Weekly Briefing: Top 5 Hacker-Relevant Vulnerabilities

Image cover for blog post.

Oct 5, 2025

Profile image of ENTRYZERO

ENTRYZERO

Every 15 minutes, a new vulnerability emerges, leading to an average of around 650 new vulnerabilities each week — an overwhelming pace to manage. The average cost of a data breach has skyrocketed to a record high of $4.45 million globally. To help organizations allocate resources effectively and address the most risky vulnerabilities, we are developing a novel decision-tree-based prioritization approach. Trained on over 100,000 vulnerabilities and threat intelligence, this method extends industry standards like CVSS and EPSS, capturing the real-time risk and context of new vulnerabilities (shoutout to CVE Program, NVD, VulnCheck, and EUVD for providing comprehensive and current CVE data). In this blog, we present the top 5 vulnerabilities of the week based on a sub-tree of the model.

Calendar Week 40 2025

Top 5

  1. VMware Aria Operations and VMware Tools | Unauthenticated Remote Attack | Improper Privilege Isolation Vulnerability | CVE-2025-41244 [EUVD-2025-31589] | Details, PoC

  2. Dell UnityVSA | Unauthenticated Remote Attack | Command Injection Vulnerability | CVE-2025-36604 [EUVD-2025-23501] | Details, PoC

  3. WordPress OAuth Single Sign On Plugin | Unauthenticated Remote Attack | Improper Cryptographic Signature Verification Vulnerability | CVE-2025-9485 [EUVD-2025-32420] | Details

  4. Unity Editor | Unauthenticated Remote Attack | Argument Injection Vulnerability | CVE-2025-59489 [EUVD-2025-32292] | Details, PoC

  5. Zimbra Collaboration | Authenticated Remote Attack | Cross-site Scripting Vulnerability | CVE-2025-27915 [EUVD-2025-7823] | Details

Vulnerability Statistics

  • Total: 919
  • Critical: 38
  • High: 115
  • Medium: 239
  • Low: 20
  • Unknown: 507

Calendar Week 39 2025

Top 5

  1. Cisco ASA and Cisco Secure Firewall Threat Defense | Unauthenticated Remote Attack | Buffer Overflow and Missing Authorization Vulnerabilities | CVE-2025-20333 [EUVD-2025-31140], CVE-2025-20362 [EUVD-2025-31139] | Details, PoC

  2. Cisco IOS and IOS XE | Unauthenticated Remote Attack | Stack-Based Buffer Overflow Vulnerability | CVE-2025-20352 [EUVD-2025-31023] | Details, PoC

  3. Pandoc | Unauthenticated Remote Attack | Server-Side Request Forgery Vulnerability | CVE-2025-51591 [EUVD-2025-21134] | Details, PoC

  4. Solarwinds Web Help Desk | Unauthenticated Remote Attack | Deserialization of Untrusted Data | CVE-2025-26399 [EUVD-2025-30842] | Details, PoC

  5. Libraesva ESG | Unauthenticated Remote Attack | Command Injection Vulnerability | CVE-2025-59689 [EUVD-2025-30249] | Details

Vulnerability Statistics

  • Total: 1046
  • Critical: 75
  • High: 280
  • Medium: 590
  • Low: 49
  • Unknown: 52

Calendar Week 38 2025

Top 5

  1. HPE Aruba Networking SD-WAN Gateways | Unauthenticated Remote Attack | Improper Privilege Management and Protection Mechanism Vulnerabilities | CVE-2025-37124 [EUVD-2025-29660], CVE-2025-37123 [EUVD-2025-29661] | Details

  2. Fortra GoAnywhere Managed File Transfer | Unauthenticated Remote Attack | Deserialization of Untrusted Data Vulnerability | CVE-2025-10035 [EUVD-2025-30225] | Details, PoC

  3. Chaos Controller Manager | Unauthenticated Remote Attack | Command Injection Vulnerabilities | CVE-2025-59359 [EUVD-2025-29176], CVE-2025-59360 [EUVD-2025-29178], CVE-2025-59361 [EUVD-2025-29177] | Details, PoC

  4. CentOS WebPanel | Unauthenticated Remote Attack | Authentication Bypass Vulnerability | CVE-2025-48703 [EUVD-2025-30324] | Details, PoC

