Unauthenticated remote code execution in SMG Software Information Portal versions prior to 13.06.2025 allows attackers to upload web shells and inject OS commands, achieving full server compromise with a maximum CVSS score of 10.0. The vulnerability was reported by Turkey's national CERT (USOM) and no public exploit identified at time of analysis, though the trivial attack complexity and network-accessible nature make it a critical priority for any organization running the affected product.
SQL injection in Moderec Tourtella versions prior to 26.05.2025 allows remote unauthenticated attackers to manipulate backend database queries via crafted input, leading to full compromise of confidentiality, integrity, and availability. The flaw was reported through Turkey's national CERT (USOM) under advisory TR-25-0176 and carries a critical 9.8 CVSS score, though no public exploit identified at time of analysis and no EPSS score was provided.
SQL injection in Bayraktar Solar Energies ScadaWatt Otopilot (versions before 27.05.2025) allows remote unauthenticated attackers to manipulate backend database queries over the network. With a CVSS 9.8 rating and full impact across confidentiality, integrity, and availability, successful exploitation can yield complete database compromise of this SCADA solar energy monitoring platform. There is no public exploit identified at time of analysis, and the CVE is not listed in CISA KEV.
Unauthenticated login token generation in WebinarIgnition plugin for WordPress (versions ≤4.03.32) allows remote attackers to bypass authentication and impersonate arbitrary users. The vulnerability stems from missing capability checks on support staff authentication functions, enabling attackers to generate valid login tokens and authorization cookies without credentials (CVSS:3.1 AV:N/AC:L/PR:N). EPSS data not provided; no confirmation of active exploitation (CISA KEV) at time of analysis. Public exploit code existence not confirmed, though technical details are available via WordPress plugin repository references.