, allowing unauthenticated attackers to bypass login via the formLoginAuth.htm endpoint.
Executive Summary:
A critical authentication bypass vulnerability in TOTOLINK EX1200T firmware allows unauthenticated attackers to gain full administrative access to the device.
Vulnerability Details
CVE-ID: CVE-2025-51451
Affected Software: TOTOLINK EX1200T
Affected Versions: 4.1.2cu.5215
Vulnerability: The vulnerability is an unauthenticated authentication bypass flaw involving the formLoginAuth.htm script. An attacker can submit a specific request to this endpoint to bypass the authentication mechanism and interact with the device as an administrator.
Business Impact
The CVSS score of 9.8 reflects the severe impact of unauthorized administrative access to network infrastructure. Exploitation allows attackers to manipulate settings, intercept sensitive traffic, or use the device as a foothold for further lateral movement within the connected network.
Remediation Plan
Immediate Action: Upgrade the TOTOLINK EX1200T firmware to the most recent version provided by the manufacturer.
Proactive Monitoring: Review device access logs for suspicious activity or repeated, unexpected access attempts targeting the login authentication scripts.
Compensating Controls: Disable remote management features on the device and ensure that administrative access is restricted to authorized internal network segments.
Exploitation Status
Public Exploit Available: Unknown
Analyst Notes: As of Aug 13, 2025, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Due to the high severity of this bypass, organizations should apply the necessary firmware updates immediately. Failure to secure these devices exposes the internal network to unauthorized control and potential data exfiltration.
Update In TOTOLINK Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
An issue was discovered in ModelScope 1
An issue was discovered in ModelScope 1
---METADATA---
VENDOR: ModelScope
PRODUCT: ModelScope
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
CONFIDENCE: low
MISSING: versions, patch, technical_details
---END_METADATA---
Description Summary:
A vulnerability of unknown nature has been identified in ModelScope 1.
Executive Summary:
ModelScope version 1 contains an unspecified security vulnerability that requires immediate investigation and remediation.
Vulnerability Details
CVE-ID: CVE-2025-51427
Affected Software: ModelScope ModelScope
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability details are currently sparse; however, the provided data indicates a security flaw exists within the ModelScope 1 framework. The authentication requirements for exploitation remain undefined due to limited disclosure.
Business Impact
The lack of technical clarity makes this vulnerability particularly concerning, as the full scope of impact remains unknown. With a CVSS score of 7.3, this flaw presents a significant risk to organizational assets, potentially leading to unauthorized system access or service disruption if left unaddressed.
Remediation Plan
Immediate Action: Consult the official ModelScope security documentation or vendor advisory to identify the specific patch or configuration change required to mitigate this risk.
Proactive Monitoring: Review system access logs for anomalous behavior and monitor for any unusual service disruptions associated with ModelScope operations.
Compensating Controls: Implement strict network segmentation and ensure that the ModelScope instance is not exposed to the public internet until a formal security patch is applied.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of May 20, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the limited information provided, it is imperative that administrators prioritize reviewing vendor-provided security bulletins. Until further technical details are released, treat this vulnerability as a high-priority item and ensure that all ModelScope deployments are isolated and monitored for signs of unauthorized activity.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a command injection vulnerability via the pin parameter in the setWiFiWpsConfig funct...
TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a command injection vulnerability via the pin parameter in the setWiFiWpsConfig function.
Executive Summary:
A critical command injection vulnerability has been discovered in multiple TOTOLINK products, rated with a CVSS score of 9.8. This flaw allows an unauthenticated attacker to remotely execute arbitrary commands on the affected device by sending a specially crafted request, potentially leading to a complete system compromise. Successful exploitation could result in data theft, network disruption, and the use of the compromised router in further attacks.
Vulnerability Details
CVE-ID: CVE-2025-51390
Affected Software: TOTOLINK Multiple Products
Affected Versions: The specific version TOTOLINK N600R V4.3.0cu.7647_B20210106 is confirmed to be vulnerable. See vendor advisory for a complete list of specific affected products and versions.
Vulnerability: This is a command injection vulnerability within the setWiFiWpsConfig function of the device's firmware. The pin parameter, used for WPS configuration, fails to properly sanitize user-supplied input before passing it to a system shell command. An attacker can craft a request containing malicious shell commands (e.g., 12345678; reboot) within the pin parameter. When the router processes this request, it executes the injected command with the privileges of the system, leading to remote code execution (RCE).
