In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between March 19-20, 2025.
During this period, The National Vulnerability Database published 84, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 10
High: 16
Medium: 26
Low: 3
Severity Not Assigned: 29
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-10441
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper encoding or escaping of output vulnerability in the system plugin daemon in Synology BeeStation Manager (BSM) before 1.1-65374, Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code via unspecified vectors.
References: https://www.synology.com/en-global/security/advisory/Synology_SA_24_20
https://www.synology.com/en-global/security/advisory/Synology_SA_24_23
CWE-ID: CWE-116
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-10444
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: Improper certificate validation vulnerability in the LDAP utilities in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows man-in-the-middle attackers to hijack the authentication of administrators via unspecified vectors.
References: https://www.synology.com/en-global/security/advisory/Synology_SA_25_01
CWE-ID: CWE-295
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-10442
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code, potentially leading to a broader impact across the system via unspecified vectors.
References: https://www.synology.com/en-global/security/advisory/Synology_SA_24_22
CWE-ID: CWE-193
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-11131
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: A vulnerability regarding out-of-bounds read is found in the video interface. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.2.0-0525 may be affected: BC500, CC400W and TC500.
References: https://www.synology.com/en-global/security/advisory/Synology_SA_24_24
CWE-ID: CWE-125
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-12295
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The BoomBox Theme Extensions plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.8.0. This is due to the plugin not properly validating a user's identity prior to updating their password through the 'boombox_ajax_reset_password' function. This makes it possible for authenticated attackers, with subscriber-level privileges and above, to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
References: https://themeforest.net/item/boombox-viral-buzz-wordpress-theme/16596434
https://www.wordfence.com/threat-intel/vulnerabilities/id/c453aaf6-767d-4929-bbb3-3c0b78b0507a?source=cve
CWE-ID: CWE-640
Common Platform Enumerations (CPE): Not Found
6. CVE-2025-30234
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 6.0
Description: SmartOS, as used in Triton Data Center and other products, has static host SSH keys in the 60f76fd2-143f-4f57-819b-1ae32684e81b image (a Debian 12 LX zone image from 2024-07-26).
References: https://security.tritondatacenter.com/tps-2025-002/
https://smartos.topicbox.com/groups/smartos-discuss/Ta6f13072e6bedddc-M3702e993edd7d6ce8d78dfc8
https://www.openwall.com/lists/oss-security/2025/03/13/10
CWE-ID: CWE-321
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-12922
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The Altair theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check within functions.php in all versions up to, and including, 5.2.4. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
References: https://themeforest.net/item/tour-travel-agency-altair-theme/9318575
https://themeforest.net/item/tour-travel-agency-altair-theme/9318575#item-description__changelog
https://www.wordfence.com/threat-intel/vulnerabilities/id/e27971a3-f84c-4f13-81af-127e7560566a?source=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-50630
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Missing authentication for critical function vulnerability in the webapi component in Synology Drive Server before 3.0.4-12699, 3.2.1-23280, 3.5.0-26085 and 3.5.1-26102 allows remote attackers to obtain administrator credentials via unspecified vectors.
References: https://www.synology.com/en-global/security/advisory/Synology_SA_24_21
CWE-ID: CWE-306
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-50631
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in the system syncing daemon in Synology Drive Server before 3.0.4-12699, 3.2.1-23280, 3.5.0-26085 and 3.5.1-26102 allows remote attackers to inject SQL commands, limited to write operations, via unspecified vectors.
References: https://www.synology.com/en-global/security/advisory/Synology_SA_24_21
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
10. CVE-2025-1232
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Site Reviews WordPress plugin before 7.2.5 does not properly sanitise and escape some of its Review fields, which could allow unauthenticated users to perform Stored XSS attacks
References: https://wpscan.com/vulnerability/c4ea8357-ddd7-48ac-80c9-15b924715b14/
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
11. CVE-2025-30236
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.0
Description: Shearwater SecurEnvoy SecurAccess Enrol before 9.4.515 allows authentication through only a six-digit TOTP code (skipping a password check) if an HTTP POST request contains a SESSION parameter.
