2025-08-14
2025-08-14 11:15Z
HIGH

CVE-2025-25172 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-25172

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in beeteam368 VidMov vidmov allows PHP Local File Inclusion.This issue affects VidMov: from n/a through <= 1.9.4. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-08-14
2025-08-14 11:15Z
CRIT

CVE-2025-24775 — Upload: Forms forms-by-made-it allows Upload a Web Shell to a Web Server.This issue affects Forms

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-24775

Unrestricted Upload of File with Dangerous Type vulnerability in Made I.T. Forms forms-by-made-it allows Upload a Web Shell to a Web Server.This issue affects Forms: from n/a through <= 2.9.0. CVSSv3.1 9.9 (CRITICAL)

CWECWE 434TYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2025-08-14
2025-08-14 00:00Z
CRIT

Crypto24 Ransomware Group Blends Legitimate Tools with Custom Malware for Stealth Attacks

Trend Micro Research·trendmicro.comin the wild

Trend Micro disclosed detailed analysis of Crypto24 ransomware group conducting multi-stage attacks across Asia, Europe, and USA targeting financial services, manufacturing, entertainment, and technology sectors. The group combines legitimate tools (PSExec, AnyDesk, RDP patching) with custom malware including a RealBlindingEDR variant, keyloggers, and VMProtect-hardened ransomware payloads, using advanced evasion including UAC bypass via COM interface exploitation and EDR disablement via Group Policy abuse. Attackers maintain persistence through scheduled tasks, privileged account creation, and Google Drive exfiltration of keylogged credentials.

SRFOsTACTA0004TACTA0005TACTA0001TACTA0006TACTA0007TACTA0003TACTA0008
78
Edit Score
2025-08-13
2025-08-13 21:15Z
CRIT

CVE-2012-10060 — Sysax Multi_server: Multi Server versions prior to 5.55 contain a stack-based buffer overflow in its

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2012-10060

Sysax Multi Server versions prior to 5.55 contain a stack-based buffer overflow in its SSH service. When a remote attacker supplies an overly long username during authentication, the server copies the input to a fixed-size stack buffer without proper bounds checking. This allows remote code execution under the context of the service. CVSSv3.1 9.8 (CRITICAL) · EPSS 99th percentile

CWECWE 121VNDSysaxTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2025-08-13
2025-08-13 17:15Z
CRIT

CVE-2025-51451 — Totolink Ex1200t_firmware: In TOTOLINK EX1200T firmware 4.1.2cu.5215, an attacker can bypass login by sending a specific

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-51451

In TOTOLINK EX1200T firmware 4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm. CVSSv3.1 9.8 (CRITICAL) · EPSS 33th percentile

CWECWE 287VNDTotolinkTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-08-13
2025-08-13 16:15Z
CRIT

CVE-2025-51452 — Totolink A7000r_firmware: In TOTOLINK A7000R firmware 9.1.0u.6115_B20201022, an attacker can bypass login by sending a specific

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-51452

In TOTOLINK A7000R firmware 9.1.0u.6115_B20201022, an attacker can bypass login by sending a specific request through formLoginAuth.htm. CVSSv3.1 9.8 (CRITICAL) · EPSS 33th percentile

CWECWE 288VNDTotolinkTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-08-12
2025-08-12 18:15Z
CRIT

CVE-2025-53766 — Microsoft Office: Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-53766

Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network. CVSSv3.1 9.8 (CRITICAL) · EPSS 68th percentile

CWECWE 122VNDMicrosoftVNDHeapTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
728 × 90 / responsive · programmatic ad slot
2025-08-12
2025-08-12 12:15Z
HIGH

CVE-2024-54678 — This could allow an authenticated local attacker to cause a type confusion and execute

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-54678

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions < V6.0 SP1 Update 1), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 V17 (All versions < V17 Update 9), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions < V19 Update 4), SIMATIC STEP 7 V20 (All versions < V20 Update 4), SIMATIC WinCC V17 (All versions < V17 Update 9), SIMATIC WinCC V18 (All versions), SIMA CVSSv3.1 8.2 (HIGH) · EPSS 46th percentile

CWECWE 502TYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2025-08-12
2025-08-12 03:15Z
HIGH

CVE-2025-5391 — WooCommerce: The WooCommerce Purchase Orders plugin for WordPress is vulnerable to arbitrary file deletion due

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-5391

The WooCommerce Purchase Orders plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_file() function in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). CVSSv3.1 8.1 (HIGH)

CWECWE 22VNDWoocommerceTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-08-12
2025-08-12 00:00Z
HIGH

New Ransomware Charon Uses Earth Baxia APT Techniques to Target Enterprises

Trend Micro Research·trendmicro.comin the wild

Trend Micro identified Charon, a new ransomware family deployed in targeted attacks against Middle East public sector and aviation organizations, using DLL sideloading (Edge.exe → msedge.dll) and process injection techniques similar to Earth Baxia APT campaigns. The malware employs multi-stage encrypted payloads, Curve25519+ChaCha20 hybrid encryption, anti-EDR capabilities via the Dark-Kill driver, and network propagation to encrypt both local and network shares with customized ransom notes.

