Citrix NetScaler ADC and Gateway contain an input validation vulnerability (CVE-2025-5777, CVSS 7.5) leading to memory overread when configured as VPN or AAA virtual server. KEV-listed with EPSS 69.8% and public PoC, this vulnerability enables remote unauthenticated attackers to read sensitive data from the appliance's memory, potentially exposing session tokens, credentials, and encryption keys — similar to the Heartbleed class of memory disclosure bugs.
Sitecore Experience Manager, Platform, and Commerce versions 9.0 through 10.4 contain a Zip Slip vulnerability that allows authenticated attackers to write arbitrary files outside the intended upload directory. By crafting ZIP archives with path traversal entries, attackers can overwrite application files and achieve remote code execution.
Sitecore PowerShell Extensions through version 7.0 allows authenticated users to upload arbitrary files including ASPX webshells via crafted HTTP requests. The unrestricted file upload bypasses content type restrictions, enabling remote code execution on the Sitecore IIS server with any authenticated account.
Sitecore Experience Manager (XM) and Experience Platform (XP) versions 10.1 through 10.4.1 contain a hardcoded administrative user account that allows unauthenticated remote attackers to gain unauthorized access to sensitive administrative APIs over HTTP without authentication. This vulnerability has a CVSS score of 7.5 (High) and enables confidentiality breach through direct API access; exploitation likelihood is high due to the low attack complexity and lack of authentication requirements.
The Drag and Drop Multiple File Upload for Contact Form 7 WordPress plugin (versions ≤1.3.8.9) contains an unrestricted file upload vulnerability allowing unauthenticated attackers to bypass file type blacklists and upload dangerous file extensions (.phar, etc.). On servers configured to execute .phar files as PHP (common in default Apache+mod_php setups), this enables remote code execution with high impact to confidentiality, integrity, and availability (CVSS 8.1). While KEV and EPSS data are not provided, the vulnerability is actively exploitable given its public disclosure and network-accessible attack vector.
Critical buffer overflow vulnerability in TOTOLINK X15 firmware (version 1.0.0-B20230714.1105) affecting the HTTP POST request handler in the /boafrm/formTmultiAP endpoint. An authenticated remote attacker can exploit this vulnerability by manipulating the 'submit-url' parameter to achieve buffer overflow, resulting in complete compromise of the router (data theft, modification, and denial of service). Public exploit code is available and the vulnerability meets the profile of actively exploitable threats.
Critical buffer overflow vulnerability in TOTOLINK A3002R router firmware version 4.0.0-B20230531.1404, affecting the HTTP POST request handler in the /boafrm/formMultiAP endpoint. An authenticated attacker can exploit improper input validation on the 'submit-url' parameter to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code is available, increasing real-world exploitation risk.
Critical buffer overflow vulnerability in TOTOLINK A3002RU routers (version 3.0.0-B20230809.1615 and potentially others) affecting the HTTP POST request handler at endpoint /boafrm/formMultiAP. An authenticated attacker can exploit this via a malicious 'submit-url' parameter to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code exists and the vulnerability is actively exploitable.
A buffer overflow vulnerability in A vulnerability (CVSS 8.8). Risk factors: public PoC available.
Critical remote buffer overflow vulnerability in TOTOLINK X15 router firmware (version 1.0.0-B20230714.1105) affecting the HTTP POST request handler for the /boafrm/formMultiAP endpoint. An authenticated attacker can exploit improper input validation on the 'submit-url' parameter to achieve complete system compromise including confidentiality, integrity, and availability breaches. A public proof-of-concept exists and the vulnerability is actively exploitable without user interaction.
Critical buffer overflow vulnerability in TOTOLINK A3002R firmware version 4.0.0-B20230531.1404 affecting the HTTP POST request handler for the /boafrm/formSysLog endpoint. An authenticated attacker can exploit the 'submit-url' parameter to trigger a buffer overflow, achieving remote code execution with high confidentiality, integrity, and availability impact. The vulnerability has public exploit code available and represents an active threat to deployed devices.
