2025-01-16
2025-01-16 21:15Z
HIGH

CVE-2025-23913 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-23913

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in pankajpragma WordPress Google Map Professional google-map-professional allows SQL Injection.This issue affects WordPress Google Map Professional: from n/a through <= 1.0. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2025-01-16
2025-01-16 21:15Z
HIGH

CVE-2025-23912 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-23912

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Philipp Speck WordPress Custom Sidebar wordpress-custom-sidebar allows Blind SQL Injection.This issue affects WordPress Custom Sidebar: from n/a through <= 2.3. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2025-01-16
2025-01-16 21:15Z
HIGH

CVE-2025-23911 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-23911

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in solidres Solidres – Hotel booking plugin solidres allows SQL Injection.This issue affects Solidres – Hotel booking plugin: from n/a through <= 0.9.4. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2025-01-16
2025-01-16 21:15Z
CRIT

CVE-2025-23797 — Site: Cross-Site Request Forgery (CSRF) vulnerability in Mike Selander WP Options Editor wp-options-editor allows Privilege

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-23797

Cross-Site Request Forgery (CSRF) vulnerability in Mike Selander WP Options Editor wp-options-editor allows Privilege Escalation.This issue affects WP Options Editor: from n/a through <= 1.1. CVSSv3.1 9.8 (CRITICAL)

CWECWE 352TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-01-16
2025-01-16 20:24Z
INFO

Volatility 3 2.11.0

Volatility3 releases·github.com

Volatility 3 2.11.0 released with 13 new plugins for Linux and Windows memory forensics, including eBPF analysis, hidden module detection, and system call hooking detection. Improvements include CLI output filtering and Python 3.8 as the new minimum version.

SRFOsTACTA0007VNDVolatilityTYPToolSTGDiscovery
52
Edit Score
2025-01-16
2025-01-16 20:15Z
HIGH

CVE-2025-23532 — Site: Cross-Site Request Forgery (CSRF) vulnerability in Regios MyAnime Widget myanime-widget allows Privilege Escalation.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-23532

Cross-Site Request Forgery (CSRF) vulnerability in Regios MyAnime Widget myanime-widget allows Privilege Escalation.This issue affects MyAnime Widget: from n/a through <= 1.0. CVSSv3.1 8.8 (HIGH)

CWECWE 352TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-01-16
2025-01-16 20:15Z
HIGH

CVE-2025-23530 — Site: Cross-Site Request Forgery (CSRF) vulnerability in yonisink Custom Post Type Lockdown custom-post-type-lockdown allows Privilege

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-23530

Cross-Site Request Forgery (CSRF) vulnerability in yonisink Custom Post Type Lockdown custom-post-type-lockdown allows Privilege Escalation.This issue affects Custom Post Type Lockdown: from n/a through <= 1.11. CVSSv3.1 8.8 (HIGH)

CWECWE 352TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
728 × 90 / responsive · programmatic ad slot
2025-01-16
2025-01-16 20:15Z
HIGH

CVE-2025-23528 — Incorrect: Privilege Assignment vulnerability in Mosterd3d DD Roles dd-roles allows Privilege Escalation.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-23528

Incorrect Privilege Assignment vulnerability in Mosterd3d DD Roles dd-roles allows Privilege Escalation.This issue affects DD Roles: from n/a through <= 4.1. CVSSv3.1 8.8 (HIGH) · EPSS 21th percentile

CWECWE 266TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-01-16
2025-01-16 03:15Z
CRIT

CVE-2025-22916 — Edimax Re11s_firmware: RE11S v1.11 was discovered to contain a stack overflow via the pppUserName parameter in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-22916

RE11S v1.11 was discovered to contain a stack overflow via the pppUserName parameter in the formPPPoESetup function. CVSSv3.1 9.8 (CRITICAL) · EPSS 49th percentile

CWECWE 120VNDEdimaxVNDRe11sTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-01-16
2025-01-16 03:15Z
CRIT

CVE-2025-22912 — Edimax Re11s_firmware: RE11S v1.11 was discovered to contain a command injection vulnerability via the component /goform/formAccept.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-22912

RE11S v1.11 was discovered to contain a command injection vulnerability via the component /goform/formAccept. CVSSv3.1 9.8 (CRITICAL) · EPSS 81th percentile

CWECWE 77VNDEdimaxVNDRe11sTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2025-01-16
2025-01-16 03:15Z
CRIT

CVE-2025-22907 — Edimax Re11s_firmware: RE11S v1.11 was discovered to contain a stack overflow via the selSSID parameter in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-22907

RE11S v1.11 was discovered to contain a stack overflow via the selSSID parameter in the formWlSiteSurvey function. CVSSv3.1 9.8 (CRITICAL) · EPSS 55th percentile

CWECWE 120VNDEdimaxVNDRe11sTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-01-16
2025-01-16 03:15Z
CRIT

CVE-2025-22906 — Edimax Re11s_firmware: RE11S v1.11 was discovered to contain a command injection vulnerability via the L2TPUserName parameter

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-22906

RE11S v1.11 was discovered to contain a command injection vulnerability via the L2TPUserName parameter at /goform/setWAN. CVSSv3.1 9.8 (CRITICAL) · EPSS 84th percentile

CWECWE 94VNDEdimaxVNDRe11sTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2025-01-16
2025-01-16 03:15Z
CRIT