Business Impact
The vulnerability is rated as critical severity with a CVSS score of 9.8, indicating a high risk of compromise with low attack complexity. An attacker who successfully exploits this vulnerability can gain full administrative (root) control over the network device. This level of access could lead to severe consequences, including the interception and theft of all network traffic (e.g., credentials, financial information), redirection of users to malicious websites via DNS hijacking, deployment of malware on the internal network, and using the device as part of a botnet for DDoS attacks. The integrity, confidentiality, and availability of the network are all at significant risk.
Remediation Plan
Immediate Action: The primary remediation is to apply vendor-supplied firmware updates immediately. Organizations should identify all affected TOTOLINK devices and update them to the latest patched version as specified in the vendor's security advisory. After patching, monitor devices for any signs of compromise and review historical access logs for suspicious requests targeting the setWiFiWpsConfig function.
Proactive Monitoring:
setWiFiWpsConfig function. Look for any pin parameter values containing shell metacharacters such as ;, |, &, $(...), or `.Compensating Controls: If patching cannot be performed immediately, implement the following controls to reduce risk:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of August 4, 2025, there are no known public exploits or active "in-the-wild" attacks leveraging this vulnerability. However, vulnerabilities in network edge devices like routers are highly attractive targets for threat actors seeking to build botnets or gain initial access to a network. Due to the critical CVSS score and low attack complexity, it is highly probable that a functional exploit will be developed and used by attackers in the near future.
Analyst Recommendation
Given the critical severity (CVSS 9.8) of this vulnerability, we recommend that organizations treat this as a high-priority issue and take immediate action. The primary course of action is to apply the vendor-provided firmware updates across all affected TOTOLINK devices without delay. If patching is not immediately feasible, the compensating controls listed above, particularly disabling remote management and the WPS feature, should be implemented as a temporary measure. Although this CVE is not currently on the CISA KEV list, its critical nature warrants an urgent response to prevent potential device compromise and network intrusion.
Update TOTOLINK Multiple Products to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
The GitKraken Desktop 10.8.0 and 11.1.0 is susceptible to code injection due to misconfigured Electron Fuses. Specifically, the following insecure set...
The GitKraken Desktop 10.8.0 and 11.1.0 is susceptible to code injection due to misconfigured Electron Fuses. Specifically, the following insecure settings were observed: RunAsNode is enabled and Enab...
---METADATA---
VENDOR: GitKraken
PRODUCT: Desktop
AFFECTED_VERSIONS: 10.8.0, 11.1.0
CONFIDENCE: high
MISSING: patch, exploit_status
---END_METADATA---
Description Summary:
GitKraken Desktop versions 10.8.0 and 11.1.0 are vulnerable to code injection due to insecure Electron Fuse configurations, specifically enabling RunAsNode.
Executive Summary:
A critical code injection vulnerability in GitKraken Desktop allows attackers to execute arbitrary code due to misconfigured Electron Fuses.
Vulnerability Details
CVE-ID: CVE-2025-51387
Affected Software: GitKraken Desktop
Affected Versions: 10.8.0, 11.1.0
Vulnerability: This vulnerability involves the insecure configuration of Electron Fuses, specifically the enablement of the 'RunAsNode' setting. This allows an attacker to inject and execute arbitrary code within the context of the application.
Business Impact
Successful exploitation of this vulnerability permits unauthorized code execution, potentially leading to full system compromise, data exfiltration, or the installation of persistent backdoors. With a CVSS score of 9.8, this flaw represents a severe risk to organizational security, as it grants attackers the ability to bypass application-level security controls.
Remediation Plan
Immediate Action: Update GitKraken Desktop to the latest available version provided by the vendor to remediate the insecure Fuse configuration.
Proactive Monitoring: Review system logs for unauthorized process execution or anomalous child processes spawned by the GitKraken application.
Compensating Controls: Utilize Endpoint Detection and Response (EDR) tools to monitor for suspicious command-line arguments associated with the application's executable.
Exploitation Status
Public Exploit Available: Unknown
Analyst Notes: As of Aug 4, 2025, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
The severity of this code injection vulnerability necessitates immediate attention. Administrators should prioritize upgrading all instances of GitKraken Desktop to the latest patched version to neutralize the risk of arbitrary code execution.