References: https://reserge.org/probabilistically-breaking-securenvoy-totp/
https://securenvoy.com/wp-content/uploads/2025/03/Release-Notes-9.4.515.pdf
CWE-ID: CWE-472
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-13410
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The CozyStay and TinySalt plugins for WordPress are vulnerable to PHP Object Injection in all versions up to, and including, 1.7.0, and in all versions up to, and including 3.9.0, respectively, via deserialization of untrusted input in the 'ajax_handler' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.
References: https://themeforest.net/item/cozystay-hotel-booking-wordpress-theme/47383367#item-description__changelog
https://themeforest.net/item/tinysalt-personal-food-blog-wordpress-theme/26294668#item-description__changelog
https://www.wordfence.com/threat-intel/vulnerabilities/id/61080df6-836f-4365-964a-fa2517e8be5a?source=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-13412
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The CozyStay theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handler function in all versions up to, and including, 1.7.0. This makes it possible for unauthenticated attackers to execute arbitrary actions.
References: https://themeforest.net/item/cozystay-hotel-booking-wordpress-theme/47383367#item-description__changelog
https://www.wordfence.com/threat-intel/vulnerabilities/id/67965a51-39d3-4d14-adf5-d91d4c775baf?source=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-12137
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.5
Description: Authentication Bypass by Capture-replay vulnerability in Elfatek Elektronics ANKA JPD-00028 allows Session Hijacking.This issue affects ANKA JPD-00028: through 19.03.2025.
NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available.
References: https://www.usom.gov.tr/bildirim/tr-25-0071
CWE-ID: CWE-294
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-13790
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The MinimogWP – The High Converting eCommerce WordPress Theme theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.7.0 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
References: https://changelog.thememove.com/minimog-wp/
https://themeforest.net/item/minimog-the-high-converting-ecommerce-wordpress-theme/36947163
https://www.wordfence.com/threat-intel/vulnerabilities/id/b3ae0e08-5cdc-47ff-b094-3920d56a50f7?source=cve
CWE-ID: CWE-98
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-12920
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The FoodBakery | Delivery Restaurant Directory WordPress Theme theme for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the foodbakery_var_backup_file_delete, foodbakery_widget_file_delete, theme_option_save, export_widget_settings, ajax_import_widget_data, foodbakery_var_settings_backup_generate, foodbakery_var_backup_file_restore, and theme_option_rest_all functions in all versions up to, and including, 4.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files, update theme options, export widget options, import widget options, generate backups, restore backups, and reset theme options.
References: https://themeforest.net/item/food-bakery-restaurant-bakery-responsive-wordpress-theme/18970331
https://www.wordfence.com/threat-intel/vulnerabilities/id/9af8267f-48b1-4537-8985-6af1245ceed5?source=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-13442
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.0. This is due to the plugin not properly validating a user's identity prior to (1) performing a post-booking auto-login or (2) updating their profile details (e.g. password). This makes it possible for unauthenticated attackers to (1) login as an arbitrary user if their email address is known or (2) change an arbitrary user's password, including administrators, and leverage that to gain access to their account.