Critical remote buffer overflow vulnerability in TOTOLINK A3002RU firmware version 3.0.0-B20230809.1615 affecting the HTTP POST request handler for the /boafrm/formSysLog endpoint. An authenticated attacker can exploit this via manipulation of the submit-url parameter to achieve remote code execution with high confidentiality, integrity, and availability impact. The vulnerability has public exploit disclosure and represents an active threat to deployed devices.
Critical buffer overflow vulnerability in TOTOLINK A702R router firmware (version 4.0.0-B20230721.1521) affecting the HTTP POST request handler for the /boafrm/formSysLog endpoint. An authenticated attacker can exploit this vulnerability remotely by manipulating the submit-url parameter to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code is available, significantly elevating real-world exploitation risk.
A buffer overflow vulnerability in A vulnerability (CVSS 8.8). Risk factors: public PoC available.
Critical stack-based buffer overflow vulnerability in the HTTP POST request handler (function sub_AC78) of D-Link DIR-665 firmware version 1.00, exploitable remotely by authenticated attackers. The vulnerability allows remote code execution with high confidentiality, integrity, and availability impact (CVSS 8.8). Public exploit code is available and the affected product line is no longer maintained by D-Link, significantly elevating real-world risk despite requiring low-privilege authentication.
Improper access control vulnerability in NetScaler ADC and NetScaler Gateway management interfaces that allows unauthenticated attackers on the adjacent network to gain high-impact unauthorized access (confidentiality, integrity, and availability compromise) without requiring user interaction. This is a critical flaw affecting widely-deployed Citrix infrastructure used by enterprises for application delivery and remote access, with high CVSS 8.8 score reflecting the severity of direct control plane compromise.
Buffer overflow vulnerability in TP-Link TL-WR940N V4 and TL-WR841N V11 routers, exploitable remotely through the /userRpm/WanSlaacCfgRpm.htm endpoint. An attacker with high privileges can trigger memory corruption leading to availability impact (denial of service) or potential system compromise. This vulnerability affects end-of-life products no longer receiving vendor support, significantly limiting remediation options.
A privilege escalation vulnerability in A flaw (CVSS 7.8). High severity vulnerability requiring prompt remediation.
Post-authentication insecure deserialization vulnerability in Trend Micro Endpoint Encryption PolicyServer that allows remote code execution with high impact on confidentiality, integrity, and availability. While the CVSS score of 8.8 is significant, exploitation requires prior low-privileged code execution on the target system, substantially reducing real-world attack surface compared to unauthenticated network exploits. The vulnerability affects Trend Micro Endpoint Encryption installations and should be prioritized based on organizational exposure to this specific product line and internal threat modeling of low-privileged account compromise scenarios.
A buffer overflow vulnerability in llama.cpp (CVSS 8.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.
CVE-2025-49155 is an uncontrolled search path vulnerability in Trend Micro Apex One's Data Loss Prevention (DLP) module that allows unauthenticated remote attackers to inject and execute arbitrary code. The vulnerability requires user interaction (CVSS UI:R) but poses critical risk to organizations deploying Apex One, as successful exploitation grants full system compromise with high confidentiality, integrity, and availability impact (CVSS 8.8). Exploitation likelihood should be assessed against current threat intelligence for active in-the-wild usage.
Post-authentication SQL injection vulnerability in Trend Micro Endpoint Encryption PolicyServer that enables authenticated attackers to escalate privileges and achieve full system compromise (confidentiality, integrity, and availability impact). The vulnerability requires an attacker to first obtain low-privileged code execution on the target system before exploiting the SQL injection to escalate to administrative privileges. With a CVSS score of 8.8 and network accessibility, this represents a significant risk to organizations running vulnerable PolicyServer instances, particularly in environments where initial compromise vectors (phishing, lateral movement, supply chain) are plausible.
