24h | 7d | 30d

Overview

  • Sangfor Technologies Co., Ltd.
  • Endpoint Detection and Response Platform

24 Jun 2025
Published
24 Jun 2025
Updated

CVSS v4.0
CRITICAL (10.0)
EPSS
1.03%

KEV

Description

An OS command injection vulnerability exists in the Chinese versions of Sangfor Endpoint Detection and Response (EDR) management platform versions 3.2.16, 3.2.17, and 3.2.19. The vulnerability allows unauthenticated attackers to construct and send malicious HTTP requests to the EDR Manager interface, leading to arbitrary command execution with elevated privileges. This flaw only affects the Chinese-language EDR builds.

Statistics

  • 1 Post
  • 1 Interaction

Fediverse

Profile picture

LMAO. It's an older vuln and was added to CNVD in 2020 but just got a CVE last week. 🥳

sangfor.com/blog/cybersecurity

sev:CRIT 10.0 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

An OS command injection vulnerability exists in the Chinese versions of Sangfor Endpoint Detection and Response (EDR) management platform versions 3.2.16, 3.2.17, and 3.2.19. The vulnerability allows unauthenticated attackers to construct and send malicious HTTP requests to the EDR Manager interface, leading to arbitrary command execution with elevated privileges. This flaw only affects the Chinese-language EDR builds.

cnvd.org.cn/flaw/show/CNVD-202

nvd.nist.gov/vuln/detail/CVE-2

And FWIW, ShadowServer shows EITW in CN.

dashboard.shadowserver.org/sta

  • 0
  • 1
  • 23 hours ago

Overview

  • Pending

30 Jun 2025
Published
30 Jun 2025
Updated

CVSS
Pending
EPSS
0.12%

KEV

Description

Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes.

Statistics

  • 1 Post
  • 1 Interaction

Fediverse

Profile picture

Not yet evaluated means no risk yet, right?

medium.com/@mrcnry/cve-2025-26

Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes.

  • 0
  • 1
  • 22 hours ago

Overview

  • wpopal
  • Opal Estate Pro – Property Management and Submission

01 Jul 2025
Published
01 Jul 2025
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.06%

KEV

Description

The Opal Estate Pro – Property Management and Submission plugin for WordPress, used by the FullHouse - Real Estate Responsive WordPress Theme, is vulnerable to privilege escalation via in all versions up to, and including, 1.7.5. This is due to a lack of role restriction during registration in the 'on_regiser_user' function. This makes it possible for unauthenticated attackers to arbitrarily choose the role, including the Administrator role, assigned when registering.

Statistics

  • 1 Post

Fediverse

Profile picture

⚠️ CRITICAL: CVE-2025-6934 in Opal Estate Pro plugin (<=1.7.5) lets unauth attackers register as admins on WordPress sites. Disable plugin, restrict registrations, and review accounts ASAP! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 10 hours ago

Overview

  • notepad-plus-plus
  • notepad-plus-plus

23 Jun 2025
Published
01 Jul 2025
Updated

CVSS v3.1
HIGH (7.3)
EPSS
0.01%

KEV

Description

Notepad++ is a free and open-source source code editor. In versions 8.8.1 and prior, a privilege escalation vulnerability exists in the Notepad++ v8.8.1 installer that allows unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. An attacker could use social engineering or clickjacking to trick users into downloading both the legitimate installer and a malicious executable to the same directory (typically Downloads folder - which is known as Vulnerable directory). Upon running the installer, the attack executes automatically with SYSTEM privileges. This issue has been fixed and will be released in version 8.8.2.

Statistics

  • 1 Post

Fediverse

Profile picture

CVE Record: CVE-2025-49144 - Notepad++ Privilege Escalation In Installer Via Uncontrolled Executable Search Path #SuggestedRead #devopsish cve.org/CVERecord?id=CVE-2025-

  • 0
  • 0
  • 20 hours ago

Overview

  • LizardByte
  • Sunshine

01 Jul 2025
Published
01 Jul 2025
Updated

CVSS v3.1
CRITICAL (9.7)
EPSS
0.02%

KEV

Description

Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.628.4510, the web UI of Sunshine lacks protection against Cross-Site Request Forgery (CSRF) attacks. This vulnerability allows an attacker to craft a malicious web page that, when visited by an authenticated user, can trigger unintended actions within the Sunshine application on behalf of that user. Specifically, since the application does OS command execution by design, this issue can be exploited to abuse the "Command Preparations" feature, enabling an attacker to inject arbitrary commands that will be executed with Administrator privileges when an application is launched. This issue has been patched in version 2025.628.4510.