  5. Google Chrome | Unauthenticated Remote Attack | Type Confusion Vulnerability | CVE-2025-10585 [EUVD-EUVD-2025-31006] | Details, PoC

Vulnerability Statistics

  • Total: 1175
  • Critical: 68
  • High: 175
  • Medium: 259
  • Low: 35
  • Unknown: 638

Calendar Week 37 2025

Top 5

  1. Microsoft Azure Networking | Unauthenticated Remote Attack | Improper Access Control Vulnerability | CVE-2025-54914 [EUVD-2025-26870] | Details, PoC

  2. Microsoft SMB Server | Unauthenticated Remote Attack | Improper Authentication Vulnerability | CVE-2025-55234 [EUVD-2025-27294] | Details, PoC

  3. SAP NetWeaver | Unauthenticated Remote Attack | Deserialization of Untrusted Data Vulnerability | CVE-2025-42944 [EUVD-2025-27196] | Details, PoC

  4. Adobe Commerce | Unauthenticated Remote Attack | Improper Input Validation Vulnerability | CVE-2025-54236 [EUVD-2025-27277] | Details, PoC

  5. Daikin Security Gateway | Unauthenticated Remote Attack | Weak Password Recovery Mechanism Vulnerability | CVE-2025-10127 [EUVD-2025-28991] | Details, PoC

Vulnerability Statistics

  • Total: 821
  • Critical: 81
  • High: 251
  • Medium: 291
  • Low: 38
  • Unknown: 160

Calendar Week 36 2025

Top 5

  1. SAP S/4HANA | Authenticated Remote Attack | Code Injection Attack | CVE-2025-42957 [EUVD-2025-24203] | Details, PoC

  2. Argo CD | Authenticated Remote Attack | Improper Authorization Vulnerability | CVE-2025-55190 [EUVD-2025-26875] | Details, PoC

  3. TP-Link Routers [Archer C7(EU) V2 and TL-WR841N/ND(MS) V9] | Authenticated Remote Attack | Command Injection Vulnerability | CVE-2025-9377 [EUVD-2025-26234] | Details

  4. Linux Kernel | Unauthenticated Local Attack | Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability | CVE-2025-38352 [EUVD-2025-22297] | Details

  5. Cursor IDE | Unauthenticated Remote Attack | MCP Trust Bypass and Command Injection Vulnerability | CVE-2025-54136 [EUVD-2025-23405] | Details, PoC

Vulnerability Statistics

  • Total: 1005
  • Critical: 64
  • High: 303
  • Medium: 423
  • Low: 47
  • Unknown: 168

Calendar Week 35 2025

Top 5

  1. Sitecore Experience Manager and Experience Platform | Unauthenticated Remote Attack | Hardcoded Credentials and Path Traversal Vulnerabilities | CVE-2025-34509 [EUVD-2025-18524], CVE-2025-34510 [EUVD-2025-18525], CVE-2025-34511 [EUVD-2025-18568] | Details, PoC

  2. Citrix NetScaler ADC and Gateway | Unauthenticated Remote Attack | Memory Overflow Vulnerabilities and Improper Access Control | CVE-2025-7775 [EUVD-2025-25838], CVE-2025-7776 [EUVD-2025-25901], CVE-2025-8424 [EUVD-2025-25868] | Details, PoC

  3. Git | Unauthenticated Remote Attack | Link Following Vulnerability | CVE-2025-48384 [EUVD-2025-20677] | Details, PoC

  4. WhatsApp on iOS and MacOS | Authenticated Remote Attack | Incomplete Authorization Vulnerability | CVE-2025-55177 [EUVD-2025-26214] | Details

  5. Sangoma FreePBX | Unauthenticated Remote Attack | SQL Injection Vulnerability | CVE-2025-57819 [EUVD-2025-26123] | Details, PoC

Vulnerability Statistics

  • Total: 801
  • Critical: 72
  • High: 222
  • Medium: 280
  • Low: 49
  • Unknown: 178

Calendar Week 34 2025

Top 5

  1. Commvault | Unauthenticated Remote Attack | Hardcoded Credentials Vulnerability | CVE-2025-57788 [EUVD-2025-25258] | Details, PoC