CVE-2025-49154 is an insecure access control vulnerability (CWE-284) in Trend Micro Apex One and Worry-Free Business Security that allows a local attacker with low-privileged code execution to overwrite critical memory-mapped files, potentially compromising system security and stability. With a CVSS score of 8.7 and low attack complexity, this vulnerability poses a significant risk to enterprise security postures, though exploitation requires prior code execution access. No active KEV confirmation or public POC availability is documented in standard vulnerability databases at this time.
Path traversal vulnerability in themezaa Litho that allows unauthenticated network attackers to cause a denial of service by accessing files outside the intended directory structure. Affected versions range from an unspecified baseline through version 3.0 of the Litho product. The vulnerability has a high CVSS score of 8.6 with a network attack vector and no authentication requirements, making it easily exploitable by remote attackers.
Path traversal vulnerability in Fastw3b LLC FW Gallery (versions through 8.0.0) that allows unauthenticated remote attackers to cause denial of service by manipulating file path parameters. The vulnerability has a high CVSS score of 8.6 due to its network accessibility and lack of authentication requirements, though impact is limited to availability rather than confidentiality or integrity. Specific KEV status, EPSS scores, and publicly available POC information cannot be confirmed from the provided data, warranting immediate vendor contact for patch availability and exploitation status.
SQL injection vulnerability in WpExperts Hub's Woocommerce Partial Shipment plugin (versions up to 3.2) that allows authenticated attackers with low privileges to execute arbitrary SQL queries. The vulnerability has a CVSS score of 8.5 (High) with network accessibility and low attack complexity, enabling attackers to read sensitive database information and potentially disrupt service availability. The attack requires valid user credentials but no special interaction, making it a significant risk for multi-user WordPress/WooCommerce installations.
SQL Injection vulnerability in ValvePress Rankie that allows authenticated attackers to execute arbitrary SQL queries, potentially leading to unauthorized data disclosure and service degradation. The vulnerability affects Rankie across unspecified version ranges and requires valid user credentials to exploit. While the CVSS score of 8.5 indicates high severity, real-world exploitation risk depends on whether public proof-of-concept code exists and the prevalence of Rankie deployments in production environments.
A blind SQL injection vulnerability exists in wpdistillery Navigation Tree Elementor plugin (versions up to 1.0.1) that allows authenticated users to extract sensitive database information through specially crafted input. The vulnerability requires user authentication but operates over the network with low attack complexity, enabling attackers with WordPress user accounts to enumerate and exfiltrate data without direct visibility of query results. No publicly disclosed proof-of-concept or active exploitation in KEV has been confirmed at this time, though the 8.5 CVSS score and SQL injection nature warrant immediate patching.
Heap-based buffer overflow vulnerability in PRJ file parsing that allows local attackers with user interaction to achieve high-impact memory corruption, potentially leading to arbitrary code execution or information disclosure. The vulnerability stems from insufficient validation of user-supplied data within PRJ file structures, enabling attackers to read and write past allocated buffer boundaries. No current KEV status or active exploitation data is available in public records, but the local attack vector and requirement for user interaction (file opening) suggest moderate real-world risk despite the high CVSS score.
CVE-2025-49849 is an out-of-bounds read vulnerability in PRJ file parsing that enables memory corruption through insufficient validation of user-supplied data. The vulnerability affects applications processing PRJ files (commonly associated with project management software) and allows local attackers with user interaction to read and write beyond allocated memory boundaries, potentially leading to information disclosure or code execution. While the CVSS score is moderately high (8.4), real-world exploitability depends on KEV status and active exploitation reports, which are not currently documented in available intelligence.
CVE-2025-49848 is an out-of-bounds write vulnerability in PRJ file parsing that allows unauthenticated local attackers with user interaction to corrupt memory and potentially achieve arbitrary code execution or application crash. The vulnerability stems from insufficient input validation when processing PRJ files, enabling attackers to read and write past allocated buffer boundaries. While no public exploit code or active in-the-wild exploitation has been confirmed at analysis time, the high CVSS score (8.4) and critical impact ratings (confidentiality, integrity, availability all HIGH) indicate this requires prioritized patching.
