2025-09-05
2025-09-05 17:15Z
CRIT

CVE-2025-49401 — Incorrect: Privilege Assignment vulnerability in axiomthemes smart SEO smartSEO allows Privilege Escalation.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-49401

Incorrect Privilege Assignment vulnerability in axiomthemes smart SEO smartSEO allows Privilege Escalation.This issue affects smart SEO: from n/a through <= 4.0. CVSSv3.1 9.8 (CRITICAL)

CWECWE 266TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-09-05
2025-09-05 14:16Z
HIGH

CVE-2025-58881 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-58881

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopiplus New Simple Gallery new-simple-gallery allows Blind SQL Injection.This issue affects New Simple Gallery: from n/a through <= 8.0. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2025-09-05
2025-09-05 14:15Z
HIGH

CVE-2025-58833 — Site: Cross-Site Request Forgery (CSRF) vulnerability in INVELITY Invelity MyGLS connect invelity-mygls-connect allows Object Injection.This

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-58833

Cross-Site Request Forgery (CSRF) vulnerability in INVELITY Invelity MyGLS connect invelity-mygls-connect allows Object Injection.This issue affects Invelity MyGLS connect: from n/a through <= 1.1.1. CVSSv3.1 8.8 (HIGH)

CWECWE 352TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-09-05
2025-09-05 14:15Z
CRIT

CVE-2025-58819 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in CreedAlly Bulk Featured Image bulk-featured-image

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-58819

Unrestricted Upload of File with Dangerous Type vulnerability in CreedAlly Bulk Featured Image bulk-featured-image allows Upload a Web Shell to a Web Server.This issue affects Bulk Featured Image: from n/a through <= 1.2.4. CVSSv3.1 9.1 (CRITICAL)

CWECWE 434TYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2025-09-04
2025-09-04 19:15Z
HIGH

CVE-2025-48581 — Google Android: This could lead to local escalation of privilege with no additional execution privileges needed.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-48581

In VerifyNoOverlapInSessions of apexd.cpp, there is a possible way to block security updates due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. CVSSv3.1 8.4 (HIGH) · EPSS 0th percentile

CWECWE 754VNDGoogleVNDVerifynooverlapinsessionsTYPVulnerability
8.4
CVSS v3.1
92
Edit Score
2025-09-04
2025-09-04 13:00Z
HIGH

Demystifying 5G Security: Understanding the Registration Protocol

Bishop Fox Labs·bishopfox.com

Bishop Fox published a comprehensive technical analysis of 5G registration protocol vulnerabilities, identifying critical flaws including SUPI disclosure risks, null/weak encryption negotiation (EEA0/EIA0), replay attack susceptibility, and bidding-down attack vectors. The research demonstrates practical exploitation using Open5Gs test environments and open-source tools like 5GReplay and Sni5Gect, with recommendations for defensive configuration and continuous security testing.

SRFMobileTACTA0001SRFNetworkSRFNetwork ApplianceTACTA0043TYPResearchTYPTechniqueSTGDiscovery
72
Edit Score
2025-09-04
2025-09-04 10:42Z
HIGH

CVE-2025-2417 — Restriction: Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft e-Mutabakat allows Authentication Bypass.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-2417

Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft e-Mutabakat allows Authentication Bypass. This issue affects e-Mutabakat: from 2.02.06 before v2.02.06. CVSSv3.1 8.6 (HIGH) · EPSS 23th percentile

CWECWE 307TYPVulnerability
8.6
CVSS v3.1
93
Edit Score
728 × 90 / responsive · programmatic ad slot
2025-09-04
2025-09-04 10:42Z
HIGH

CVE-2025-2411 — Restriction: Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft TaskPano allows Authentication Bypass.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-2411

Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft TaskPano allows Authentication Bypass. This issue affects TaskPano: from s1.06.04 before v1.06.06. CVSSv3.1 8.6 (HIGH) · EPSS 23th percentile

CWECWE 307TYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2025-09-04
2025-09-04 00:00Z
HIGH

An MDR Analysis of the AMOS Stealer Campaign Targeting macOS via ‘Cracked’ Apps

Trend Micro Research·trendmicro.com

Trend Micro analyzed the AMOS (Atomic macOS Stealer) campaign targeting macOS users via trojanized 'cracked' software downloads and Terminal command injection. The malware steals credentials, browser data, cryptocurrency wallets, Telegram chats, VPN profiles, and keychain items, with attackers using rotating domains to evade detection. macOS Sequoia's Gatekeeper blocks the .dmg delivery method, but the Terminal-based installation vector remains effective.

SRFApplicationSRFOsTACTA0005TACTA0001TACTA0002TACTA0006TACTA0003TACTA0009
72
Edit Score
2025-09-03
2025-09-03 15:15Z
HIGH

CVE-2025-57151 — Phpgurukul Complaint_management_system: Complaint Management System 2.0 is vulnerable to Cross Site Scripting (XSS) in admin/userprofile.php

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-57151

phpgurukul Complaint Management System 2.0 is vulnerable to Cross Site Scripting (XSS) in admin/userprofile.php via the fullname parameter. CVSSv3.1 8.8 (HIGH)

CWECWE 79VNDPhpgurukulVNDComplaintTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-09-03
2025-09-03 15:15Z
CRIT

CVE-2025-57148 — Phpgurukul Online_shopping_portal: Online Shopping Portal 2.0 is vulnerable to Arbitrary File Upload in /admin/insert-product.php, due

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-57148

phpgurukul Online Shopping Portal 2.0 is vulnerable to Arbitrary File Upload in /admin/insert-product.php, due to the lack of extension validation. CVSSv3.1 9.1 (CRITICAL)

CWECWE 434VNDPhpgurukulVNDOnlineTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2025-09-03
2025-09-03 15:15Z
HIGH

