In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between January 08-09, 2025.
During this period, The National Vulnerability Database published 137, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 8
High: 24
Medium: 68
Low: 1
Severity Not Assigned: 36
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2018-4301
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: This issue is fixed in SCSSU-201801. A potential stack based buffer overflow existed in GemaltoKeyHandle.cpp.
References: https://smartcardservices.github.io/security/
CWE-ID: CWE-120
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-50603
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutralization of special elements used in an OS command, an unauthenticated attacker is able to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloud_type for list_flightpath_destination_instances, or src_cloud_type for flightpath_connection_test.
References: https://docs.aviatrix.com/documentation/latest/network-security/index.html
https://docs.aviatrix.com/documentation/latest/release-notices/psirt-advisories/psirt-advisories.html?expand=true#remote-code-execution-vulnerability-in-aviatrix-controllers
https://www.securing.pl/en/cve-2024-50603-aviatrix-network-controller-command-injection-vulnerability/
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-56439
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 0.8
Impact Score: 6.0
Description: Access control vulnerability in the identity authentication module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
References: https://consumer.huawei.com/en/support/bulletin/2025/1/
CWE-ID: CWE-693
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-56444
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Cross-process screen stack vulnerability in the UIExtension module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
References: https://consumer.huawei.com/en/support/bulletin/2025/1/
CWE-ID: CWE-264
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-56447
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Vulnerability of improper permission control in the window management module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
References: https://consumer.huawei.com/en/support/bulletin/2025/1/
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-11816
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Remote Code Execution in version 3.0.11. This is due to a missing capability check on the 'wpext_handle_snippet_update' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute code on the server providing an admin has created at least one code snippet.
References: https://plugins.trac.wordpress.org/browser/wpextended/trunk/includes/modules/core_extensions/wpext_snippets/wpext_snippets.php#L705
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3213331%40wpextended&new=3213331%40wpextended&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/b3ce53e5-8666-4227-83d3-58f35db0ce68?source=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-11916
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 3.7
Description: The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on several functions in all versions up to, and including, 3.0.11. This makes it possible for authenticated attackers, with subscriber-level access and above, to import and activate arbitrary code snippets along with
References: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3213331%40wpextended&new=3213331%40wpextended&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/747d7649-bdf5-46d0-a496-59cb7eac77ac?source=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-56451
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.5
Description: Integer overflow vulnerability during glTF model loading in the 3D engine module
Impact: Successful exploitation of this vulnerability may affect availability.
References: https://consumer.huawei.com/en/support/bulletin/2025/1/
CWE-ID: CWE-680
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-11270
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The WordPress Webinar Plugin – WebinarPress plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the 'sync-import-imgs' function and missing file type validation in all versions up to, and including, 1.33.24. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary files that can lead to remote code execution.
References: https://plugins.trac.wordpress.org/changeset/3216237/wp-webinarsystem/trunk/includes/class-webinarsysteem-ajax.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/f1c2cb3f-2f9e-40c5-9e5f-5b85a53e5868?source=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-11271
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The WordPress Webinar Plugin – WebinarPress plugin for WordPress is vulnerable to modification of data due to a missing capability check on several functions in all versions up to, and including, 1.33.24. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify webinars.
References: https://plugins.trac.wordpress.org/changeset/3216237/wp-webinarsystem/trunk/includes/class-webinarsysteem-ajax.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/88508dbd-b7a0-441d-918b-f4cb7a7cd000?source=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-11613
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution, Arbitrary File Read, and Arbitrary File Deletion in all versions up to, and including, 4.24.15 via the 'wfu_file_downloader.php' file. This is due to lack of proper sanitization of the 'source' parameter and allowing a user-defined directory path. This makes it possible for unauthenticated attackers to execute code on the server.
References: https://plugins.svn.wordpress.org/wp-file-upload/trunk/wfu_file_downloader.php
https://plugins.trac.wordpress.org/changeset/3217005/
https://www.wordfence.com/threat-intel/vulnerabilities/id/31052fe6-a0ae-4502-b2d2-dbc3b3bf672f?source=cve
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-11635
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.12 via the 'wfu_ABSPATH' cookie parameter. This makes it possible for unauthenticated attackers to execute code on the server.