PHP Local/Remote File Inclusion (LFI/RFI) vulnerability in LoftOcean CozyStay that allows unauthenticated remote attackers to include and execute arbitrary files through improper control of filename parameters in PHP include/require statements. The vulnerability affects CozyStay with a CVSS score of 8.1 (High severity), enabling attackers to read sensitive files, execute arbitrary code, or compromise system integrity without requiring user interaction or authentication.
PHP Local/Remote File Inclusion (LFI/RFI) vulnerability in thembay Diza affecting versions through 1.3.8, stemming from improper control of filenames in include/require statements (CWE-98). An unauthenticated network attacker can exploit this with high complexity to achieve arbitrary file inclusion, leading to information disclosure, code execution, or system compromise. The high CVSS score of 8.1 reflects the severity of potential impacts (confidentiality, integrity, and availability), though real-world exploitability depends on PHP configuration and the specific include/require patterns in affected code.
A security vulnerability in thembay Aora allows PHP Local File Inclusion (CVSS 8.1). High severity vulnerability requiring prompt remediation.
PHP Local File Inclusion (LFI) vulnerability in thembay Hara that allows unauthenticated remote attackers to include and execute arbitrary local files through improper control of filename parameters in PHP include/require statements. Affected versions range from an unspecified baseline through version 1.2.10. While the CVSS score of 8.1 is elevated, the attack complexity is rated 'High,' suggesting real-world exploitation requires specific environmental conditions or timing.
PHP Local File Inclusion (LFI) vulnerability in thembay Maia versions up to 1.1.15, caused by improper control of filenames in PHP include/require statements (CWE-98). An unauthenticated remote attacker can exploit this over the network with high complexity to read arbitrary files on the server, potentially leading to code execution, information disclosure, and system compromise. The vulnerability has a CVSS 3.1 score of 8.1 (High severity) with network accessibility and no privilege requirements, though exploitation requires non-standard conditions (AC:H).
A security vulnerability in thembay Zota allows PHP Local File Inclusion (CVSS 8.1). High severity vulnerability requiring prompt remediation.
PHP Local File Inclusion (LFI) vulnerability in thembay Sapa that allows unauthenticated remote attackers to include and execute arbitrary PHP files through improper input validation on filename parameters in include/require statements. Affected versions range from an unspecified baseline through version 1.1.14. With a CVSS score of 8.1 and network-accessible attack vector, this vulnerability enables confidentiality, integrity, and availability compromise, though exploitation requires high attack complexity (AC:H) suggesting non-trivial preconditions.
PHP Local File Inclusion (LFI) vulnerability in thembay Ruza versions up to 1.0.7, stemming from improper control of filename parameters in PHP include/require statements. An unauthenticated remote attacker can exploit this vulnerability over the network to read arbitrary files from the server and potentially execute code, achieving high confidentiality, integrity, and availability impact. The CVSS score of 8.1 reflects significant risk, though the attack complexity is marked as high, suggesting exploitation may require specific conditions or user interaction timing.
PHP Local File Inclusion (LFI) vulnerability in thembay Nika theme versions through 1.2.8, caused by improper control of filename parameters in PHP include/require statements (CWE-98). An unauthenticated remote attacker can exploit this vulnerability over the network to read arbitrary files from the server filesystem, potentially leading to information disclosure, code execution, or system compromise. The CVSS score of 8.1 (High) reflects significant confidentiality and integrity impact, though the AC:H (Attack Complexity: High) rating suggests some exploitation difficulty; KEV status and active exploitation data would further clarify immediate risk priority.
PHP Local File Inclusion (LFI) vulnerability in thembay Lasa versions up to 1.1, caused by improper control of filename parameters in PHP include/require statements. This allows unauthenticated remote attackers to include and execute arbitrary local files on the server, potentially leading to remote code execution, information disclosure, and system compromise. The high CVSS score of 8.1 reflects the severity of this vulnerability, though the high attack complexity (AC:H) suggests exploitation may require specific environmental conditions or knowledge of the target system.