CVE-2025-22905 — Edimax Re11s_firmware: RE11S v1.11 was discovered to contain a command injection vulnerability via the command parameter

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-22905

RE11S v1.11 was discovered to contain a command injection vulnerability via the command parameter at /goform/mp. CVSSv3.1 9.8 (CRITICAL) · EPSS 92th percentile

CWECWE 94VNDEdimaxVNDRe11sTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2025-01-16
2025-01-16 03:15Z
CRIT

CVE-2025-22904 — Edimax Re11s_firmware: RE11S v1.11 was discovered to contain a stack overflow via the pptpUserName parameter in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-22904

RE11S v1.11 was discovered to contain a stack overflow via the pptpUserName parameter in the setWAN function. CVSSv3.1 9.8 (CRITICAL) · EPSS 49th percentile

CWECWE 120VNDEdimaxVNDRe11sTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-01-15
2025-01-15 23:15Z
CRIT

CVE-2024-57726 — Simple-help Simplehelp: remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-57726

SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role. CVSSv3.1 9.9 (CRITICAL) · EPSS 54th percentile

CWECWE 862VNDSimplehelpVNDSimple HelpTYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2025-01-15
2025-01-15 17:03Z
HIGH

Trustify — Attack Active Directory Trusts with a single tool

GitHub · AD attack tooling·github.comGITHUB POC

Trustify is a PowerShell wrapper tool that automates attacks against Active Directory forest trusts, including trust account takeover via extracted Kerberos keys, SIDHistory injection, unconstrained delegation abuse, and ADCS template exploitation. The tool consolidates multiple existing attack primitives (Rubeus, PKI-Escalate, PowerView) into a single interface for lateral movement and privilege escalation across domain boundaries.

SRFOsTACTA0004TACTA0006SRFIdentityTACTA0008VNDMicrosoftTYPResearchTYPTool
72
Edit Score
2025-01-15
2025-01-15 16:15Z
HIGH

CVE-2025-22799 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-22799

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in vertim Neon Product Designer neon-product-designer-for-woocommerce allows SQL Injection.This issue affects Neon Product Designer: from n/a through <= 2.2.0. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2025-01-15
2025-01-15 16:15Z
CRIT

CVE-2025-22785 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-22785

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ComMotion Course Booking System course-booking-system allows SQL Injection.This issue affects Course Booking System: from n/a through <= 6.0.6. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2025-01-15
2025-01-15 16:15Z
HIGH

CVE-2025-22784 — Site: Cross-Site Request Forgery (CSRF) vulnerability in swedish boy Background Control background-control allows Path Traversal.This

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-22784

Cross-Site Request Forgery (CSRF) vulnerability in swedish boy Background Control background-control allows Path Traversal.This issue affects Background Control: from n/a through <= 1.0.5. CVSSv3.1 8.6 (HIGH)

CWECWE 352TYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2025-01-15
2025-01-15 16:15Z
CRIT

CVE-2025-22782 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Web Ready Now WR Price

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-22782

Unrestricted Upload of File with Dangerous Type vulnerability in Web Ready Now WR Price List Manager For Woocommerce wr-price-list-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects WR Price List Manager For Woocommerce: from n/a through <= 1.0.8. CVSSv3.1 9.9 (CRITICAL)

CWECWE 434TYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2025-01-15
2025-01-15 16:15Z
HIGH

CVE-2025-22736 — Incorrect: Privilege Assignment vulnerability in Saad Iqbal User Management user-management allows Privilege Escalation.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-22736

Incorrect Privilege Assignment vulnerability in Saad Iqbal User Management user-management allows Privilege Escalation.This issue affects User Management: from n/a through <= 1.2. CVSSv3.1 8.8 (HIGH)

CWECWE 266TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-01-15
2025-01-15 15:15Z
CRIT

CVE-2024-12084 — Samba Rsync: A heap-based buffer overflow flaw was found in the rsync daemon.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-12084

A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer. CVSSv3.1 9.8 (CRITICAL) · EPSS 99th percentile

CWECWE 787CWECWE 122VNDSambaVNDAlmalinuxVNDArchlinuxTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2025-01-14
2025-01-14 23:15Z
CRIT

CVE-2024-57483 — Tenda I24_firmware: i24 V2.0.0.5 is vulnerable to Buffer Overflow in the addWifiMacFilter function.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-57483

Tenda i24 V2.0.0.5 is vulnerable to Buffer Overflow in the addWifiMacFilter function. CVSSv3.1 9.8 (CRITICAL) · EPSS 46th percentile

CWECWE 120VNDTendaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-01-14
2025-01-14 23:15Z
CRIT

CVE-2024-57473 — H3c N12_firmware: N12 V100R005 contains a buffer overflow vulnerability due to the lack of length

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-57473

H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the mac address editing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs. CVSSv3.1 9.8 (CRITICAL) · EPSS 53th percentile

CWECWE 120VNDH3cTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-01-14
2025-01-14 22:15Z
CRIT

CVE-2024-57482 — H3c N12_firmware: N12 V100R005 contains a buffer overflow vulnerability due to the lack of length

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-57482

H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the 5G wireless network processing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs. CVSSv3.1 9.8 (CRITICAL) · EPSS 53th percentile

CWECWE 120VNDH3cTYPVulnerability
9.8
CVSS v3.1
99
Edit Score