References: https://plugins.svn.wordpress.org/wp-file-upload/trunk/wfu_file_downloader.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/b5165f60-6515-4a2c-a124-cc88155eaf01?source=cve
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-11350
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The AdForest theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.1.6. This is due to the plugin not properly validating a user's identity prior to updating their password through the adforest_reset_password() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
References: https://themeforest.net/item/adforest-classified-wordpress-theme/19481695
https://www.wordfence.com/threat-intel/vulnerabilities/id/4ebb766a-44e9-460c-be84-356b7403e593?source=cve
CWE-ID: CWE-640
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-11939
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The Cost Calculator Builder PRO plugin for WordPress is vulnerable to blind time-based SQL Injection via the ‘data’ parameter in all versions up to, and including, 3.2.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://docs.stylemixthemes.com/cost-calculator-builder/changelog-1/changelog-pro-version#id-3.2.16
https://www.wordfence.com/threat-intel/vulnerabilities/id/96ad872f-9831-4113-99ae-322bcd2b6fbd?source=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-45033
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: Insufficient Session Expiration vulnerability in Apache Airflow Fab Provider.
This issue affects Apache Airflow Fab Provider: before 1.5.2.
When user password has been changed with admin CLI, the sessions for that user have not been cleared, leading to insufficient session expiration, thus logged users could continue to be logged in even after the password was changed. This only happened when the password was changed with CLI. The problem does not happen in case change was done with webserver thus this is different from CVE-2023-40273 https://github.com/advisories/GHSA-pm87-24wq-r8w9 which was addressed in Apache-Airflow 2.7.0
Users are recommended to upgrade to version 1.5.2, which fixes the issue.
References: https://github.com/apache/airflow/pull/45139
https://lists.apache.org/thread/yw535346rk766ybzpqtvrl36sjj789st
CWE-ID: CWE-613
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-54676
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Vendor: The Apache Software Foundation
Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0
Description: Default clustering instructions at https://openmeetings.apache.org/Clustering.html doesn't specify white/black lists for OpenJPA this leads to possible deserialisation of untrusted data.
Users are recommended to upgrade to version 8.0.0 and update their startup scripts to include the relevant 'openjpa.serialization.class.blacklist' and 'openjpa.serialization.class.whitelist' configurations as shown in the documentation.
References: https://lists.apache.org/thread/o0k05jxrt5tp4nm45lj14yfjxmg67m95
http://www.openwall.com/lists/oss-security/2025/01/08/1
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-9939
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.13 via wfu_file_downloader.php. This makes it possible for unauthenticated attackers to read files outside of the originally intended directory.
References: https://plugins.trac.wordpress.org/changeset/3188857/wp-file-upload
https://www.wordfence.com/threat-intel/vulnerabilities/id/5e51f301-026d-4ed7-82f8-96c1623bf95c?source=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
18. CVE-2024-12853
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the zip upload functionality in all versions up to, and including, 2.11.10. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
References: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3218127%40modula-best-grid-gallery&new=3218127%40modula-best-grid-gallery&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/ef86b1f2-d5aa-4e83-a792-5fa35734b3d3?source=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
19. CVE-2024-12854
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Garden Gnome Package plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the functionality that automatically extracts 'ggpkg' files that have been uploaded in all versions up to, and including, 2.3.0. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
References: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3215986%40garden-gnome-package&new=3215986%40garden-gnome-package&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/6bcfc8f1-e962-4ad7-8a9d-89ce5c9022b6?source=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
20. CVE-2024-11423
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The Ultimate Gift Cards for WooCommerce – Create WooCommerce Gift Cards, Gift Vouchers, Redeem & Manage Digital Gift Coupons. Offer Gift Certificates, Schedule Gift Cards, and Use Advance Coupons With Personalized Templates plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several REST API endpoints such as /wp-json/gifting/recharge-giftcard in all versions up to, and including, 3.0.6. This makes it possible for unauthenticated attackers to recharge a gift card balance, without making a payment along with reducing gift card balances without purchasing anything.