  2. Cisco Secure Firewall Management Center | Unauthenticated Remote Attack | Insufficient Input Validation Vulnerability | CVE-2025-20265 [EUVD-2025-24840] | Details, PoC

  3. Apple iOS, iPadOS, and macOS | Unauthenticated Remote Attack | Out-of-Bounds Write Vulnerability | CVE-2025-43300 [EUVD-2025-25409] | Details, PoC

  4. Apache ActiveMQ | Unauthenticated Remote Attack | Deserialization of Untrusted Data Vulnerability | CVE-2023-46604 [EUVD-2023-2719] | Details, PoC

  5. SAP Supplier Relationship Management | Unauthenticated Remote Attack | Deserialization of Untrusted Data Vulnerability | CVE-2025-30012 [EUVD-2025-14352] | Details

Vulnerability Statistics

  • Total: 858
  • Critical: 82
  • High: 215
  • Medium: 272
  • Low: 42
  • Unknown: 247

Calendar Week 33 2025

Top 5

  1. Cisco Secure Firewall Management Center | Unauthenticated Remote Attack | Arbitrary Code Injection Vulnerability | CVE-2025-25265 [EUVD-2025-18381] | Details, PoC

  2. Fortinet FortiSIEM | Unauthenticated Remote Attack | Command Injection Vulnerability | CVE-2025-25256 [EUVD-2025-24462] | Details, PoC

  3. Zoom Workplace and Rooms for Windows | Unauthenticated Remote Attack | Untrusted Search Path Vulnerability | CVE-2025-49457 [EUVD-2025-24529] | Details

  4. Citrix NetScaler ADC | Unauthenticated Remote Attack | Memory Overflow Vulnerability | CVE-2025-6543 [EUVD-2025-19085] | Details, PoC

  5. N-able N-central | Authenticated Remote Attack | Improper Deserialization and Input Validation Vulnerabilities | CVE-2025-8875 [EUVD-2025-24823], CVE-2025-8876 [EUVD-2025-24822] | Details, PoC

Vulnerability Statistics

  • Total: 1088
  • Critical: 74
  • High: 432
  • Medium: 411
  • Low: 55
  • Unknown: 116

Calendar Week 32 2025

Top 5

  1. Adobe Experience Manager | Unauthenticated Remote Attack | Improper Restriction of XML External Entity Reference and Authorization Bypass Vulnerabilities | CVE-2025-54253 [EUVD-2025-23647], CVE-2025-54254 [EUVD-2025-23638] | Details, PoC

  2. Microsoft Exchange Server | Unauthenticated Remote Attack | Improper Authentication Vulnerability | CVE-2025-53786 [EUVD-2025-23857] | Details

  3. Jenkins | Authenticated Remote Attack | Unvalidated Git Parameter Injection Vulnerability | CVE-2025-53652 [EUVD-2025-20862] | Details, PoC

  4. XWiki | Unauthenticated Remote Attack | Code Injection Vulnerability | CVE-2025-24893 [EUVD-2025-4562] | Details, PoC

  5. Trend Micro Apex One | Unauthenticated Remote Attack | Command Injection Vulnerabilities | CVE-2025-54948 [EUVD-2025-23621], CVE-2025-54987 [EUVD-2025-23620] | Details

Vulnerability Statistics

  • Total: 660
  • Critical: 49
  • High: 155
  • Medium: 253
  • Low: 64
  • Unknown: 139

Calendar Week 31 2025

Top 5

  1. SonicWall SMA100 | Unauthenticated Remote Attack | Memory Overflow and Cross-Site Scripting Vulnerabilities | CVE-2025-40596 [EUVD-2025-22457], CVE-2025-40597 [EUVD-2025-22453], CVE-2025-40598 [EUVD-2025-22454] | Details, PoC

  2. Honeywell Tridium Niagara Framework | Authenticated Remote Attack | Improper Cryptographic Protections and Permission Assignment Vulnerabilities | CVE-2025-3943 [EUVD-2025-16143], CVE-2025-3944 [EUVD-EUVD-2025-16157] | Details

  3. Forescout SecureConnector | Unauthenticated Remote Attack | Incorrect Default Permissions Vulnerability | CVE-2025-4660 [EUVD-2025-14480] | Details, PoC