Update The GitKraken Desktop Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
D-Link DI-8100 16
D-Link DI-8100 16
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A sandbox escape vulnerability was identified in huggingface/smolagents version 1
A sandbox escape vulnerability was identified in huggingface/smolagents version 1
In Eclipse Jetty, versions <=9
In Eclipse Jetty, versions <=9
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Tenda AC8V4 V16
Tenda AC8V4 V16
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
An unrestricted file upload vulnerability in Vedo Suite version 2024
An unrestricted file upload vulnerability in Vedo Suite version 2024
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Insecure Data Storage of credentials has been found in /api_vedo/configuration/config
Insecure Data Storage of credentials has been found in /api_vedo/configuration/config
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Electrolink FM/DAB/TV Transmitter Web Management System Unauthorized access vulnerability via the /FrameSetCore
Electrolink FM/DAB/TV Transmitter Web Management System Unauthorized access vulnerability via the /FrameSetCore
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the dlt_linuxsll2_cleanup() function in plugins/dlt_linuxsll2/linuxs...
Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the dlt_linuxsll2_cleanup() function in plugins/dlt_linuxsll2/linuxsll2
A heap-buffer-overflow vulnerability exists in the tcpliveplay utility of the tcpreplay-4
A heap-buffer-overflow vulnerability exists in the tcpliveplay utility of the tcpreplay-4
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
OPNsense 25
OPNsense 25
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
SQL Injection vulnerability exists in the sortKey parameter of the GET /api/v1/wanted/cutoff API endpoint in readarr 0
SQL Injection vulnerability exists in the sortKey parameter of the GET /api/v1/wanted/cutoff API endpoint in readarr 0
Executive Summary:
A high-severity SQL Injection vulnerability, identified as CVE-2025-50983, has been discovered in the readarr application. This flaw allows a remote attacker to execute arbitrary commands on the application's database by sending a malicious request, potentially leading to unauthorized data access, modification, or deletion, and posing a significant risk to data confidentiality and integrity.
Vulnerability Details
CVE-ID: CVE-2025-50983
Affected Software: readarr
Affected Versions: See vendor advisory for specific affected versions. The vulnerability was discovered in a version identified as "readarr 0".
Vulnerability: This is a SQL Injection vulnerability that exists in the sortKey parameter of the /api/v1/wanted/cutoff API endpoint. The application fails to properly sanitize user-supplied input to this parameter before incorporating it into a database query. A remote, unauthenticated attacker can exploit this by crafting a malicious GET request containing specially formatted SQL commands within the sortKey parameter, allowing them to execute arbitrary queries against the back-end database.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.3. Successful exploitation could have a severe impact on the business by compromising the confidentiality, integrity, and availability of data managed by the readarr application. An attacker could potentially extract sensitive user information, modify or delete critical application data leading to service disruption, or in some configurations, escalate privileges to compromise the underlying server. This poses a significant risk of data breach, operational disruption, and reputational damage.
Remediation Plan
Immediate Action: Apply the security patches released by the vendor for readarr immediately to remediate the vulnerability. As a best practice, review database user permissions and ensure the application's database account operates under the principle of least privilege. It is also recommended to enable and centralize database query logging to assist in detecting and investigating potential exploitation attempts.
Proactive Monitoring: Security teams should actively monitor web server logs for suspicious requests to the /api/v1/wanted/cutoff endpoint, specifically looking for unusual or malformed data in the sortKey parameter. Database activity monitoring should be configured to alert on abnormal query structures, excessive data requests, or errors originating from the readarr application's user account.
Compensating Controls: If immediate patching is not feasible, implement a Web Application Firewall (WAF) with a ruleset configured to detect and block common SQL Injection attack patterns targeting the vulnerable endpoint and parameter. Restrict network access to the readarr web interface, limiting it to trusted IP addresses only.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of August 27, 2025, there are no known public exploits or reports of this vulnerability being actively exploited in the wild. However, SQL Injection is a well-understood vulnerability class, and it is highly probable that proof-of-concept exploit code will be developed and released by security researchers in the near future.
Analyst Recommendation
Given the High severity (CVSS 8.3) of this vulnerability and the potential for complete database compromise, organizations are strongly advised to treat this as a high-priority issue. The immediate application of vendor-supplied patches is the most effective course of action. While this CVE is not currently on the CISA KEV list, the critical nature of the flaw warrants urgent remediation to prevent potential data breaches and system compromise.
Apply vendor patches immediately. Review database access controls and enable query logging.
NodeBB v4
NodeBB v4
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
SQL Injection vulnerability in AbanteCart 1.4.2, allows unauthenticated attackers to execute arbitrary SQL commands via the tmpl_id parameter to index...
SQL Injection vulnerability in AbanteCart 1.4.2, allows unauthenticated attackers to execute arbitrary SQL commands via the tmpl_id parameter to index.php. Three techniques have been demonstrated: err...
Executive Summary:
A critical SQL Injection vulnerability, identified as CVE-2025-50972, has been discovered in AbanteCart e-commerce platform. This flaw allows an unauthenticated attacker to remotely execute arbitrary commands on the backend database, potentially leading to a complete compromise of sensitive customer data, financial information, and administrative control over the affected online store.