References: https://plugins.trac.wordpress.org/changeset/3212554/woo-gift-cards-lite/trunk/includes/giftcard-redeem-api-addon.php
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3208474%40woo-gift-cards-lite&new=3208474%40woo-gift-cards-lite&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/836884b5-f547-4f50-8a97-5d910d877e5e?source=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
21. CVE-2025-21102
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 0.8
Impact Score: 6.0
Description: Dell VxRail, versions 7.0.000 through 7.0.532, contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.
References: https://www.dell.com/support/kbdoc/en-us/000269793/dsa-2025-027-security-update-for-dell-vxrail-for-multiple-vulnerabilities?ref=emcadvisory_000269793_High_null
CWE-ID: CWE-256
Common Platform Enumerations (CPE): Not Found
22. CVE-2024-51480
Base Score: 7.0
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 5.9
Description: RedisTimeSeries is a time-series database (TSDB) module for Redis, by Redis. Executing one of these commands TS.QUERYINDEX, TS.MGET, TS.MRAGE, TS.MREVRANGE by an authenticated user, using specially crafted command arguments may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. This vulnerability is fixed in 1.6.20, 1.8.15, 1.10.15, and 1.12.3.
References: https://github.com/RedisTimeSeries/RedisTimeSeries/security/advisories/GHSA-73x6-fqww-x8rg
CWE-ID: CWE-122 CWE-190
Common Platform Enumerations (CPE): Not Found
23. CVE-2024-51737
Base Score: 7.0
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 5.9
Description: RediSearch is a Redis module that provides querying, secondary indexing, and full-text search for Redis. An authenticated redis user executing FT.SEARCH or FT.AGGREGATE with a specially crafted LIMIT command argument, or FT.SEARCH with a specially crafted KNN command argument, can trigger an integer overflow, leading to heap overflow and potential remote code execution. This vulnerability is fixed in 2.6.24, 2.8.21, and 2.10.10. Avoid setting value of -1 or large values for configuration parameters MAXSEARCHRESULTS and MAXAGGREGATERESULTS, to avoid exploiting large LIMIT arguments.
References: https://github.com/RediSearch/RediSearch/commit/13a2936d921dbe5a2e3c72653e0bd7b26af3a6cb
https://github.com/RediSearch/RediSearch/security/advisories/GHSA-p2pg-67m3-4c76
CWE-ID: CWE-122 CWE-190
Common Platform Enumerations (CPE): Not Found
24. CVE-2024-55517
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: An issue was discovered in the Interllect Core Search in Polaris FT Intellect Core Banking 9.5. Input passed through the groupType parameter in /SCGController is mishandled before being used in SQL queries, allowing SQL injection in an authenticated session.
References: https://hackmd.io/@AowPhwc/SyvEiDsIye
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
25. CVE-2024-55656
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: RedisBloom adds a set of probabilistic data structures to Redis. There is an integer overflow vulnerability in RedisBloom, which is a module used in Redis. The integer overflow vulnerability allows an attacker (a redis client which knows the password) to allocate memory in the heap lesser than the required memory due to wraparound. Then read and write can be performed beyond this allocated memory, leading to info leak and OOB write. The integer overflow is in CMS.INITBYDIM command, which initialize a Count-Min Sketch to dimensions specified by user. It accepts two values (width and depth) and uses them to allocate memory in NewCMSketch(). This vulnerability is fixed in 2.2.19, 2.4.12, 2.6.14, and 2.8.2.
References: https://github.com/RedisBloom/RedisBloom/security/advisories/GHSA-x5rx-rmq3-ff3h
CWE-ID: CWE-190
Common Platform Enumerations (CPE): Not Found
26. CVE-2025-22137
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Pingvin Share is a self-hosted file sharing platform and an alternative for WeTransfer. This vulnerability allows an authenticated or unauthenticated (if anonymous shares are allowed) user to overwrite arbitrary files on the server, including sensitive system files, via HTTP POST requests. The issue has been patched in version 1.4.0.
