2025-10-16
2025-10-16 07:15Z
CRIT

CVE-2025-10850 — Felan: The Felan Framework plugin for WordPress is vulnerable to improper authentication in versions up

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-10850

The Felan Framework plugin for WordPress is vulnerable to improper authentication in versions up to, and including, 1.1.4. This is due to the hardcoded password in the 'fb_ajax_login_or_register' function and in the 'google_ajax_login_or_register' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, if they registered with facebook or google social login and did not change their password. CVE-2025-23504 is likely a duplica CVSSv3.1 9.8 (CRITICAL)

CWECWE 798VNDFelanTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-10-16
2025-10-16 00:00Z
HIGH

Shifts in the Underground: The Impact of Water Kurita’s (Lumma Stealer) Doxxing

Trend Micro Research·trendmicro.com

Trend Micro reports a significant decline in Lumma Stealer (Water Kurita) activity following a targeted doxxing campaign in late August–October 2025 that exposed alleged core members' personal and operational details, coinciding with Telegram account compromise on September 17. The disruption has triggered a migration of customers to competing infostealer MaaS platforms, primarily Vidar and StealC, while related services like Amadey saw reduced activity. The incident illustrates the volatile nature of the cybercriminal ecosystem where dominance attracts both law enforcement and rival threat actors.

SRFApplicationTACTA0006TACTA0009VNDAmadeyVNDLumma StealerVNDStealcVNDVidarTYPResearch
72
Edit Score
2025-10-15
2025-10-15 09:15Z
CRIT

CVE-2025-9967 — Orion: The Orion SMS OTP Verification plugin for WordPress is vulnerable to privilege escalation via

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-9967

The Orion SMS OTP Verification plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.7. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user's password to a one-time password if the attacker knows the user's phone number CVSSv3.1 9.8 (CRITICAL)

CWECWE 288VNDOrionTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-10-15
2025-10-15 09:15Z
HIGH

CVE-2025-10299 — Instant: The WPBifröst – Instant Passwordless Temporary Login Links plugin for WordPress is vulnerable to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-10299

The WPBifröst – Instant Passwordless Temporary Login Links plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ctl_create_link AJAX action in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create new administrative user accounts and subsequently log in as those. CVSSv3.1 8.8 (HIGH)

CWECWE 862VNDInstantTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-10-15
2025-10-15 09:15Z
CRIT

CVE-2025-10041 — Flex: The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-10041

The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in thesave_qr_code_to_db() function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. CVSSv3.1 9.8 (CRITICAL)

CWECWE 434VNDFlexTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-10-15
2025-10-15 00:00Z
CRIT

Operation Zero Disco: Attackers Exploit Cisco SNMP Vulnerability to Deploy Rootkits

Trend Micro Research·trendmicro.comCVE-2025-20352CVE-2017-3881in the wild

Trend Micro disclosed Operation Zero Disco, an active campaign exploiting Cisco SNMP vulnerability CVE-2025-20352 to achieve remote code execution and deploy persistent rootkits on Cisco 9400, 9300, and legacy 3750G switches. The rootkit establishes universal passwords, hooks IOSd memory for authentication bypass, enables lateral movement across VLANs via ARP spoofing, and provides a UDP controller for log manipulation, configuration hiding, and VTY ACL bypass.

TACTA0005TACTA0001TACTA0002SRFNetwork ApplianceTACTA0003TACTA0008VNDCiscoTYPResearch
92
Edit Score
2025-10-14
2025-10-14 22:53Z
HIGH

ProtectMyTooling — Multi-Packer wrapper letting us daisy-chain various packers, obfuscators and other Red Team oriented weaponry. Featured

GitHub · red-team tooling·github.comGITHUB POC

ProtectMyTooling is a multi-packer wrapper framework that chains together various PE obfuscators, packers, and shellcode loaders to produce evasion-hardened red team implants. The tool supports 30+ packers (both commercial and open-source), includes artifact watermarking, IOC collection, and PE backdooring capabilities, with a GUI and Cobalt Strike integration.