Vulnerability Details
CVE-ID: CVE-2025-50972
Affected Software: AbanteCart
Affected Versions: Version 1.4.2 is confirmed vulnerable. See vendor advisory for a complete list of affected versions.
Vulnerability: The vulnerability is a classic SQL Injection that exists due to insufficient input sanitization of the tmpl_id parameter in the index.php file. An unauthenticated remote attacker can exploit this by sending a specially crafted HTTP request to the web server. By injecting malicious SQL syntax into the tmpl_id parameter, the attacker can manipulate the database queries executed by the application, allowing for data exfiltration, modification, or deletion, and in some database configurations, achieve remote code execution on the server.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8. Exploitation could have a devastating impact on the business, leading to a severe data breach of customer personally identifiable information (PII), credentials, and payment card data. Such an incident would result in significant reputational damage, loss of customer trust, and potential regulatory fines under frameworks like GDPR or CCPA. Furthermore, an attacker could deface the website, disrupt business operations by altering product or order information, or use the compromised server as a pivot point to attack other systems within the corporate network.
Remediation Plan
Immediate Action: Update all instances of AbanteCart to the latest patched version provided by the vendor immediately. After patching, it is crucial to monitor for any ongoing exploitation attempts and thoroughly review historical web server and application access logs for any indicators of compromise preceding the update.
Proactive Monitoring: Security teams should actively monitor for signs of exploitation. Review web server access logs for requests to index.php containing SQL keywords (e.g., UNION, SELECT, SLEEP, '--) within the tmpl_id parameter. Monitor for unusual outbound network traffic from the database server, which could indicate data exfiltration, and watch for unexpected spikes in database CPU utilization.
Compensating Controls: If immediate patching is not feasible, implement a Web Application Firewall (WAF) with rules specifically designed to block SQL injection attacks targeting the tmpl_id parameter. Additionally, ensure the database user account leveraged by AbanteCart operates under the principle of least privilege, restricting its ability to perform system-level commands or access sensitive database tables outside of its operational scope.
Exploitation Status
Public Exploit Available: true
Analyst Notes: As of August 27, 2025, this vulnerability has been publicly disclosed, and Proof-of-Concept (PoC) exploit code is available. Due to the ease of exploitation and its unauthenticated nature, it is highly probable that threat actors will quickly weaponize this vulnerability for mass scanning and opportunistic attacks against internet-facing AbanteCart installations.
Analyst Recommendation
Given the critical 9.8 CVSS score and the public availability of exploit code, this vulnerability poses an immediate and severe threat to the organization. We recommend that all vulnerable AbanteCart instances be patched immediately as the highest priority. Although this CVE is not currently listed on the CISA KEV list, its characteristics make it a prime candidate for future inclusion. Organizations should treat this vulnerability with the same urgency as a known exploited vulnerability and initiate incident response procedures to hunt for evidence of compromise that may have occurred prior to applying the patch.
Update SQL Injection vulnerability in AbanteCart Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
FontForge v20230101 was discovered to contain a memory leak via the utf7toutf8_copy function at /fontforge/sfd
FontForge v20230101 was discovered to contain a memory leak via the utf7toutf8_copy function at /fontforge/sfd
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Audiofile v0
Audiofile v0
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Burk Technology ARC Solo's password change mechanism can be utilized without proper authentication procedures, allowing an attacker to take over the...
Burk Technology ARC Solo's password change mechanism can be utilized without proper authentication procedures, allowing an attacker to take over the device. A password change request can be sent dir...
---METADATA---
VENDOR: Burk Technology
PRODUCT: ARC Solo
AFFECTED_VERSIONS: See vendor advisory
CONFIDENCE: medium
MISSING: versions, patch
---END_METADATA---
Description Summary:
A vulnerability in the password change mechanism of Burk Technology ARC Solo allows unauthenticated attackers to change passwords and hijack devices.
Executive Summary:
A critical authentication bypass vulnerability in Burk Technology ARC Solo allows unauthenticated attackers to take full control of the device by changing administrative passwords.
Vulnerability Details
CVE-ID: CVE-2025-5095
Affected Software: Burk Technology ARC Solo
Affected Versions: See vendor advisory
Vulnerability: The device’s password change mechanism lacks proper authentication procedures, permitting an unauthenticated attacker to submit a request that modifies credentials and enables unauthorized administrative access.