References: https://github.com/stonith404/pingvin-share/commit/6cf5c66fe2eda1e0a525edf7440d047fe2f0e35b
https://github.com/stonith404/pingvin-share/commit/c52ec7192080c402bd804e69be93dd88cc7c5c70
https://github.com/stonith404/pingvin-share/security/advisories/GHSA-rjwx-p44f-mcrv
CWE-ID: CWE-20 CWE-434
Common Platform Enumerations (CPE): Not Found
27. CVE-2024-51442
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Command Injection in Minidlna version v1.3.3 and before allows an attacker to execute arbitrary OS commands via a specially crafted minidlna.conf configuration file.
References: https://github.com/mselbrede/CVE-2024-51442
https://sourceforge.net/p/minidlna/bugs/364/
https://sourceforge.net/p/minidlna/git/ci/master/tree/minidlna.c
https://sourceforge.net/projects/minidlna/
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
28. CVE-2025-21111
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 0.8
Impact Score: 6.0
Description: Dell VxRail, versions 8.0.000 through 8.0.311, contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.
References: https://www.dell.com/support/kbdoc/en-us/000269958/dsa-2025-025-security-update-for-dell-vxrail-for-multiple-vulnerabilities
CWE-ID: CWE-256
Common Platform Enumerations (CPE): Not Found
29. CVE-2024-54818
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: SourceCodester Computer Laboratory Management System 1.0 is vulnerable to Incorrect Access Control. via /php-lms/admin/?page=user/list.
References: https://github.com/CloseC4ll/vulnerability-research/tree/main/CVE-2024-54818
https://portswigger.net/web-security/access-control#how-to-prevent-access-control-vulnerabilities
CWE-ID: CWE-281
Common Platform Enumerations (CPE): Not Found
30. CVE-2025-0291
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 6.0
Description: Type Confusion in V8 in Google Chrome prior to 131.0.6778.264 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
References: https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop.html
https://issues.chromium.org/issues/383356864
CWE-ID: CWE-843
Common Platform Enumerations (CPE): Not Found
31. CVE-2025-0282
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.2
Impact Score: 6.0
Description: A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.
References: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
32. CVE-2025-0283
Base Score: 7.0
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 5.9
Description: A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges.
References: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between January 08-09, 2025.
During this period, The National Vulnerability Database published 137, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 8
High: 24
Medium: 68
Low: 1
Severity Not Assigned: 36
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2018-4301
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: This issue is fixed in SCSSU-201801. A potential stack based buffer overflow existed in GemaltoKeyHandle.cpp.
References: https://smartcardservices.github.io/security/
CWE-ID: CWE-120
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-50603
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutralization of special elements used in an OS command, an unauthenticated attacker is able to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloud_type for list_flightpath_destination_instances, or src_cloud_type for flightpath_connection_test.
References: https://docs.aviatrix.com/documentation/latest/network-security/index.html
https://docs.aviatrix.com/documentation/latest/release-notices/psirt-advisories/psirt-advisories.html?expand=true#remote-code-execution-vulnerability-in-aviatrix-controllers
https://www.securing.pl/en/cve-2024-50603-aviatrix-network-controller-command-injection-vulnerability/
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-56439
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 0.8
Impact Score: 6.0
Description: Access control vulnerability in the identity authentication module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
References: https://consumer.huawei.com/en/support/bulletin/2025/1/
CWE-ID: CWE-693
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-56444
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Cross-process screen stack vulnerability in the UIExtension module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
References: https://consumer.huawei.com/en/support/bulletin/2025/1/
CWE-ID: CWE-264
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-56447
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Vulnerability of improper permission control in the window management module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
References: https://consumer.huawei.com/en/support/bulletin/2025/1/
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-11816
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Remote Code Execution in version 3.0.11. This is due to a missing capability check on the 'wpext_handle_snippet_update' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute code on the server providing an admin has created at least one code snippet.
References: https://plugins.trac.wordpress.org/browser/wpextended/trunk/includes/modules/core_extensions/wpext_snippets/wpext_snippets.php#L705
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3213331%40wpextended&new=3213331%40wpextended&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/b3ce53e5-8666-4227-83d3-58f35db0ce68?source=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-11916
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 3.7
Description: The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on several functions in all versions up to, and including, 3.0.11. This makes it possible for authenticated attackers, with subscriber-level access and above, to import and activate arbitrary code snippets along with
References: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3213331%40wpextended&new=3213331%40wpextended&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/747d7649-bdf5-46d0-a496-59cb7eac77ac?source=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-56451
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.5
Description: Integer overflow vulnerability during glTF model loading in the 3D engine module
Impact: Successful exploitation of this vulnerability may affect availability.