SRFOsTACTA0005TACTA0001TACTA0002TACTA0040VNDTrend MicroTYPResearchTYPThreat Intel
76
Edit Score
2025-08-11
2025-08-11 04:38Z
HIGH

AMSI-Bypass-HWBP

GitHub · EDR bypass / evasion·github.comGITHUB POC

AMSI-Bypass-HWBP is a Rust-based debugger tool that bypasses Windows Defender's Antimalware Scan Interface (AMSI) by attaching to PowerShell processes and setting hardware breakpoints on AmsiScanBuffer(), then reducing the scanned buffer length to 1 byte to evade detection. The technique exploits the AMSI scanning mechanism by manipulating the R8 register (length parameter) to force the function to scan only a single byte, resulting in AMSI_RESULT_CLEAN responses.

SRFOsTACTA0005VNDMicrosoftTYPToolTYPExploitSTGDefense EvasionTECT1562.001EXPProcess Injection
68
Edit Score
2025-08-08
2025-08-08 19:15Z
INFO

CVE-2012-10047 — Cyclope: Employee Surveillance Solution versions 6.x are vulnerable to a SQL injection flaw in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2012-10047

Cyclope Employee Surveillance Solution versions 6.x are vulnerable to a SQL injection flaw in its login mechanism. The username parameter in the auth-login POST request is not properly sanitized, allowing attackers to inject arbitrary SQL statements. This can be leveraged to write and execute a malicious PHP file on disk, resulting in remote code execution under the SYSTEM user context. EPSS 98th percentile

CWECWE 89VNDCyclopeTYPVulnerability
66
Edit Score
2025-08-07
2025-08-07 20:15Z
HIGH

CVE-2025-47219 — Gstreamer Gstreamer: In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_trak function may read past the end

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-47219

In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_trak function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile

CWECWE 125VNDGstreamerTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-08-07
2025-08-07 18:15Z
HIGH

CVE-2025-51629 — XSS: A cross-site scripting (XSS) vulnerability in the PdfViewer component of Agenzia Impresa Eccobook 2.81.1

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-51629

A cross-site scripting (XSS) vulnerability in the PdfViewer component of Agenzia Impresa Eccobook 2.81.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Temp parameter. CVSSv3.1 8.8 (HIGH) · EPSS 27th percentile

CWECWE 79VNDXssTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-08-07
2025-08-07 17:15Z
HIGH

CVE-2025-24000 — Authentication: Bypass Using an Alternate Path or Channel vulnerability in Saad Iqbal Post SMTP

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-24000

Authentication Bypass Using an Alternate Path or Channel vulnerability in Saad Iqbal Post SMTP post-smtp allows Authentication Bypass.This issue affects Post SMTP: from n/a through <= 3.2.0. CVSSv3.1 8.8 (HIGH)

CWECWE 288TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-08-06
2025-08-06 21:15Z
HIGH

CVE-2025-51056 — Vedo_suite_project Vedo_suite: An unrestricted file upload vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-51056

An unrestricted file upload vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to write to arbitrary filesystem paths by exploiting the insecure 'uploadPreviews()' custom function in '/api_vedo/colorways_preview', ultimately resulting in remote code execution (RCE). CVSSv3.1 8.2 (HIGH) · EPSS 41th percentile

CWECWE 434VNDVedo Suite ProjectTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2025-08-06
2025-08-06 21:15Z
HIGH

CVE-2025-51055 — Vedo_suite_project Vedo_suite: Insecure Data Storage of credentials has been found in /api_vedo/configuration/config.yml file in Vedo Suite

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-51055

Insecure Data Storage of credentials has been found in /api_vedo/configuration/config.yml file in Vedo Suite version 2024.17. This file contains clear-text credentials, secret keys, and database information. CVSSv3.1 8.6 (HIGH) · EPSS 21th percentile

CWECWE 312VNDVedo Suite ProjectTYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2025-08-06
2025-08-06 16:15Z
HIGH

CVE-2025-53786 — Microsoft Exchange_server: On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-53786

On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and accompanying non-security Hot Fix. Microsoft made these changes in the general interest of improving the security of hybrid Exchange deployments. Following further investigation, Microsoft identified specific security implications tied to the guidance and configuration steps outlined in the April announcement. Microsoft is issuing CVE-2025-53786 to document a vulnerability that CVSSv3.1 8.0 (HIGH) · EPSS 69th percentile

CWECWE 287VNDMicrosoftVNDAprilTYPVulnerability
8.0
CVSS v3.1
90
Edit Score
2025-08-06
2025-08-06 13:00Z
INFO

Next-Level Fingerprinting: Tools, Logic, and Tactics

Bishop Fox Labs·bishopfox.com

Bishop Fox published research on improving fingerprinting capabilities for asset identification and vulnerability discovery. The work combines signature normalization across multiple tools (Nmap, Recog, Wappalyzer, Nuclei), AI-assisted signature generation, and performance optimizations tested against 180GB/day of internet banner data to create a more cohesive fingerprinting framework.