Business Impact
With a CVSS score of 9.8, this vulnerability poses a severe risk to infrastructure monitoring and control. Unauthorized device takeover could allow an attacker to alter environmental settings, disrupt critical monitoring, or use the device as a pivot point for further lateral movement within the network.
Remediation Plan
Immediate Action: Apply the latest firmware update provided by Burk Technology to enforce proper authentication for password management functions.
Proactive Monitoring: Review device access logs for frequent or unauthorized password change attempts and monitor for anomalous administrative logins.
Compensating Controls: Isolate affected ARC Solo units behind a VPN or firewall to ensure the management interface is not exposed to the public internet.
Exploitation Status
Public Exploit Available: Not specified
Analyst Notes: As of Aug 8, 2025, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
This vulnerability represents a total loss of device integrity. It is imperative to restrict access to the management interface and apply vendor-supplied updates immediately to prevent full device takeover.
Update Burk Technology ARC Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
An issue was discovered in the method push
An issue was discovered in the method push
Executive Summary:
A high-severity vulnerability, identified as CVE-2025-50944, has been discovered in multiple products from the vendor 'issue'. This flaw allows a remote, unauthenticated attacker to execute arbitrary code on affected systems, potentially leading to a full system compromise, data theft, and service disruption. Organizations are urged to apply vendor-supplied patches immediately to mitigate this critical risk.
Vulnerability Details
CVE-ID: CVE-2025-50944
Affected Software: issue Multiple Products
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability exists within the push method, which fails to properly validate the size and content of incoming data. A remote, unauthenticated attacker can send a specially crafted request containing a malicious payload that triggers a buffer overflow condition. Successful exploitation of this flaw overwrites adjacent memory structures, allowing the attacker to execute arbitrary code with the privileges of the application process.
Business Impact
This is a High severity vulnerability with a CVSS score of 8.8. Successful exploitation could grant an attacker complete control over the affected systems, leading to severe business consequences. Key risks include the theft of sensitive corporate data, customer personally identifiable information (PII), and intellectual property; disruption of critical business operations; and the potential for the compromised system to be used as a foothold for further attacks against the internal network. A public breach resulting from this vulnerability could also lead to significant reputational damage and regulatory fines.
Remediation Plan
Immediate Action: Apply vendor security updates immediately across all identified vulnerable systems. After patching, it is crucial to monitor for any signs of post-compromise activity by reviewing access and application logs for unusual or unauthorized access attempts targeting the vulnerable component.
Proactive Monitoring: Implement enhanced monitoring on affected systems. Security teams should analyze application logs for errors or crashes related to the push method, inspect network traffic for unusually large or malformed requests to the affected endpoint, and use endpoint detection and response (EDR) tools to alert on suspicious process creation or outbound network connections from the host systems.
Compensating Controls: If immediate patching is not feasible, implement a Web Application Firewall (WAF) with rules specifically designed to block malicious requests targeting the vulnerable push method. Additionally, consider restricting network access to the affected service to only trusted IP addresses and isolating the vulnerable systems in a segmented network zone to limit potential lateral movement.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of September 15, 2025, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, due to the high severity (CVSS 8.8) and the potential for unauthenticated remote code execution, it is highly probable that proof-of-concept exploits will be developed and released by security researchers or threat actors in the near future.
Analyst Recommendation
Given the High severity rating (CVSS 8.8) and the critical risk of remote code execution, CVE-2025-50944 represents a significant and urgent threat to the organization. Immediate patching is the most effective mitigation and should be prioritized as an emergency change. While this vulnerability is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog, its characteristics make it a prime candidate for future inclusion. Organizations must act swiftly to apply patches, implement compensating controls where patching is delayed, and maintain vigilant monitoring for any signs of exploitation.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
There is an authentication bypass vulnerability in WinterChenS my-site thru commit 6c79286 (2025-06-11). An attacker can exploit this vulnerability to...
There is an authentication bypass vulnerability in WinterChenS my-site thru commit 6c79286 (2025-06-11). An attacker can exploit this vulnerability to access /admin/ API without any token.
Executive Summary:
A critical authentication bypass vulnerability, identified as CVE-2025-50904, has been discovered in the WinterChenS my-site product. This flaw allows an unauthenticated attacker to gain complete administrative access to the application's /admin/ API, posing a severe risk of system compromise, data theft, and operational disruption. Due to the critical severity (CVSS 9.8) and ease of exploitation, immediate remediation is strongly advised.
Vulnerability Details
CVE-ID: CVE-2025-50904
Affected Software: There is an authentication bypass vulnerability in WinterChenS Multiple Products
Affected Versions: All versions of my-site up to and including commit 6c79286.