References: https://consumer.huawei.com/en/support/bulletin/2025/1/
CWE-ID: CWE-680
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-11270
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The WordPress Webinar Plugin – WebinarPress plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the 'sync-import-imgs' function and missing file type validation in all versions up to, and including, 1.33.24. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary files that can lead to remote code execution.
References: https://plugins.trac.wordpress.org/changeset/3216237/wp-webinarsystem/trunk/includes/class-webinarsysteem-ajax.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/f1c2cb3f-2f9e-40c5-9e5f-5b85a53e5868?source=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-11271
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The WordPress Webinar Plugin – WebinarPress plugin for WordPress is vulnerable to modification of data due to a missing capability check on several functions in all versions up to, and including, 1.33.24. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify webinars.
References: https://plugins.trac.wordpress.org/changeset/3216237/wp-webinarsystem/trunk/includes/class-webinarsysteem-ajax.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/88508dbd-b7a0-441d-918b-f4cb7a7cd000?source=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-11613
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution, Arbitrary File Read, and Arbitrary File Deletion in all versions up to, and including, 4.24.15 via the 'wfu_file_downloader.php' file. This is due to lack of proper sanitization of the 'source' parameter and allowing a user-defined directory path. This makes it possible for unauthenticated attackers to execute code on the server.
References: https://plugins.svn.wordpress.org/wp-file-upload/trunk/wfu_file_downloader.php
https://plugins.trac.wordpress.org/changeset/3217005/
https://www.wordfence.com/threat-intel/vulnerabilities/id/31052fe6-a0ae-4502-b2d2-dbc3b3bf672f?source=cve
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-11635
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.12 via the 'wfu_ABSPATH' cookie parameter. This makes it possible for unauthenticated attackers to execute code on the server.
References: https://plugins.svn.wordpress.org/wp-file-upload/trunk/wfu_file_downloader.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/b5165f60-6515-4a2c-a124-cc88155eaf01?source=cve
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-11350
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The AdForest theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.1.6. This is due to the plugin not properly validating a user's identity prior to updating their password through the adforest_reset_password() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
References: https://themeforest.net/item/adforest-classified-wordpress-theme/19481695
https://www.wordfence.com/threat-intel/vulnerabilities/id/4ebb766a-44e9-460c-be84-356b7403e593?source=cve
CWE-ID: CWE-640
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-11939
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The Cost Calculator Builder PRO plugin for WordPress is vulnerable to blind time-based SQL Injection via the ‘data’ parameter in all versions up to, and including, 3.2.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://docs.stylemixthemes.com/cost-calculator-builder/changelog-1/changelog-pro-version#id-3.2.16
https://www.wordfence.com/threat-intel/vulnerabilities/id/96ad872f-9831-4113-99ae-322bcd2b6fbd?source=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-45033
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: Insufficient Session Expiration vulnerability in Apache Airflow Fab Provider.
This issue affects Apache Airflow Fab Provider: before 1.5.2.
When user password has been changed with admin CLI, the sessions for that user have not been cleared, leading to insufficient session expiration, thus logged users could continue to be logged in even after the password was changed. This only happened when the password was changed with CLI. The problem does not happen in case change was done with webserver thus this is different from CVE-2023-40273 https://github.com/advisories/GHSA-pm87-24wq-r8w9 which was addressed in Apache-Airflow 2.7.0
Users are recommended to upgrade to version 1.5.2, which fixes the issue.
References: https://github.com/apache/airflow/pull/45139
https://lists.apache.org/thread/yw535346rk766ybzpqtvrl36sjj789st
CWE-ID: CWE-613
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-54676
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Vendor: The Apache Software Foundation
Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0
Description: Default clustering instructions at https://openmeetings.apache.org/Clustering.html doesn't specify white/black lists for OpenJPA this leads to possible deserialisation of untrusted data.