References: https://themeforest.net/item/service-finder-service-and-business-listing-wordpress-theme/15208793
https://www.wordfence.com/threat-intel/vulnerabilities/id/827b5482-cb42-4aaa-80b5-3d0143fcead8?source=cve
CWE-ID: CWE-288
Common Platform Enumerations (CPE): Not Found
18. CVE-2024-13933
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The FoodBakery | Delivery Restaurant Directory WordPress Theme theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.7. This is due to missing or incorrect nonce validation on the foodbakery_var_backup_file_delete, foodbakery_widget_file_delete, theme_option_save, export_widget_settings, ajax_import_widget_data, foodbakery_var_settings_backup_generate, foodbakery_var_backup_file_restore, and theme_option_rest_all functions. This makes it possible for unauthenticated attackers to delete arbitrary files, update theme options, export widget options, import widget options, generate backups, restore backups, and reset theme options via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
References: https://themeforest.net/item/food-bakery-restaurant-bakery-responsive-wordpress-theme/18970331
https://www.wordfence.com/threat-intel/vulnerabilities/id/45eda79d-f999-413e-88ce-b7d06f09f191?source=cve
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
19. CVE-2025-2512
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The File Away plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check and missing file type validation in the upload() function in all versions up to, and including, 3.9.9.0.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
References: https://plugins.trac.wordpress.org/browser/file-away/trunk/lib/cls/class.fileaway_management.php#L1094
https://wordpress.org/plugins/file-away/#developers
https://www.wordfence.com/threat-intel/vulnerabilities/id/9a93313d-a5d7-4109-93c5-b2da26e7a486?source=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
20. CVE-2024-55551
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: An issue was discovered in Exasol jdbc driver 24.2.0. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses this URL to connect to the database. This can further lead to remote code execution vulnerability.
References: https://docs.exasol.com/db/latest/connect_exasol/drivers/jdbc.htm
https://gist.github.com/azraelxuemo/9565ec9219e0c3e9afd5474904c39d0f
https://www.blackhat.com/eu-24/briefings/schedule/index.html#a-novel-attack-surface-java-authentication-and-authorization-service-jaas-42179
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
21. CVE-2025-29137
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Tenda AC7 V1.0 V15.03.06.44 found a buffer overflow caused by the timeZone parameter in the form_fast_setting_wifi_set function, which can cause RCE.
References: https://github.com/Raining-101/IOT_cve/blob/main/tenda-ac7form_fast_setting_wifi_set%20timeZone.md
CWE-ID: CWE-120
Common Platform Enumerations (CPE): Not Found
22. CVE-2025-29783
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. When vLLM is configured to use Mooncake, unsafe deserialization exposed directly over ZMQ/TCP on all network interfaces will allow attackers to execute remote code on distributed hosts. This is a remote code execution vulnerability impacting any deployments using Mooncake to distribute KV across distributed hosts. This vulnerability is fixed in 0.8.0.
References: https://github.com/vllm-project/vllm/commit/288ca110f68d23909728627d3100e5a8db820aa2
https://github.com/vllm-project/vllm/pull/14228
https://github.com/vllm-project/vllm/security/advisories/GHSA-x3m8-f7g5-qhm7
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
23. CVE-2025-30153
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: kin-openapi is a Go project for handling OpenAPI files. Prior to 0.131.0, when validating a request with a multipart/form-data schema, if the OpenAPI schema allows it, an attacker can upload a crafted ZIP file (e.g., a ZIP bomb), causing the server to consume all available system memory. The root cause comes from the ZipFileBodyDecoder, which is registered automatically by the module (contrary to what the documentation says). This vulnerability is fixed in 0.131.0.
References: https://github.com/getkin/kin-openapi/blob/6da871e0e170b7637eb568c265c08bc2b5d6e7a3/openapi3filter/req_resp_decoder.go#L1275
https://github.com/getkin/kin-openapi/blob/6da871e0e170b7637eb568c265c08bc2b5d6e7a3/openapi3filter/req_resp_decoder.go#L1523
https://github.com/getkin/kin-openapi/commit/67f0b233ffc01332f7d993f79490fbea5f4455f1
https://github.com/getkin/kin-openapi/security/advisories/GHSA-wq9g-9vfc-cfq9
https://github.com/getkin/kin-openapi?tab=readme-ov-file#custom-content-type-for-body-of-http-requestresponse
CWE-ID: CWE-409
Common Platform Enumerations (CPE): Not Found
24. CVE-2025-30154
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.0
Description: reviewdog/action-setup is a GitHub action that installs reviewdog. reviewdog/action-setup@v1 was compromised March 11, 2025, between 18:42 and 20:31 UTC, with malicious code added that dumps exposed secrets to Github Actions Workflow Logs. Other reviewdog actions that use `reviewdog/action-setup@v1` that would also be compromised, regardless of version or pinning method, are reviewdog/action-shellcheck, reviewdog/action-composite-template, reviewdog/action-staticcheck, reviewdog/action-ast-grep, and reviewdog/action-typos.