Vulnerability: The vulnerability exists within the authentication mechanism for the /admin/ API endpoints of the WinterChenS my-site application. A flaw in the security checks allows requests to these protected endpoints to be processed without a valid authentication token. An unauthenticated remote attacker can exploit this by sending crafted API requests directly to the administrative interface, thereby bypassing all access controls and gaining full administrative privileges over the application.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation grants an attacker the same level of access as a legitimate administrator. This could lead to a complete compromise of the application, including theft of sensitive user data, modification or deletion of critical information, and deployment of malicious code. The potential business impact includes significant data breaches, financial loss, service outages, reputational damage, and loss of customer trust.
Remediation Plan
Immediate Action: Update There is an authentication bypass vulnerability in WinterChenS Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Proactive Monitoring: Security teams should immediately begin monitoring web server and application logs for any direct, unauthenticated access attempts to URLs beginning with /admin/. Specifically, look for requests to these paths that lack an authentication token or result in a successful (e.g., HTTP 200) status code from an external IP address. Monitor for unauthorized administrative activities, such as the creation of new admin accounts, unexpected configuration changes, or data export activities.
Compensating Controls: If immediate patching is not feasible, implement the following controls to mitigate risk:
/admin/ path to only trusted internal IP addresses./admin/ API that does not contain a valid session token.Exploitation Status
Public Exploit Available: False
Analyst Notes: As of the publication date of August 20, 2025, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, due to the critical severity and the simplicity of exploitation, it is highly probable that threat actors will develop and deploy exploits in the near future.
Analyst Recommendation
Given the critical CVSS score of 9.8, this vulnerability represents a severe and immediate threat to the organization. We strongly recommend that all affected systems be patched immediately. While this CVE is not currently listed on the CISA KEV catalog, its characteristics make it a prime candidate for future inclusion. Organizations should treat this vulnerability with the highest priority, apply the vendor-supplied updates, and conduct a thorough review of access logs to search for any signs of past compromise.
Update There is an authentication bypass vulnerability in WinterChenS Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Cross Site Request Forgery (CSRF) vulnerability in old-peanut Open-Shop (aka old-peanut/wechat_applet__open_source) thru 1
Cross Site Request Forgery (CSRF) vulnerability in old-peanut Open-Shop (aka old-peanut/wechat_applet__open_source) thru 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
JeeWMS 771e4f5d0c01ffdeae1671be4cf102b73a3fe644 (2025-05-19) contains incorrect authentication bypass vulnerability, which can lead to arbitrary file...
JeeWMS 771e4f5d0c01ffdeae1671be4cf102b73a3fe644 (2025-05-19) contains incorrect authentication bypass vulnerability, which can lead to arbitrary file reading.
Executive Summary:
A critical vulnerability has been identified in multiple JeeWMS products, designated as CVE-2025-50901 with a CVSS score of 9.8. This flaw allows an unauthenticated attacker to bypass security controls and read arbitrary files from the underlying server, potentially exposing sensitive data such as configuration files, credentials, and proprietary information. Due to its critical severity and the ease of exploitation, immediate remediation is strongly recommended to prevent a potential data breach.
Vulnerability Details
CVE-ID: CVE-2025-50901
Affected Software: JeeWMS Multiple Products
Affected Versions: Versions including and prior to commit 771e4f5d0c01ffdeae1671be4cf102b73a3fe644. See vendor advisory for specific affected versions.
Vulnerability: The vulnerability is an incorrect authentication bypass. A flaw in the application's authentication logic allows a remote, unauthenticated attacker to circumvent access controls. By exploiting this flaw, the attacker can then leverage a file reading function, likely through path traversal, to access and exfiltrate any file on the server's filesystem that the application's user account has permission to read. This could include sensitive application source code, configuration files containing database credentials, system files, and other confidential data.
Business Impact
This vulnerability presents a critical risk to the organization, reflected by its CVSS score of 9.8. Successful exploitation could lead to a severe data breach, resulting in the compromise of sensitive corporate data, customer information (PII), and intellectual property. The exposure of credentials read from configuration files could allow an attacker to pivot and gain deeper access to the internal network, leading to a wider system compromise. Potential consequences include significant financial loss, reputational damage, regulatory penalties, and loss of customer trust.
Remediation Plan
Immediate Action: The highest priority is to apply the security patches provided by the vendor.
Proactive Monitoring:
../, ..%2f).Compensating Controls: If patching cannot be performed immediately, implement the following controls to reduce risk:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of the publication date of this advisory (Aug 20, 2025), there are no known public proof-of-concept exploits or active exploitation campaigns targeting this vulnerability. However, given the critical severity (9.8) and the nature of the flaw (unauthenticated remote file read), it is highly probable that threat actors will develop exploits in the near future.