Users are recommended to upgrade to version 8.0.0 and update their startup scripts to include the relevant 'openjpa.serialization.class.blacklist' and 'openjpa.serialization.class.whitelist' configurations as shown in the documentation.
References: https://lists.apache.org/thread/o0k05jxrt5tp4nm45lj14yfjxmg67m95
http://www.openwall.com/lists/oss-security/2025/01/08/1
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-9939
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.13 via wfu_file_downloader.php. This makes it possible for unauthenticated attackers to read files outside of the originally intended directory.
References: https://plugins.trac.wordpress.org/changeset/3188857/wp-file-upload
https://www.wordfence.com/threat-intel/vulnerabilities/id/5e51f301-026d-4ed7-82f8-96c1623bf95c?source=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
18. CVE-2024-12853
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the zip upload functionality in all versions up to, and including, 2.11.10. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
References: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3218127%40modula-best-grid-gallery&new=3218127%40modula-best-grid-gallery&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/ef86b1f2-d5aa-4e83-a792-5fa35734b3d3?source=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
19. CVE-2024-12854
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Garden Gnome Package plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the functionality that automatically extracts 'ggpkg' files that have been uploaded in all versions up to, and including, 2.3.0. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
References: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3215986%40garden-gnome-package&new=3215986%40garden-gnome-package&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/6bcfc8f1-e962-4ad7-8a9d-89ce5c9022b6?source=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
20. CVE-2024-11423
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The Ultimate Gift Cards for WooCommerce – Create WooCommerce Gift Cards, Gift Vouchers, Redeem & Manage Digital Gift Coupons. Offer Gift Certificates, Schedule Gift Cards, and Use Advance Coupons With Personalized Templates plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several REST API endpoints such as /wp-json/gifting/recharge-giftcard in all versions up to, and including, 3.0.6. This makes it possible for unauthenticated attackers to recharge a gift card balance, without making a payment along with reducing gift card balances without purchasing anything.
References: https://plugins.trac.wordpress.org/changeset/3212554/woo-gift-cards-lite/trunk/includes/giftcard-redeem-api-addon.php
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3208474%40woo-gift-cards-lite&new=3208474%40woo-gift-cards-lite&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/836884b5-f547-4f50-8a97-5d910d877e5e?source=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
21. CVE-2025-21102
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 0.8
Impact Score: 6.0
Description: Dell VxRail, versions 7.0.000 through 7.0.532, contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.
References: https://www.dell.com/support/kbdoc/en-us/000269793/dsa-2025-027-security-update-for-dell-vxrail-for-multiple-vulnerabilities?ref=emcadvisory_000269793_High_null
CWE-ID: CWE-256
Common Platform Enumerations (CPE): Not Found
22. CVE-2024-51480
Base Score: 7.0
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 5.9
Description: RedisTimeSeries is a time-series database (TSDB) module for Redis, by Redis. Executing one of these commands TS.QUERYINDEX, TS.MGET, TS.MRAGE, TS.MREVRANGE by an authenticated user, using specially crafted command arguments may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. This vulnerability is fixed in 1.6.20, 1.8.15, 1.10.15, and 1.12.3.
References: https://github.com/RedisTimeSeries/RedisTimeSeries/security/advisories/GHSA-73x6-fqww-x8rg
CWE-ID: CWE-122 CWE-190
Common Platform Enumerations (CPE): Not Found
23. CVE-2024-51737
Base Score: 7.0
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 5.9
Description: RediSearch is a Redis module that provides querying, secondary indexing, and full-text search for Redis. An authenticated redis user executing FT.SEARCH or FT.AGGREGATE with a specially crafted LIMIT command argument, or FT.SEARCH with a specially crafted KNN command argument, can trigger an integer overflow, leading to heap overflow and potential remote code execution. This vulnerability is fixed in 2.6.24, 2.8.21, and 2.10.10. Avoid setting value of -1 or large values for configuration parameters MAXSEARCHRESULTS and MAXAGGREGATERESULTS, to avoid exploiting large LIMIT arguments.