  4. OAuth2-Proxy | Unauthenticated Remote Attack | Authentication Bypass Vulnerability | CVE-2025-54576 [EUVD-2025-23197] | Details

  5. IBM Db2 | Authenticated Remote Attack | Stack-based Buffer Overflow Vulnerability | CVE-2025-33092 [EUVD-2025-23026] | Details

Vulnerability Statistics

  • Total: 666
  • Critical: 71
  • High: 200
  • Medium: 233
  • Low: 33
  • Unknown: 129

Calendar Week 30 2025

Top 5

  1. Microsoft SharePoint Server | Unauthenticated Remote Attack | Deserialization of Untrusted Data Vulnerability | CVE-2025-53770 [EUVD-2025-22538] | Details, PoC

  2. Google Chrome | Unauthenticated Remote Attack | Insufficient Input Validation Vulnerability | CVE-2025-6558 [EUVD-2025-21546] | Details, PoC

  3. Apache Kafka | Unauthenticated Remote Attack | Arbitrary File Read and SSRF Vulnerability | CVE-2025-27817 [EUVD-2025-17640] | Details, PoC

  4. Alcatel-Lucent OmniAccess Stellar WLAN APs | Unauthenticated Remote Attack | Command Injection Vulnerability | CVE-2025-52688 [EUVD-2025-21578] | Details, PoC

  5. HPE Networking Instant-On Access Points | Unauthenticated Remote Attack | Hard-coded Credentials and Command Injection Vulnerabilities | CVE-2025-37103 [EUVD-2025-20682], CVE-2025-37102 [EUVD-2025-20683] | Details

Vulnerability Statistics

  • Total: 805
  • Critical: 67
  • High: 175
  • Medium: 231
  • Low: 29
  • Unknown: 303

Calendar Week 29 2025

Top 5

  1. Microsoft SharePoint Server | Unauthenticated Remote Attack | Deserialization of Untrusted Data Vulnerability | CVE-2025-53770 [EUVD-EUVD-2025-21981] | Details, PoC

  2. Cisco ISE and Cisco ISE-PIC | Unauthenticated Remote Attack | Insufficient Input Validation Vulnerability | CVE-2025-20337 [EUVD-EUVD-2025-21708] | Details

  3. LaRecipe | Unauthenticated Remote Attack | Server-Side Template Injection Vulnerability | CVE-2025-53833 [EUVD-EUVD-2025-21400] | Details, PoC

  4. Node.js | Unauthenticated Remote Attack | Path Traversal Vulnerability | CVE-2025-23084 [EUVD-EUVD-2025-3112] | Details, PoC

  5. CrushFTP | Unauthenticated Remote Attack | Unprotected Alternate Channel Vulnerability | CVE-2025-54309 [EUVD-EUVD-2025-21909] | Details, PoC

Vulnerability Statistics

  • Total: 735
  • Critical: 43
  • High: 85
  • Medium: 108
  • Low: 32
  • Unknown: 467

Calendar Week 28 2025

Top 5

  1. Wing FTP | Unauthenticated Remote Attack | Improper Null Byte Neutralization Vulnerability | CVE-2025-47812 [EUVD-EUVD-2025-21009] | Details, PoC

  2. Fortinet FortiWeb | Unauthenticated Remote Attack | SQL Injection Vulnerability | CVE-2025-25257 [EUVD-EUVD-2025-21785] | Details, PoC

  3. Citrix Netscaler ADC | Unauthenticated Local Attack | Memory Overflow Vulnerability | CVE-2025-6543 [EUVD-EUVD-2025-19085] | Details, PoC

  4. Redis | Unauthenticated Remote Attack | Buffer Overflow Vulnerability | CVE-2025-32023 [EUVD-EUVD-2025-20233] | Details, PoC

  5. Akamai CloudTest | Unauthenticated Remote Attack | XML External Entity Injection Vulnerability | CVE-2025-49493 [EUVD-EUVD-2025-19583] | Details, PoC

Vulnerability Statistics

  • Total: 1074
  • Critical: 67
  • High: 284
  • Medium: 194
  • Low: 20
  • Unknown: 509

Calendar Week 27 2025

Top 5

  1. Cisco Unified Communications Manager and Session Management Edition (CM, CM SME) | Unauthenticated Remote Attack | Hard-coded Credentials Vulnerability | CVE-2025-20309 [EUVD-2025-19749] | Details