Statistics

  • 1 Post

Fediverse

Profile picture

🛡️ CRITICAL CSRF vuln in LizardByte Sunshine (<2025.628.4510): attackers can trigger admin-level OS commands via web UI if users visit malicious links. Patch to 2025.628.4510+ ASAP! CVE-2025-53095 radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 15 hours ago

Overview

  • Cisco
  • Cisco Identity Services Engine Software

25 Jun 2025
Published
26 Jun 2025
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
0.14%

KEV

Description

A vulnerability in an internal API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device and then execute those files on the underlying operating system as root. This vulnerability is due a lack of file validation checks that would prevent uploaded files from being placed in privileged directories on an affected system. An attacker could exploit this vulnerability by uploading a crafted file to the affected device. A successful exploit could allow the attacker to store malicious files on the affected system and then execute arbitrary code or obtain root privileges on the system.

Statistics

  • 2 Posts

Fediverse

Profile picture

🚨CVE-2025-20281 & CVE-2025-20282: Unauthenticated RCE Vulnerabilities in Cisco ISE and ISE-PIC

• CVSS: 10
• ZoomEye Dork: app="Cisco ISE"
• Results: 1,937
• Advisory:
github.com/advisories/GHSA-rc4f-42xm-hvjwgithub.com/advisories/GHSA-w8p2-wjjr-hr24

• PoC: github.com/abrewer251/CVE-2025-20281-2-Citrix-ISE-RCE

• ZoomEye Search: zoomeye.ai/searchResult?q=YXBwPSJDaXNjbyBJU0Ui

—————

Follow @zoomeye_team's official Twitter/X account and send the message “Dark Web Informer” via DM to receive an extra 15-day membership. 💙

  • 0
  • 0
  • 23 hours ago
Profile picture

Cisco centra il bersaglio: 9,8 su 10 per due RCE su Identity Services Engine e Passive Identity Connector

Cisco ha segnalato due vulnerabilitĂ  RCE critiche che non richiedono autenticazione e interessano Cisco Identity Services Engine (ISE) e Passive Identity Connector (ISE-PIC). Alle vulnerabilitĂ  sono stati assegnati gli identificatori CVE-2025-20281 e CVE-2025-20282 e hanno ottenuto il punteggio massimo di 9,8 punti su 10 sulla scala CVSS. Il primo problema riguarda le versioni 3.4 e 3.3 di ISE e ISE-PIC, mentre il secondo riguarda solo la versione 3.4.

La causa principale dell’errore CVE-2025-20281 era l’insufficiente convalida dell’input utente in un’API esposta. Ciò consentiva a un aggressore remoto e non autenticato di inviare richieste API contraffatte per eseguire comandi arbitrari come utente root. Il secondo problema, CVE-2025-20282, era causato da una convalida dei file insufficiente nell’API interna, che consentiva la scrittura di file in directory privilegiate. Questo bug consentiva ad aggressori remoti non autenticati di caricare file arbitrari sul sistema di destinazione ed eseguirli con privilegi di root.

La piattaforma Cisco Identity Services Engine (ISE) è progettata per gestire le policy di sicurezza di rete e il controllo degli accessi e in genere funge da motore di controllo degli accessi alla rete (NAC), gestione delle identità e applicazione delle policy. Questo prodotto è un elemento chiave della rete aziendale ed è spesso utilizzato da grandi aziende, enti governativi, università e fornitori di servizi.

Gli esperti Cisco segnalano che finora non si sono verificati casi di sfruttamento attivo di nuove vulnerabilità (né exploit resi pubblici), ma si consiglia a tutti gli utenti di installare gli aggiornamenti il prima possibile. Gli utenti dovrebbero aggiornare alla versione 3.3 Patch 6 (ise-apply-CSCwo99449_3.3.0.430_patch4) e alla versione 3.4 Patch 2 (ise-apply-CSCwo99449_3.4.0.608_patch1) o successive. Non esistono soluzioni alternative per risolvere i problemi senza applicare patch.

E’ ovvio che con vulnerabilità di tale entità, sia necessario procedere con urgenza all’aggiornamento delle patch, al fine di prevenire possibili tentativi di violazione. Il fornitore raccomanda pertanto di effettuare tempestivamente gli aggiornamenti necessari.

L'articolo Cisco centra il bersaglio: 9,8 su 10 per due RCE su Identity Services Engine e Passive Identity Connector proviene da il blog della sicurezza informatica.

  • 0
  • 0
  • 8 hours ago

Overview

  • AMI
  • MegaRAC-SPx

11 Mar 2025
Published
27 Jun 2025
Updated

CVSS v4.0
CRITICAL (10.0)
EPSS
9.47%

Description

AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remotely through the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability.