SRFApplicationSRFNetworkSRFWebTACTA0043TYPResearchTYPToolSTGDiscoverySTGRecon
68
Edit Score
2025-08-06
2025-08-06 03:15Z
HIGH

CVE-2025-8420 — WordPress: Multiple plugins for WordPress by emarket-design with the 'emd-form-builder-lite' package are vulnerable to Remote

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-8420

Multiple plugins for WordPress by emarket-design with the 'emd-form-builder-lite' package are vulnerable to Remote Code Execution in various versions via the emd_form_builder_lite_pagenum function. This is due to the plugin not properly validating user input before using it as a function name. This makes it possible for unauthenticated attackers to execute code on the server, however, parameters can not be passed to the functions called CVSSv3.1 8.1 (HIGH)

CWECWE 95VNDWordpressTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-08-05
2025-08-05 20:15Z
INFO

CVE-2013-10068 — Foxit: Reader Plugin version 2.2.1.530, bundled with Foxit Reader 5.4.4.11281, contains a stack-based buffer

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2013-10068

Foxit Reader Plugin version 2.2.1.530, bundled with Foxit Reader 5.4.4.11281, contains a stack-based buffer overflow vulnerability in the npFoxitReaderPlugin.dll module. When a PDF file is loaded from a remote host, an overly long query string in the URL can overflow a buffer, allowing remote attackers to execute arbitrary code. EPSS 98th percentile

CWECWE 121VNDFoxitTYPVulnerability
68
Edit Score
2025-08-05
2025-08-05 20:15Z
INFO

CVE-2012-10032 — Maxthon3: versions prior to 3.3 are vulnerable to cross context scripting (XCS) via the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2012-10032

Maxthon3 versions prior to 3.3 are vulnerable to cross context scripting (XCS) via the about:history page. The browser’s trusted zone improperly handles injected script content, allowing attackers to execute arbitrary JavaScript in a privileged context. This flaw enables modification of browser configuration and execution of arbitrary code through Maxthon’s exposed DOM APIs, including maxthon.program.Program.launch() and maxthon.io.writeDataURL(). Exploitation requires user i EPSS 98th percentile

CWECWE 94CWECWE 79VNDMaxthon3TYPVulnerability
65
Edit Score
2025-08-05
2025-08-05 20:15Z
INFO

CVE-2012-10027 — Property: A remote attacker can upload arbitrary PHP files to a temporary directory without authentication

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2012-10027

WP-Property plugin for WordPress up to and including version 1.35.0 contains an unauthenticated file upload vulnerability in the third-party `uploadify.php` script. A remote attacker can upload arbitrary PHP files to a temporary directory without authentication, leading to remote code execution. EPSS 99th percentile

CWECWE 434VNDPropertyTYPVulnerability
72
Edit Score
2025-08-05
2025-08-05 20:15Z
INFO

CVE-2012-10024 — XBMC: version 11, including builds up to the 2012-11-04 nightly release, contains a path

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2012-10024

XBMC version 11, including builds up to the 2012-11-04 nightly release, contains a path traversal vulnerability in its embedded HTTP server. When accessed via HTTP Basic Authentication, the server fails to properly sanitize URI input, allowing authenticated users to request files outside the intended document root. An attacker can exploit this flaw to read arbitrary files from the host filesystem, including sensitive configuration or credential files. EPSS 98th percentile

CWECWE 22VNDXbmcTYPVulnerability
65
Edit Score
2025-08-04
2025-08-04 21:15Z
CRIT

CVE-2025-50341 — Boolean: A Boolean-based SQL injection vulnerability was discovered in Axelor 5.2.4 via the _domain parameter.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-50341

A Boolean-based SQL injection vulnerability was discovered in Axelor 5.2.4 via the _domain parameter. An attacker can manipulate the SQL query logic and determine true/false conditions, potentially leading to data exposure or further exploitation. CVSSv3.1 9.8 (CRITICAL) · EPSS 36th percentile

CWECWE 89VNDBooleanTYPVulnerability
9.8
CVSS v3.1
99
Edit Score