References: https://github.com/reviewdog/action-setup/commit/3f401fe1d58fe77e10d665ab713057375e39b887
https://github.com/reviewdog/action-setup/commit/f0d342d24037bb11d26b9bd8496e0808ba32e9ec
https://github.com/reviewdog/reviewdog/issues/2079
https://github.com/reviewdog/reviewdog/security/advisories/GHSA-qmg3-hpqr-gqvc
https://www.wiz.io/blog/new-github-action-supply-chain-attack-reviewdog-action-setup
CWE-ID: CWE-506
Common Platform Enumerations (CPE): Not Found
25. CVE-2024-51459
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: IBM InfoSphere Information Server 11.7 could allow a local user to execute privileged commands due to the improper handling of permissions.
References: https://www.ibm.com/support/pages/node/7185056
CWE-ID: CWE-280
Common Platform Enumerations (CPE): Not Found
26. CVE-2025-27415
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Nuxt is an open-source web development framework for Vue.js. Prior to 3.16.0, by sending a crafted HTTP request to a server behind an CDN, it is possible in some circumstances to poison the CDN cache and highly impacts the availability of a site. It is possible to craft a request, such as https://mysite.com/?/_payload.json which will be rendered as JSON. If the CDN in front of a Nuxt site ignores the query string when determining whether to cache a route, then this JSON response could be served to future visitors to the site. An attacker can perform this attack to a vulnerable site in order to make a site unavailable indefinitely. It is also possible in the case where the cache will be reset to make a small script to send a request each X seconds (=caching duration) so that the cache is permanently poisoned making the site completely unavailable. This vulnerability is fixed in 3.16.0.
References: https://github.com/nuxt/nuxt/security/advisories/GHSA-jvhm-gjrh-3h93
CWE-ID: CWE-349
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between March 19-20, 2025.
During this period, The National Vulnerability Database published 84, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 10
High: 16
Medium: 26
Low: 3
Severity Not Assigned: 29
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-10441
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper encoding or escaping of output vulnerability in the system plugin daemon in Synology BeeStation Manager (BSM) before 1.1-65374, Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code via unspecified vectors.
References: https://www.synology.com/en-global/security/advisory/Synology_SA_24_20
https://www.synology.com/en-global/security/advisory/Synology_SA_24_23
CWE-ID: CWE-116
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-10444
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: Improper certificate validation vulnerability in the LDAP utilities in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows man-in-the-middle attackers to hijack the authentication of administrators via unspecified vectors.
References: https://www.synology.com/en-global/security/advisory/Synology_SA_25_01
CWE-ID: CWE-295
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-10442
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code, potentially leading to a broader impact across the system via unspecified vectors.
References: https://www.synology.com/en-global/security/advisory/Synology_SA_24_22
CWE-ID: CWE-193
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-11131
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: A vulnerability regarding out-of-bounds read is found in the video interface. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.2.0-0525 may be affected: BC500, CC400W and TC500.
References: https://www.synology.com/en-global/security/advisory/Synology_SA_24_24
CWE-ID: CWE-125
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-12295
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The BoomBox Theme Extensions plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.8.0. This is due to the plugin not properly validating a user's identity prior to updating their password through the 'boombox_ajax_reset_password' function. This makes it possible for authenticated attackers, with subscriber-level privileges and above, to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
References: https://themeforest.net/item/boombox-viral-buzz-wordpress-theme/16596434
https://www.wordfence.com/threat-intel/vulnerabilities/id/c453aaf6-767d-4929-bbb3-3c0b78b0507a?source=cve
CWE-ID: CWE-640
Common Platform Enumerations (CPE): Not Found
6. CVE-2025-30234
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 6.0
Description: SmartOS, as used in Triton Data Center and other products, has static host SSH keys in the 60f76fd2-143f-4f57-819b-1ae32684e81b image (a Debian 12 LX zone image from 2024-07-26).