Analyst Recommendation
Given the critical severity of CVE-2025-50901, this vulnerability requires immediate attention. The potential for a complete compromise of sensitive data by an unauthenticated attacker makes it a top-priority target for remediation. Although it is not currently listed on the CISA KEV catalog, its high-impact nature makes it a likely candidate for future inclusion. We strongly recommend that organizations apply the vendor-supplied updates to all affected JeeWMS products without delay to mitigate this significant risk.
Update JeeWMS Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
An issue was discovered in getrebuild/rebuild 4.0.4. The affected source code class is com.rebuild.web.RebuildWebInterceptor, and the affected functio...
An issue was discovered in getrebuild/rebuild 4.0.4. The affected source code class is com.rebuild.web.RebuildWebInterceptor, and the affected function is preHandle In the filter code, use CodecUtils....
---METADATA---
VENDOR: getrebuild
PRODUCT: rebuild
AFFECTED_VERSIONS: 4.0.4
CONFIDENCE: high
MISSING: patch, technical_details
---END_METADATA---
Description Summary:
A security vulnerability in getrebuild/rebuild version 4.0.4 within the RebuildWebInterceptor class allows for potential unauthorized access via the preHandle function.
Executive Summary:
A critical vulnerability in the getrebuild/rebuild interceptor logic allows unauthenticated remote attackers to bypass security controls and compromise the application.
Vulnerability Details
CVE-ID: CVE-2025-50900
Affected Software: getrebuild rebuild
Affected Versions: 4.0.4
Vulnerability: The flaw resides in the com.rebuild.web.RebuildWebInterceptor class, specifically within the preHandle function. The use of CodecUtils in the filter chain fails to adequately secure the request path, allowing unauthenticated attackers to bypass intended authentication or authorization checks.
Business Impact
With a CVSS score of 9.8, this vulnerability poses a severe threat to data integrity and confidentiality. An attacker could potentially bypass authentication mechanisms to gain unauthorized administrative access, leading to full system compromise and the exposure of sensitive data processed by the Rebuild platform.
Remediation Plan
Immediate Action: Update to the latest version of the getrebuild/rebuild software as soon as it becomes available to address the flawed interceptor logic.
Proactive Monitoring: Review web server and application access logs for unusual request patterns, particularly those targeting the preHandle interceptor path.
Compensating Controls: Utilize a Web Application Firewall (WAF) to block suspicious requests directed at the web application, specifically filtering for unauthorized access attempts to protected resources.
Exploitation Status
Public Exploit Available: Unknown
Analyst Notes: As of Aug 25, 2025, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
This vulnerability represents a significant security oversight in the application's core request filtering. Security teams must prioritize applying the latest vendor patches to remediate the authentication bypass risk and prevent unauthorized access to the environment.
Update An issue was discovered in Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
The eudskacs
The eudskacs
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
The `flow/admin/moniteur
The `flow/admin/moniteur
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Institute-of-Current-Students 1.0 is vulnerable to Incorrect Access Control in the mydetailsstudent.php endpoint. The myds GET parameter accepts an em...
Institute-of-Current-Students 1.0 is vulnerable to Incorrect Access Control in the mydetailsstudent.php endpoint. The myds GET parameter accepts an email address as input and directly returns the corr...
Executive Summary:
A critical vulnerability has been identified in multiple products, specifically within the Institute-of-Current-Students 1.0 software. This flaw allows an unauthenticated attacker to retrieve sensitive student details simply by knowing a student's email address, leading to a severe data breach. Immediate patching is required to prevent the mass exposure of Personally Identifiable Information (PII).
Vulnerability Details
CVE-ID: CVE-2025-50870
Affected Software: Unknown Multiple Products, including Institute-of-Current-Students.
Affected Versions: Institute-of-Current-Students version 1.0. See vendor advisory for other specific affected products and versions.
Vulnerability: The application suffers from an Incorrect Access Control vulnerability, also known as an Insecure Direct Object Reference (IDOR). The mydetailsstudent.php endpoint fails to validate if the user requesting data is authorized to view it. An attacker can craft a simple GET request to this endpoint (e.g., https://[target]/mydetailsstudent.php?myds=[student_email]) and substitute any valid student email address to retrieve that student's personal information without authentication.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8, reflecting the ease of exploitation and the high impact on confidentiality. Successful exploitation would result in a large-scale data breach of sensitive student PII, such as names, addresses, contact information, and academic records. This could lead to significant reputational damage, loss of trust from students and parents, regulatory fines under data protection laws (e.g., GDPR, FERPA), and potential legal action from affected individuals. The compromised data could also be used for identity theft, phishing, and other malicious activities.