SRFApplicationSRFOsTACTA0005TYPResearchTYPToolSTGDefense EvasionSTGExecution
78
Edit Score
728 × 90 / responsive · programmatic ad slot
2025-10-14
2025-10-14 22:15Z
HIGH

CVE-2025-49552 — Adobe Connect: versions 12.9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS)

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-49552

Adobe Connect versions 12.9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a high-privileged attacker to execute malicious scripts in a victim's browser. Exploitation of this issue requires user interaction in that a victim must navigate to a crafted web page. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. Scope is changed. CVSSv3.1 8.1 (HIGH)

CWECWE 79VNDAdobeTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-10-14
2025-10-14 17:16Z
HIGH

CVE-2025-59249 — Microsoft Exchange_server: Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-59249

Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network. CVSSv3.1 8.8 (HIGH) · EPSS 32th percentile

CWECWE 1390VNDMicrosoftVNDWeakTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-10-14
2025-10-14 17:15Z
HIGH

CVE-2025-53782 — Microsoft Exchange_server: Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-53782

Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally. CVSSv3.1 8.4 (HIGH) · EPSS 22th percentile

CWECWE 303VNDMicrosoftTYPVulnerability
8.4
CVSS v3.1
92
Edit Score
2025-10-14
2025-10-14 13:15Z
CRIT

CVE-2025-11721 — Mozilla Firefox: This bug showed evidence of memory corruption and we presume that with enough effort

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-11721

Memory safety bug present in Firefox 143 and Thunderbird 143. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 144 and Thunderbird 144. CVSSv3.1 9.8 (CRITICAL)

CWECWE 119VNDMozillaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-10-14
2025-10-14 13:15Z
HIGH

CVE-2025-11720 — Mozilla Firefox: The Firefox and Firefox Focus UI for the Android custom tab feature only showed

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-11720

The Firefox and Firefox Focus UI for the Android custom tab feature only showed the "site" that was loaded, not the full hostname. User supplied content hosted on a subdomain of a site could have been used to fool a user into thinking it was content from a different subdomain of that site. This vulnerability was fixed in Firefox 144. CVSSv3.1 8.1 (HIGH)

CWECWE 451VNDMozillaVNDFirefoxTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-10-14
2025-10-14 13:15Z
CRIT

CVE-2025-11719 — Mozilla Firefox: Starting in Thunderbird 143, the use of the native messaging API by web extensions

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-11719

Starting in Thunderbird 143, the use of the native messaging API by web extensions on Windows could lead to crashes caused by use-after-free memory corruption. This vulnerability was fixed in Firefox 144 and Thunderbird 144. CVSSv3.1 9.8 (CRITICAL)

CWECWE 416VNDMozillaVNDStartingTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-10-14
2025-10-14 13:15Z
CRIT

CVE-2025-11717 — Mozilla Firefox: When switching between Android apps using the card carousel Firefox shows a black screen

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-11717

When switching between Android apps using the card carousel Firefox shows a black screen as its card image when a password-related screen was the last one being used. Prior to Firefox 144 the password edit screen was visible. This vulnerability was fixed in Firefox 144. CVSSv3.1 9.1 (CRITICAL)

CWECWE 200VNDMozillaTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2025-10-14
2025-10-14 13:15Z
HIGH

CVE-2025-11715 — Mozilla Firefox: Some of these bugs showed evidence of memory corruption and we presume that with

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-11715

Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 144, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4. CVSSv3.1 8.8 (HIGH)

CWECWE 119VNDMozillaTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-10-14
2025-10-14 13:15Z
HIGH

CVE-2025-11714 — Mozilla Firefox: Some of these bugs showed evidence of memory corruption and we presume that with

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-11714

Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4. CVSSv3.1 8.8 (HIGH)

CWECWE 125CWECWE 787CWECWE 119VNDMozillaTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-10-14
2025-10-14 13:15Z
HIGH