PHP Local File Inclusion (LFI) vulnerability in thembay Besa versions through 2.3.8, stemming from improper control of filenames in include/require statements (CWE-98). An unauthenticated remote attacker can exploit this via a network vector with high complexity to achieve arbitrary file read/write capabilities, potentially leading to remote code execution. The high CVSS score of 8.1 reflects the severity of the confidentiality, integrity, and availability impact, though real-world exploitation requires specific conditions given the AC:H rating.
PHP Local File Inclusion (LFI) vulnerability in thembay Fana versions through 1.1.28 that allows unauthenticated remote attackers to include and execute arbitrary files through improper control of filename parameters in PHP include/require statements. The high CVSS score of 8.1 reflects the potential for confidentiality, integrity, and availability impact, though the 'H' attack complexity suggests exploitation requires specific conditions or knowledge of the application architecture. No publicly confirmed KEV or widespread active exploitation is documented, but the 2025 CVE date indicates this is a recently disclosed vulnerability requiring immediate attention from Fana users.
PHP Local File Inclusion (LFI) vulnerability in snstheme Simen versions through 4.6 that allows unauthenticated remote attackers to include and execute arbitrary local files via improper control of filename parameters in PHP include/require statements. With a CVSS score of 8.1 and network-based attack vector, this vulnerability enables confidentiality, integrity, and availability compromise; however, the high attack complexity suggests exploitation requires specific conditions or knowledge of the target environment.
PHP Local File Inclusion (LFI) vulnerability in the snstheme Evon WordPress theme (versions up to 3.4) that allows unauthenticated remote attackers to include and execute arbitrary local files on the server. An attacker can exploit this via a network attack with high complexity to achieve arbitrary code execution, data exfiltration, and system compromise. The vulnerability stems from improper input validation on filename parameters passed to PHP include/require statements.
PHP Local File Inclusion (LFI) vulnerability in the snstheme DSK WordPress theme (versions up to 2.2) that allows unauthenticated remote attackers to include and execute arbitrary local files on the server. The vulnerability stems from improper input validation on filename parameters in PHP include/require statements, potentially enabling attackers to read sensitive files, execute code, or compromise the entire WordPress installation. This is a high-severity issue (CVSS 8.1) affecting a popular theme, though real-world exploitation requires moderate attack complexity (AC:H).
Link following (symlink) vulnerability in Trend Micro Deep Security 20.0 agent's anti-malware component that enables local privilege escalation. An attacker with low-privileged code execution can exploit this to gain elevated system privileges (confidentiality, integrity, and availability impact). While no public exploit or active exploitation in the wild has been confirmed, the CVSS 7.8 score and low attack complexity indicate this poses a significant risk to organizations running vulnerable versions.
Local privilege escalation vulnerability in Trend Micro Security 17.8 (Consumer) that exploits insecure link following to allow a low-privileged local attacker to delete privileged Trend Micro files, potentially compromising the security product's integrity. With a CVSS score of 7.8 and low attack complexity (AC:L), this vulnerability poses a significant risk to consumer systems where privilege escalation could disable or corrupt critical security components. No active exploitation (KEV status) or public POC has been reported at this time, but the low barrier to exploitation (local access with low privileges required) warrants prompt patching.
Link following vulnerability (symlink attack) in Trend Micro Deep Security 20.0 agents that enables local privilege escalation on affected systems. An attacker with low-privileged code execution capability can exploit this flaw to gain high-level system access. The vulnerability has a CVSS score of 7.8 with high impact across confidentiality, integrity, and availability; KEV and POC status are not confirmed in available data, but the low attack complexity and low privilege requirement indicate moderate real-world risk once initial code execution is obtained.
CVE-2025-49180 is an integer overflow vulnerability in the RandR (Resize and Rotate) X11 extension's RRChangeProviderProperty function that fails to properly validate input parameters. This allows a local, unprivileged attacker to trigger memory allocation failures or heap corruption, potentially leading to privilege escalation or denial of service on X11-based systems. The vulnerability requires local access and low privileges to exploit, making it a significant risk for multi-user systems and shared computing environments.