Remediation Plan
Immediate Action: The primary remediation is to identify all instances of the vulnerable software and update to the latest patched version as provided by the vendor. After patching, confirm the vulnerability has been resolved by testing the mydetailsstudent.php endpoint.
Proactive Monitoring: System administrators should actively monitor web server access logs for any requests to the mydetailsstudent.php endpoint. Specifically, look for a high volume of requests from a single IP address or requests enumerating multiple different email addresses in the myds parameter, as these are strong indicators of an exploitation attempt.
Compensating Controls: If immediate patching is not feasible, implement a Web Application Firewall (WAF) rule to block or rate-limit all requests to the mydetailsstudent.php endpoint. Alternatively, if the endpoint's functionality is not business-critical, disable it entirely or restrict access to it at the network or application level to only trusted, authenticated administrative users.
Exploitation Status
Public Exploit Available: true
Analyst Notes: As of Aug 1, 2025, this vulnerability is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, indicating no widespread, active exploitation has been confirmed by CISA. However, the vulnerability is trivial to exploit, requiring only a web browser or a simple script. Proof-of-concept (PoC) exploit code is simple to create and is considered publicly available due to the vulnerability's nature.
Analyst Recommendation
Given the critical CVSS score of 9.8 and the trivial nature of exploitation, this vulnerability poses an immediate and severe risk to the organization. We strongly recommend that all affected systems be identified and patched immediately. This vulnerability should be prioritized with the highest urgency, equivalent to that of a CISA KEV entry, to prevent a potentially devastating data breach.
Update Unknown Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Executive Summary:
A critical vulnerability has been identified in multiple TOTOLINK networking products. This flaw, a buffer overflow, can be exploited by an unauthenticated remote attacker to execute arbitrary code and gain complete control over the affected device, posing a severe risk to network security and integrity.
Vulnerability Details
CVE-ID: CVE-2025-51630
Affected Software: TOTOLINK Multiple Products
Affected Versions: Version N350RT V9.3.5u.6139_B20201216 is confirmed vulnerable. See vendor advisory for a complete list of affected products and versions.
Vulnerability: The vulnerability is a stack-based buffer overflow within the
setIpPortFilterRulesfunction, which is part of the device's web management interface. An attacker can send a specially crafted HTTP request containing an overly long string in theePortparameter. Because the function does not properly validate the input length, the excessive data overwrites adjacent memory on the stack, allowing the attacker to corrupt critical data structures and hijack the program's execution flow to run arbitrary code with the privileges of the device's firmware, typically root.Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8, reflecting the potential for complete system compromise with no user interaction required. Successful exploitation would allow an attacker to take full administrative control of the network device. This could lead to severe consequences, including interception and redirection of network traffic, disabling network access for the organization, using the compromised device as a pivot point to attack other internal systems, or incorporating the device into a botnet for use in larger-scale attacks like Distributed Denial-of-Service (DDoS).
Remediation Plan
Immediate Action: Identify all vulnerable TOTOLINK devices within the environment and update the firmware to the latest version as recommended by the vendor. Prioritize patching for externally-facing or critical network infrastructure devices. After patching, review device logs for any signs of compromise that may have occurred prior to the update.
Proactive Monitoring: Configure network monitoring and firewall logging to detect and alert on exploitation attempts. Specifically, monitor for inbound web requests to the device's management interface that contain unusually long values for the
ePortparameter. System administrators should also monitor affected devices for anomalous behavior such as unexpected reboots, high CPU usage, or unusual outbound traffic patterns.Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce the risk of exploitation:
ePortparameter.Exploitation Status
Public Exploit Available: False
Analyst Notes: As of Jul 17, 2025, there are no known public proof-of-concept exploits or active exploitation campaigns targeting this vulnerability. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog. However, given the critical severity and the straightforward nature of buffer overflow vulnerabilities, it is highly probable that threat actors will develop an exploit in the near future.
Analyst Recommendation
Given the critical CVSS score of 9.8, this vulnerability presents a significant and immediate risk to the organization. We strongly recommend that all affected TOTOLINK devices be patched immediately without delay. Although this vulnerability is not yet listed in the CISA KEV, its severity warrants an emergency patching cycle. If patching cannot be performed immediately, the compensating controls listed above, particularly restricting access to the management interface, must be implemented as a top priority to mitigate the high risk of compromise.