  2. NextJS | Unauthenticated Remote Attack | HTTP Request/Response Smuggling Vulnerability | CVE-2025-49826 [EUVD-2025-19910] | Details

  3. Anthropic Model Context Protocol (MCP) Inspector | Unauthenticated Remote Attack | Missing Authentication Vulnerability | CVE-2025-49596 [EUVD-EUVD-2025-20870] | Details, PoC

  4. Linux Sudo | Unauthenticated Local Attack | Uncontrolled Search Path Element Vulnerability | CVE-2025-32463 [EUVD-2025-19673] | Details, PoC

  5. Windows Hyper-V | Unauthenticated Remote Attack | Use After Free Vulnerability | CVE-2024-21407 [EUVD-2024-19117] | Details

Vulnerability Statistics

  • Total: 608
  • Critical: 10
  • High: 49
  • Medium: 58
  • Low: 10
  • Unknown: 481

Calendar Week 26 2025

Top 5

  1. Cisco Identity Services Engine and Connector (ISE, ISE-PIC) | Unauthenticated Remote Attack | Insufficient Input Validation and Improper Privilege Management Vulnerabilities | CVE-2025-20281 [EUVD-2025-19167], CVE-2025-20282 [EUVD-2025-19166] | Details, PoC

  2. Citrix NetScaler | Unauthenticated Remote Attack | Out-of-bounds Read Vulnerability | CVE-2025-5777 [EUVD-2025-18497] | Details, PoC

  3. IBM WebSphere Application Server | Unauthenticated Remote Attack | Deserialization of Untrusted Data Vulnerability | CVE-2025-36038 [EUVD-2025-19137] | Details

  4. GeoServer | Unauthenticated Remote Attack | XML External Entity (XXE) Processing Vulnerability | CVE-2025-30220 [EUVD-2025-17683] | Details, PoC

  5. Gradio | Unauthenticated Remote Attack | Server-Side Request Forgery (SSRF) Vulnerability | CVE-2024-4325 [EUVD-2024-1995] | Details, PoC

Vulnerability Statistics

  • Total: 708
  • Critical: 27
  • High: 57
  • Medium: 77
  • Low: 16
  • Unknown: 531

Calendar Week 25 2025

Top 5

  1. Sitecore Experience Platform | Unauthenticated Remote Attack | Hardcoded Credentials and Path Traversal Vulnerabilities | CVE-2025-34509 [EUVD-2025-18524], CVE-2025-34510 [EUVD-2025-18525], CVE-2025-34511 [EUVD-2025-18568] | Details, PoC

  2. Linux-PAM (SUSE 15) and libblockdev | Authenticated Remote Attack | Improper Authorization Vulnerabilities | CVE-2025-6018 [EUVD-EUVD-2025-22455], CVE-2025-6019 [EUVD-2025-18685] | Details, PoC

  3. NetScaler Console and NetScaler SDX | Authenticated Remote Attack | Arbitrary File Read/Write Vulnerabilities | CVE-2025-4365 [EUVD-2025-18493] | Details, PoC

  4. Google Chrome | Unauthenticated Remote Attack | Sandbox Escape Vulnerability | CVE-2025-2783 [EUVD-2025-8225] | Details, PoC

  5. Veeam Backup & Replication | Authenticated Remote Attack | Arbitrary Code Execution Vulnerability | CVE-2025-23121 [EUVD-2025-18675] | Details

Vulnerability Statistics

  • Total: 1030
  • Critical: 8
  • High: 139
  • Medium: 89
  • Low: 28
  • Unknown: 766

Calendar Week 24 2025

Top 5

  1. WebDAV | Unauthenticated Remote Attack | External Control of File Name or Path Vulnerability | CVE-2025-33053 [EUVD-2025-17721] | Details, PoC

  2. GitLab Community and Enterprise Editions | Authenticated Remote Attack | Cross-Site Scripting Vulnerabilities | CVE-2025-4278 [EUVD-2025-18169], CVE-2025-2254 [EUVD-2025-18168] | Details

  3. Trend Micro Apex Central and PolicyServer | Unauthenticated Remote Attack | Improper Deserialization of Untrusted Data Vulnerabilities | CVE-2025-49219 [EUVD-EUVD-2025-18515], CVE-2025-49220 [EUVD-EUVD-2025-18514] | Details