References: https://github.com/RediSearch/RediSearch/commit/13a2936d921dbe5a2e3c72653e0bd7b26af3a6cb
https://github.com/RediSearch/RediSearch/security/advisories/GHSA-p2pg-67m3-4c76
CWE-ID: CWE-122 CWE-190
Common Platform Enumerations (CPE): Not Found
24. CVE-2024-55517
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: An issue was discovered in the Interllect Core Search in Polaris FT Intellect Core Banking 9.5. Input passed through the groupType parameter in /SCGController is mishandled before being used in SQL queries, allowing SQL injection in an authenticated session.
References: https://hackmd.io/@AowPhwc/SyvEiDsIye
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
25. CVE-2024-55656
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: RedisBloom adds a set of probabilistic data structures to Redis. There is an integer overflow vulnerability in RedisBloom, which is a module used in Redis. The integer overflow vulnerability allows an attacker (a redis client which knows the password) to allocate memory in the heap lesser than the required memory due to wraparound. Then read and write can be performed beyond this allocated memory, leading to info leak and OOB write. The integer overflow is in CMS.INITBYDIM command, which initialize a Count-Min Sketch to dimensions specified by user. It accepts two values (width and depth) and uses them to allocate memory in NewCMSketch(). This vulnerability is fixed in 2.2.19, 2.4.12, 2.6.14, and 2.8.2.
References: https://github.com/RedisBloom/RedisBloom/security/advisories/GHSA-x5rx-rmq3-ff3h
CWE-ID: CWE-190
Common Platform Enumerations (CPE): Not Found
26. CVE-2025-22137
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Pingvin Share is a self-hosted file sharing platform and an alternative for WeTransfer. This vulnerability allows an authenticated or unauthenticated (if anonymous shares are allowed) user to overwrite arbitrary files on the server, including sensitive system files, via HTTP POST requests. The issue has been patched in version 1.4.0.
References: https://github.com/stonith404/pingvin-share/commit/6cf5c66fe2eda1e0a525edf7440d047fe2f0e35b
https://github.com/stonith404/pingvin-share/commit/c52ec7192080c402bd804e69be93dd88cc7c5c70
https://github.com/stonith404/pingvin-share/security/advisories/GHSA-rjwx-p44f-mcrv
CWE-ID: CWE-20 CWE-434
Common Platform Enumerations (CPE): Not Found
27. CVE-2024-51442
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Command Injection in Minidlna version v1.3.3 and before allows an attacker to execute arbitrary OS commands via a specially crafted minidlna.conf configuration file.
References: https://github.com/mselbrede/CVE-2024-51442
https://sourceforge.net/p/minidlna/bugs/364/
https://sourceforge.net/p/minidlna/git/ci/master/tree/minidlna.c
https://sourceforge.net/projects/minidlna/
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
28. CVE-2025-21111
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 0.8
Impact Score: 6.0
Description: Dell VxRail, versions 8.0.000 through 8.0.311, contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.
References: https://www.dell.com/support/kbdoc/en-us/000269958/dsa-2025-025-security-update-for-dell-vxrail-for-multiple-vulnerabilities
CWE-ID: CWE-256
Common Platform Enumerations (CPE): Not Found
29. CVE-2024-54818
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: SourceCodester Computer Laboratory Management System 1.0 is vulnerable to Incorrect Access Control. via /php-lms/admin/?page=user/list.
References: https://github.com/CloseC4ll/vulnerability-research/tree/main/CVE-2024-54818
https://portswigger.net/web-security/access-control#how-to-prevent-access-control-vulnerabilities
CWE-ID: CWE-281
Common Platform Enumerations (CPE): Not Found
30. CVE-2025-0291
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 6.0
Description: Type Confusion in V8 in Google Chrome prior to 131.0.6778.264 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
References: https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop.html
https://issues.chromium.org/issues/383356864
CWE-ID: CWE-843
Common Platform Enumerations (CPE): Not Found
31. CVE-2025-0282
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.2
Impact Score: 6.0
Description: A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.
References: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
32. CVE-2025-0283
Base Score: 7.0
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 5.9
Description: A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges.
References: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found