References: https://security.tritondatacenter.com/tps-2025-002/
https://smartos.topicbox.com/groups/smartos-discuss/Ta6f13072e6bedddc-M3702e993edd7d6ce8d78dfc8
https://www.openwall.com/lists/oss-security/2025/03/13/10
CWE-ID: CWE-321
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-12922
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The Altair theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check within functions.php in all versions up to, and including, 5.2.4. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
References: https://themeforest.net/item/tour-travel-agency-altair-theme/9318575
https://themeforest.net/item/tour-travel-agency-altair-theme/9318575#item-description__changelog
https://www.wordfence.com/threat-intel/vulnerabilities/id/e27971a3-f84c-4f13-81af-127e7560566a?source=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-50630
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Missing authentication for critical function vulnerability in the webapi component in Synology Drive Server before 3.0.4-12699, 3.2.1-23280, 3.5.0-26085 and 3.5.1-26102 allows remote attackers to obtain administrator credentials via unspecified vectors.
References: https://www.synology.com/en-global/security/advisory/Synology_SA_24_21
CWE-ID: CWE-306
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-50631
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in the system syncing daemon in Synology Drive Server before 3.0.4-12699, 3.2.1-23280, 3.5.0-26085 and 3.5.1-26102 allows remote attackers to inject SQL commands, limited to write operations, via unspecified vectors.
References: https://www.synology.com/en-global/security/advisory/Synology_SA_24_21
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
10. CVE-2025-1232
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Site Reviews WordPress plugin before 7.2.5 does not properly sanitise and escape some of its Review fields, which could allow unauthenticated users to perform Stored XSS attacks
References: https://wpscan.com/vulnerability/c4ea8357-ddd7-48ac-80c9-15b924715b14/
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
11. CVE-2025-30236
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.0
Description: Shearwater SecurEnvoy SecurAccess Enrol before 9.4.515 allows authentication through only a six-digit TOTP code (skipping a password check) if an HTTP POST request contains a SESSION parameter.
References: https://reserge.org/probabilistically-breaking-securenvoy-totp/
https://securenvoy.com/wp-content/uploads/2025/03/Release-Notes-9.4.515.pdf
CWE-ID: CWE-472
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-13410
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The CozyStay and TinySalt plugins for WordPress are vulnerable to PHP Object Injection in all versions up to, and including, 1.7.0, and in all versions up to, and including 3.9.0, respectively, via deserialization of untrusted input in the 'ajax_handler' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.
References: https://themeforest.net/item/cozystay-hotel-booking-wordpress-theme/47383367#item-description__changelog
https://themeforest.net/item/tinysalt-personal-food-blog-wordpress-theme/26294668#item-description__changelog
https://www.wordfence.com/threat-intel/vulnerabilities/id/61080df6-836f-4365-964a-fa2517e8be5a?source=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-13412
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The CozyStay theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handler function in all versions up to, and including, 1.7.0. This makes it possible for unauthenticated attackers to execute arbitrary actions.
References: https://themeforest.net/item/cozystay-hotel-booking-wordpress-theme/47383367#item-description__changelog
https://www.wordfence.com/threat-intel/vulnerabilities/id/67965a51-39d3-4d14-adf5-d91d4c775baf?source=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-12137
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.5
Description: Authentication Bypass by Capture-replay vulnerability in Elfatek Elektronics ANKA JPD-00028 allows Session Hijacking.This issue affects ANKA JPD-00028: through 19.03.2025.
NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available.