  4. Microsoft Windows SMB | Authenticated Remote Attack | Improper Access Control Vulnerability | CVE-2025-33073 [EUVD-2025-17737] | Details, PoC

  5. Microsoft Copilot AI | Unauthenticated Remote Attack | LLM Scope Violation Vulnerability | CVE-2025-32711 [EUVD-2025-18114] | Details, PoC

Vulnerability Statistics

  • Total: 903
  • Critical: 13
  • High: 92
  • Medium: 329
  • Low: 19
  • Unknown: 450

Calendar Week 23 2025

Top 5

  1. Roundcube Webmail | Authenticated Remote Attack | Deserialization of Untrusted Data Vulnerability | CVE-2025-49113 [EUVD-2025-16605] | Details, PoC

  2. DELMIA Apriso | Unauthenticated Remote Attack | Deserialization of Untrusted Data Vulnerability | CVE-2025-5086 [EUVD-2025-16682] | Details, PoC

  3. Cisco Identity Services Engine | Unauthenticated Remote Attack | Static Credential Vulnerability | CVE-2025-20286 [EUVD-2025-16883] | Details

  4. Google Chromium V8 | Unauthenticated Remote Attack | Out-of-Bounds Read and Write Vulnerability | CVE-2025-5419 [EUVD-2025-16695] | Details, PoC

  5. Craft CMS | Unauthenticated Remote Attack | External Control of Assumed-Immutable Web Parameter Vulnerability | CVE-2025-35939 [EUVD-2025-13951] | Details

Vulnerability Statistics

  • Total: 809
  • Critical: 31
  • High: 114
  • Medium: 125
  • Low: 30
  • Unknown: 509

Calendar Week 22 2025

Top 5

  1. IBM Db2 and Tivoli Monitoring Service | Unauthenticated Remote Attack | Deserialization of Untrusted Data and Improper Input Validation Vulnerabilities | CVE-2025-30065 [EUVD-2025-9322], CVE-2025-3357 [EUVD-2025-16283] | Details1, Details2, PoC

  2. vBulletin | Unauthenticated Remote Attack | Improper Alternate Path Protection Vulnerability | CVE-2025-48827 [EUVD-EUVD-2025-28267] | Details, PoC

  3. Invision Community | Unauthenticated Remote Attack | Improper Template Strings Validation Vulnerability | CVE-2025-47916 [EUVD-2025-15448] | Details, PoC

  4. Palo Alto Networks Expedition | Unauthenticated Remote Attack | OS Command Injection Vulnerability | CVE-2025-0107 [EUVD-2025-1504] | Details, PoC

  5. Samsung MagicINFO 9 Server | Unauthenticated Remote Attack | Path Traversal Vulnerability | CVE-2024-7399 [EUVD-2024-48330] | Details, PoC

Vulnerability Statistics

  • Total: 451
  • Critical: 11
  • High: 61
  • Medium: 71
  • Low: 5
  • Unknown: 303

Calendar Week 21 2025

Top 5

  1. Versa Concerto | Unauthenticated Remote Attack | Authentication Bypass Vulnerabilities | CVE-2025-34026 [EUVD-EUVD-2025-16087], CVE-2025-34027 [EUVD-EUVD-2025-16088] | Details, PoC1, PoC2

  2. NodeJS Samlify Library | Unauthenticated Remote Attack | SAML Signature Wrapping Vulnerability | CVE-2025-47949 [EUVD-EUVD-2025-15809] | Details, PoC

  3. Grafana | Unauthenticated Remote Attack | Cross-Site Scripting (XSS) Vulnerability | CVE-2025-4123 [EUVD-EUVD-2025-16107] | Details, PoC

  4. SAP NetWeaver | Authenticated Remote Attack | Deserialization of Untrusted Data Vulnerability | CVE-2025-42999 [EUVD-EUVD-2025-14349] | Details, PoC

  5. Trimble Cityworks | Authenticated Remote Attack | Deserialization of Untrusted Data Vulnerability | CVE-2025-0994 [EUVD-EUVD-2025-1955] | Details, PoC

Vulnerability Statistics

  • Total: 870
  • Critical: 19
  • High: 54
  • Medium: 52
  • Low: 8
  • Unknown: 737