Statistics

  • 1 Post

Fediverse

Profile picture

💣 Actively exploited vulnerability gives extraordinary control over server fleets • Ars Technica

「 The vulnerability, carrying a severity rating of 10 out of a possible 10, resides in the AMI MegaRAC, a widely used firmware package that allows large fleets of servers to be remotely accessed and managed even when power is unavailable or the operating system isn't functioning 」

arstechnica.com/security/2025/

#CVE202454085 #vulnerability #cybersecurity

  • 0
  • 0
  • 21 hours ago

Overview

  • Pending

02 Jun 2023
Published
02 Aug 2024
Updated

CVSS
Pending
EPSS
94.48%

Description

In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g., 2020.0 and 2019x) before the five explicitly mentioned versions are affected, including older unsupported versions.

Statistics

  • 1 Post

Fediverse

Profile picture

Okay, I spent some time going through some of my MOVEit logs and I think I see at least part of what's going on with the increase in MOVEit scans noted by @greynoise.

One thing I have noticed is a group of GCP hosts performing high volume scans against the MOVEit servers every seven days, but not against adjacent servers or other servers for the same orgs. This kind of makes it look targeted but the scans are generic kitchen sink vuln scans.

I did notice that some of these and other scanners I've seen over the past few months now have a couple requests that appear to be testing for CVE-2023-34362 mixed in to their other requests. It's like they loaded their automated scanners with updated payload lists.

There are a lot of Cloudflare and AWS IPs in the logs, as indicated by GreyNoise in their blog post. There are not a lot of unique Google IPs but I'm seeing a ton of noise from the ones I do see. But only every seven days. The servers I have logs for all block Tencent so I can't confirm the activity from their infrastructure.

I have also put my juicy eyes on every single GET and POST sent to these MOVEit Transfer servers for the past 60 days and I do not see any payloads that appear to be new or novel. That's not to say there isn't anything new going on, but I'm now comfortable with treating MOVEit servers with the same concern as before the GreyNoise blog post as I don't see any indication of impending action. There may be some WAF or rate limit or geolocation filter testing going on that's disguised as generic scans, but I have no evidence to suggest that's the case.

Caveat: I have relatively low visibility into what's going on at scale like GreyNoise does so take this with a grain of salt and if it's of interest, go confirm it yourself. This is intended to be informational, not actionable.

  • 0
  • 0
  • Last hour

Overview

  • gogs
  • gogs

24 Jun 2025
Published
25 Jun 2025
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
0.33%

KEV

Description

Gogs is an open source self-hosted Git service. Prior to version 0.13.3, it's still possible to delete files under the .git directory and achieve remote command execution due to an insufficient patch for CVE-2024-39931. Unprivileged user accounts can execute arbitrary commands on the Gogs instance with the privileges of the account specified by RUN_USER in the configuration. Allowing attackers to access and alter any users' code hosted on the same instance. This issue has been patched in version 0.13.3.

Statistics

  • 1 Post
  • 9 Interactions

Fediverse

Profile picture

Woohoo! Another perfect 10 from last week. And this could hit hard. 🥳

github.com/gogs/gogs/security/

sev:CRIT 10.0 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Gogs is an open source self-hosted Git service. Prior to version 0.13.3, it's still possible to delete files under the .git directory and achieve remote command execution due to an insufficient patch for CVE-2024-39931. Unprivileged user accounts can execute arbitrary commands on the Gogs instance with the privileges of the account specified by RUN_USER in the configuration. Allowing attackers to access and alter any users' code hosted on the same instance. This issue has been patched in version 0.13.3.

nvd.nist.gov/vuln/detail/CVE-2

  • 5
  • 4
  • 22 hours ago

Overview

  • Pending

04 Jul 2024
Published
02 Aug 2024
Updated

CVSS v3.1
CRITICAL (9.9)
EPSS
0.64%

KEV

Description

Gogs through 0.13.0 allows deletion of internal files.

Statistics

  • 1 Post
  • 9 Interactions

Fediverse

Profile picture

Woohoo! Another perfect 10 from last week. And this could hit hard. 🥳

github.com/gogs/gogs/security/

sev:CRIT 10.0 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Gogs is an open source self-hosted Git service. Prior to version 0.13.3, it's still possible to delete files under the .git directory and achieve remote command execution due to an insufficient patch for CVE-2024-39931. Unprivileged user accounts can execute arbitrary commands on the Gogs instance with the privileges of the account specified by RUN_USER in the configuration. Allowing attackers to access and alter any users' code hosted on the same instance. This issue has been patched in version 0.13.3.

nvd.nist.gov/vuln/detail/CVE-2

  • 5
  • 4
  • 22 hours ago
Showing 21 to 30 of 111 CVEs