References: https://www.usom.gov.tr/bildirim/tr-25-0071
CWE-ID: CWE-294
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-13790
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The MinimogWP – The High Converting eCommerce WordPress Theme theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.7.0 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
References: https://changelog.thememove.com/minimog-wp/
https://themeforest.net/item/minimog-the-high-converting-ecommerce-wordpress-theme/36947163
https://www.wordfence.com/threat-intel/vulnerabilities/id/b3ae0e08-5cdc-47ff-b094-3920d56a50f7?source=cve
CWE-ID: CWE-98
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-12920
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The FoodBakery | Delivery Restaurant Directory WordPress Theme theme for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the foodbakery_var_backup_file_delete, foodbakery_widget_file_delete, theme_option_save, export_widget_settings, ajax_import_widget_data, foodbakery_var_settings_backup_generate, foodbakery_var_backup_file_restore, and theme_option_rest_all functions in all versions up to, and including, 4.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files, update theme options, export widget options, import widget options, generate backups, restore backups, and reset theme options.
References: https://themeforest.net/item/food-bakery-restaurant-bakery-responsive-wordpress-theme/18970331
https://www.wordfence.com/threat-intel/vulnerabilities/id/9af8267f-48b1-4537-8985-6af1245ceed5?source=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-13442
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.0. This is due to the plugin not properly validating a user's identity prior to (1) performing a post-booking auto-login or (2) updating their profile details (e.g. password). This makes it possible for unauthenticated attackers to (1) login as an arbitrary user if their email address is known or (2) change an arbitrary user's password, including administrators, and leverage that to gain access to their account.
References: https://themeforest.net/item/service-finder-service-and-business-listing-wordpress-theme/15208793
https://www.wordfence.com/threat-intel/vulnerabilities/id/827b5482-cb42-4aaa-80b5-3d0143fcead8?source=cve
CWE-ID: CWE-288
Common Platform Enumerations (CPE): Not Found
18. CVE-2024-13933
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The FoodBakery | Delivery Restaurant Directory WordPress Theme theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.7. This is due to missing or incorrect nonce validation on the foodbakery_var_backup_file_delete, foodbakery_widget_file_delete, theme_option_save, export_widget_settings, ajax_import_widget_data, foodbakery_var_settings_backup_generate, foodbakery_var_backup_file_restore, and theme_option_rest_all functions. This makes it possible for unauthenticated attackers to delete arbitrary files, update theme options, export widget options, import widget options, generate backups, restore backups, and reset theme options via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
References: https://themeforest.net/item/food-bakery-restaurant-bakery-responsive-wordpress-theme/18970331
https://www.wordfence.com/threat-intel/vulnerabilities/id/45eda79d-f999-413e-88ce-b7d06f09f191?source=cve
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
19. CVE-2025-2512
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The File Away plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check and missing file type validation in the upload() function in all versions up to, and including, 3.9.9.0.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
References: https://plugins.trac.wordpress.org/browser/file-away/trunk/lib/cls/class.fileaway_management.php#L1094
https://wordpress.org/plugins/file-away/#developers
https://www.wordfence.com/threat-intel/vulnerabilities/id/9a93313d-a5d7-4109-93c5-b2da26e7a486?source=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
20. CVE-2024-55551
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: An issue was discovered in Exasol jdbc driver 24.2.0. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses this URL to connect to the database. This can further lead to remote code execution vulnerability.
References: https://docs.exasol.com/db/latest/connect_exasol/drivers/jdbc.htm
https://gist.github.com/azraelxuemo/9565ec9219e0c3e9afd5474904c39d0f
https://www.blackhat.com/eu-24/briefings/schedule/index.html#a-novel-attack-surface-java-authentication-and-authorization-service-jaas-42179
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
21. CVE-2025-29137
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Tenda AC7 V1.0 V15.03.06.44 found a buffer overflow caused by the timeZone parameter in the form_fast_setting_wifi_set function, which can cause RCE.
References: https://github.com/Raining-101/IOT_cve/blob/main/tenda-ac7form_fast_setting_wifi_set%20timeZone.md
CWE-ID: CWE-120
Common Platform Enumerations (CPE): Not Found
22. CVE-2025-29783
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. When vLLM is configured to use Mooncake, unsafe deserialization exposed directly over ZMQ/TCP on all network interfaces will allow attackers to execute remote code on distributed hosts. This is a remote code execution vulnerability impacting any deployments using Mooncake to distribute KV across distributed hosts. This vulnerability is fixed in 0.8.0.