CVE-2025-57146 — Phpgurukul Complaint_management_system: Complaint Management System in PHP 2.0 is vulnerable to SQL Injection in user/reset-password.php

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-57146

phpgurukul Complaint Management System in PHP 2.0 is vulnerable to SQL Injection in user/reset-password.php via the mobileno parameter. CVSSv3.1 8.1 (HIGH)

CWECWE 89VNDPhpgurukulVNDComplaintTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-09-03
2025-09-03 14:15Z
HIGH

CVE-2025-2416 — Restriction: Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft LimonDesk allows Authentication Bypass.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-2416

Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft LimonDesk allows Authentication Bypass. This issue affects LimonDesk: from s1.02.14 before v1.02.17. CVSSv3.1 8.6 (HIGH) · EPSS 23th percentile

CWECWE 307TYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2025-09-03
2025-09-03 09:15Z
HIGH

CVE-2025-2415 — Restriction: Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta allows Authentication Bypass.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-2415

Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta allows Authentication Bypass. This issue affects MyRezzta: from s2.03.01 before v2.05.01. CVSSv3.1 8.6 (HIGH) · EPSS 23th percentile

CWECWE 307TYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2025-09-03
2025-09-03 09:15Z
CRIT

CVE-2025-1740 — Restriction: Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta allows Authentication Bypass, Password

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-1740

Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta allows Authentication Bypass, Password Recovery Exploitation, Brute Force. This issue affects MyRezzta: from s2.03.01 before v2.05.01. CVSSv3.1 9.8 (CRITICAL) · EPSS 23th percentile

CWECWE 307TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-09-03
2025-09-03 07:15Z
CRIT

CVE-2024-32444 — Inspirythemes Realhomes: Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes realhomes allows Privilege Escalation.This issue affects RealHomes

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-32444

Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes realhomes allows Privilege Escalation.This issue affects RealHomes: from n/a through <= 4.3.6. CVSSv3.1 9.8 (CRITICAL)

CWECWE 266VNDInspirythemesTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-09-02
2025-09-02 14:15Z
HIGH

CVE-2025-2413 — Restriction: Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft ProKuafor allows Authentication Bypass.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-2413

Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft ProKuafor allows Authentication Bypass. This issue affects ProKuafor: from s1.02.08 before v1.02.08. CVSSv3.1 8.6 (HIGH) · EPSS 23th percentile

CWECWE 307TYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2025-09-02
2025-09-02 12:15Z
HIGH

CVE-2025-2414 — Restriction: Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft OctoCloud allows Authentication Bypass.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-2414

Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft OctoCloud allows Authentication Bypass. This issue affects OctoCloud: from s1.09.03 before v1.11.01. CVSSv3.1 8.6 (HIGH) · EPSS 23th percentile

CWECWE 307TYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2025-09-01
2025-09-01 13:15Z
HIGH

CVE-2025-2412 — Restriction: Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft QR Menu allows Authentication Bypass.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-2412

Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft QR Menu allows Authentication Bypass. This issue affects QR Menu: from s1.05.07 before v1.05.12. CVSSv3.1 8.6 (HIGH)

CWECWE 307TYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2025-09-01
2025-09-01 13:15Z
HIGH

CVE-2025-0610 — Site: Cross-Site Request Forgery (CSRF) vulnerability in Akınsoft QR Menü allows Cross Site Request Forgery.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-0610

Cross-Site Request Forgery (CSRF) vulnerability in Akınsoft QR Menü allows Cross Site Request Forgery. This issue affects QR Menü: from s1.05.06 before v1.05.12. CVSSv3.1 8.6 (HIGH) · EPSS 11th percentile

CWECWE 352TYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2025-08-31
2025-08-31 04:15Z
HIGH

CVE-2025-47696 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-47696

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in solwin Blog Designer PRO blog-designer-pro.This issue affects Blog Designer PRO: from n/a through <= 3.4.7. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-08-31
2025-08-31 04:15Z
CRIT

CVE-2025-31100 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Mojoomla School Management school-management allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-31100

Unrestricted Upload of File with Dangerous Type vulnerability in Mojoomla School Management school-management allows Upload a Web Shell to a Web Server.This issue affects School Management: from n/a through <= 1.93.1 (02-07-2025). CVSSv3.1 9.9 (CRITICAL)

CWECWE 434TYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2025-08-31
2025-08-31 04:15Z
CRIT

CVE-2024-32832 — Authorization: Missing Authorization vulnerability in Hamid Alinia Login with phone number login-with-phone-number.This issue affects Login

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-32832

Missing Authorization vulnerability in Hamid Alinia Login with phone number login-with-phone-number.This issue affects Login with phone number: from n/a through <= 1.6.93. CVSSv3.1 9.8 (CRITICAL)

CWECWE 862TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-08-29
2025-08-29 20:15Z
CRIT

CVE-2024-46484 — Trendnet Tv-ip410_firmware: TV-IP410 vA1.0R was discovered to contain an OS command injection vulnerability via the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-46484

TRENDnet TV-IP410 vA1.0R was discovered to contain an OS command injection vulnerability via the /server/cgi-bin/testserv.cgi component. CVSSv3.1 9.8 (CRITICAL) · EPSS 63th percentile

CWECWE 78VNDTrendnetTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-08-28
2025-08-28 17:15Z
CRIT

CVE-2025-57819 — Sangoma Freepbx: 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-57819in the wild

FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution. This issue has been patched in endpoint versions 15.0.66, 16.0.89, and 17.0.3. CVSSv3.1 9.8 (CRITICAL) · EPSS 100th percentile

CWECWE 89CWECWE 288VNDFreepbxVNDSangomaTYPVulnerabilitySTAitw exploited
9.8
CVSS v3.1
100
Edit Score