CVE-2025-11713 — Mozilla Firefox: Insufficient escaping in the “Copy as cURL” feature could have been used to trick

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-11713

Insufficient escaping in the “Copy as cURL” feature could have been used to trick a user into executing unexpected code on Windows. This did not affect the application when running on other operating systems. This vulnerability was fixed in Firefox 144, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4. CVSSv3.1 8.1 (HIGH)

CWECWE 116VNDMozillaTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-10-14
2025-10-14 13:15Z
CRIT

CVE-2025-11710 — Mozilla Firefox: A compromised web process using malicious IPC messages could have caused the privileged browser

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-11710

A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4. CVSSv3.1 9.8 (CRITICAL)

CWECWE 200VNDMozillaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-10-14
2025-10-14 13:15Z
CRIT

CVE-2025-11709 — Mozilla Firefox: A compromised web process was able to trigger out of bounds reads and writes

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-11709

A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4. CVSSv3.1 9.8 (CRITICAL)

CWECWE 787VNDMozillaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-10-14
2025-10-14 13:15Z
CRIT

CVE-2025-11708 — Mozilla Firefox: Use-after-free in MediaTrackGraphImpl::GetInstance().

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-11708

Use-after-free in MediaTrackGraphImpl::GetInstance(). This vulnerability was fixed in Firefox 144, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4. CVSSv3.1 9.8 (CRITICAL)

CWECWE 416VNDMozillaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-10-14
2025-10-14 13:15Z
CRIT

CVE-2025-10610 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-10610

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SFS Consulting Information Processing Industry and Foreign Trade Inc. Winsure allows Blind SQL Injection. This issue affects Winsure: through Version dated 21.08.2025. CVSSv3.1 9.8 (CRITICAL) · EPSS 12th percentile

CWECWE 89TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-10-14
2025-10-14 13:00Z
HIGH

SaaS Threats are Escalating: A Follow-Up to Our Recent Analysis

Bishop Fox Labs·bishopfox.comin the wild

Bishop Fox published follow-up analysis on two concurrent threat actors targeting SaaS platforms: UNC6040 (ShinyHunters/Scattered Spider) using credential attacks and OAuth phishing, and UNC6395 (suspected nation-state) exploiting integration weaknesses for lateral movement. Campaigns have expanded from Salesforce to Google Workspace and Microsoft 365, with attackers abusing OAuth device code flow to bypass MFA and targeting administrators via LinkedIn reconnaissance and voice phishing.

SRFApplicationTACTA0001TACTA0006SRFCloudTACTA0008VNDMicrosoftVNDGoogleVNDSalesforce
68
Edit Score
2025-10-14
2025-10-14 10:15Z
HIGH

CVE-2025-10228 — Session: Fixation vulnerability in Rolantis Information Technologies Agentis allows Session Hijacking.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-10228

Session Fixation vulnerability in Rolantis Information Technologies Agentis allows Session Hijacking. This issue affects Agentis: before 4.44. CVSSv3.1 8.8 (HIGH) · EPSS 14th percentile

CWECWE 384TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-10-13
2025-10-13 13:15Z
CRIT

CVE-2025-6919 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-6919

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cats Information Technology Software Development Technologies Aykome License Tracking System allows SQL Injection. This issue affects Aykome License Tracking System: before Version dated 06.10.2025. CVSSv3.1 9.8 (CRITICAL) · EPSS 12th percentile

CWECWE 89TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-10-10
2025-10-10 17:15Z
CRIT

CVE-2025-60306 — Code-projects Simple_car_rental_system: Simple Car Rental System 1.0 has a permission bypass issue where low privilege

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-60306

code-projects Simple Car Rental System 1.0 has a permission bypass issue where low privilege users can forge high privilege sessions and perform sensitive operations. CVSSv3.1 9.9 (CRITICAL) · EPSS 30th percentile

CWECWE 287CWECWE 284VNDSimpleVNDCode ProjectsTYPVulnerability
9.9
CVSS v3.1
100
Edit Score