References: https://github.com/vllm-project/vllm/commit/288ca110f68d23909728627d3100e5a8db820aa2
https://github.com/vllm-project/vllm/pull/14228
https://github.com/vllm-project/vllm/security/advisories/GHSA-x3m8-f7g5-qhm7
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
23. CVE-2025-30153
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: kin-openapi is a Go project for handling OpenAPI files. Prior to 0.131.0, when validating a request with a multipart/form-data schema, if the OpenAPI schema allows it, an attacker can upload a crafted ZIP file (e.g., a ZIP bomb), causing the server to consume all available system memory. The root cause comes from the ZipFileBodyDecoder, which is registered automatically by the module (contrary to what the documentation says). This vulnerability is fixed in 0.131.0.
References: https://github.com/getkin/kin-openapi/blob/6da871e0e170b7637eb568c265c08bc2b5d6e7a3/openapi3filter/req_resp_decoder.go#L1275
https://github.com/getkin/kin-openapi/blob/6da871e0e170b7637eb568c265c08bc2b5d6e7a3/openapi3filter/req_resp_decoder.go#L1523
https://github.com/getkin/kin-openapi/commit/67f0b233ffc01332f7d993f79490fbea5f4455f1
https://github.com/getkin/kin-openapi/security/advisories/GHSA-wq9g-9vfc-cfq9
https://github.com/getkin/kin-openapi?tab=readme-ov-file#custom-content-type-for-body-of-http-requestresponse
CWE-ID: CWE-409
Common Platform Enumerations (CPE): Not Found
24. CVE-2025-30154
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.0
Description: reviewdog/action-setup is a GitHub action that installs reviewdog. reviewdog/action-setup@v1 was compromised March 11, 2025, between 18:42 and 20:31 UTC, with malicious code added that dumps exposed secrets to Github Actions Workflow Logs. Other reviewdog actions that use `reviewdog/action-setup@v1` that would also be compromised, regardless of version or pinning method, are reviewdog/action-shellcheck, reviewdog/action-composite-template, reviewdog/action-staticcheck, reviewdog/action-ast-grep, and reviewdog/action-typos.
References: https://github.com/reviewdog/action-setup/commit/3f401fe1d58fe77e10d665ab713057375e39b887
https://github.com/reviewdog/action-setup/commit/f0d342d24037bb11d26b9bd8496e0808ba32e9ec
https://github.com/reviewdog/reviewdog/issues/2079
https://github.com/reviewdog/reviewdog/security/advisories/GHSA-qmg3-hpqr-gqvc
https://www.wiz.io/blog/new-github-action-supply-chain-attack-reviewdog-action-setup
CWE-ID: CWE-506
Common Platform Enumerations (CPE): Not Found
25. CVE-2024-51459
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: IBM InfoSphere Information Server 11.7 could allow a local user to execute privileged commands due to the improper handling of permissions.
References: https://www.ibm.com/support/pages/node/7185056
CWE-ID: CWE-280
Common Platform Enumerations (CPE): Not Found
26. CVE-2025-27415
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Nuxt is an open-source web development framework for Vue.js. Prior to 3.16.0, by sending a crafted HTTP request to a server behind an CDN, it is possible in some circumstances to poison the CDN cache and highly impacts the availability of a site. It is possible to craft a request, such as https://mysite.com/?/_payload.json which will be rendered as JSON. If the CDN in front of a Nuxt site ignores the query string when determining whether to cache a route, then this JSON response could be served to future visitors to the site. An attacker can perform this attack to a vulnerable site in order to make a site unavailable indefinitely. It is also possible in the case where the cache will be reset to make a small script to send a request each X seconds (=caching duration) so that the cache is permanently poisoned making the site completely unavailable. This vulnerability is fixed in 3.16.0.
References: https://github.com/nuxt/nuxt/security/advisories/GHSA-jvhm-gjrh-3h93
CWE-ID: CWE-349
Common Platform Enumerations (CPE): Not Found