Calendar Week 20 2025

Top 5

  1. Ivanti Endpoint Manager for Mobile | Unauthenticated Remote Attack | Authentication Bypass and Code Injection Vulnerabilities | CVE-2025-4427 [EUVD-EUVD-2025-14388], CVE-2025-4428 [EUVD-EUVD-2025-14387] | Details, PoC

  2. Progress LoadMaster | Unauthenticated Remote Attack | Improper Input Validation Vulnerability | CVE-2024-7591 [EUVD-EUVD-2024-48487] | Details, PoC

  3. Fortinet FortiVoice, FortiNDR, FortiRecorder, and FortiCamera | Unauthenticated Remote Attack | Stack-Based Buffer Overflow Vulnerability | CVE-2025-32756 [EUVD-EUVD-2025-14705] | Details, PoC

  4. Microsoft Scripting Engine | Unauthenticated Remote Attack | Type Confusion Vulnerability | CVE-2025-30397 [EUVD-EUVD-2025-14411] | Details, PoC

  5. Jenkins Plugin WSO2 Oauth | Unauthenticated Remote Attack | Improper Authentication Vulnerability | CVE-2025-47889 [EUVD-EUVD-2025-14885] | Details

Vulnerability Statistics

  • Total: 1121
  • Critical: 31
  • High: 179
  • Medium: 123
  • Low: 13
  • Unknown: 775

Calendar Week 19 2025

Top 5

  1. SysAid On-Premise | Unauthenticated Remote Attack | Unauthenticated XML External Entity (XXE) Vulnerability | CVE-2025-2775 [EUVD-EUVD-2025-13878] | Details, PoC

  2. Cisco IOS XE Software for Wireless LAN Controllers | Unauthenticated Remote Attack | Hard-coded Credentials Vulnerability | CVE-2025-20188 [EUVD-EUVD-2025-13907] | Details, PoC

  3. FreeType | Unauthenticated Remote Attack | Out-of-Bounds Write Vulnerability | CVE-2025-27363 [EUVD-EUVD-2025-6367] | Details, PoC

  4. TeleMessage | Unauthenticated Remote Attack | Hard-coded Credentials Vulnerability | CVE-2025-47730 [EUVD-EUVD-2025-14002] | Details, PoC

  5. Kibana | Authenticated Remote Attack | Prototype Pollution Vulnerability | CVE-2025-25015 [EUVD-EUVD-2025-6024] | Details

Vulnerability Statistics

  • Total: 871
  • Critical: 34
  • High: 143
  • Medium: 99
  • Low: 14
  • Unknown: 581

Calendar Week 18 2025

Top 5

  1. Commvault Command Center | Unauthenticated Remote Attack | Path Traversal Vulnerability | CVE-2025-34028 [EUVD-EUVD-2025-12275], CVE-2025-3928 [EUVD-EUVD-2025-12508] | Details1, Details2, PoC

  2. Oracle Retail Xstore Office | Unauthenticated Remote Attack | Unauthorized Sensitive Information Exposure Vulnerability | CVE-2024-21136 [EUVD-EUVD-2024-18850] | Details, PoC

  3. Apache Tomcat | Unauthenticated Remote Attack | Path Equivalence and Improper Input Validation Vulnerabilities | CVE-2025-24813 [EUVD-EUVD-2025-6498], CVE-2025-31650 [EUVD-EUVD-2025-13627] | Details1, Details2, PoC

  4. Apple macOS and iPadOS | Unauthenticated Remote Attack | Use After Free Vulnerability | CVE-2025-24252 [EUVD-EUVD-2025-14858] | Details, PoC

  5. WordPress Plugins WooCommerce Order Delivery Date Pro and SureTriggers | Unauthenticated Remote Attack | Arbitrary Option Update and Authentication Bypass Vulnerabilities | CVE-2025-2907 [EUVD-EUVD-2025-12492], CVE-2025-3102 [EUVD-EUVD-2025-10494] | Details1, Details2, PoC

Vulnerability Statistics

  • Total: 884
  • Critical: 14
  • High: 73
  • Medium: 106
  • Low: 6
  • Unknown: 685

Calendar Week 17 2025

Top 5

  1. SAP NetWeaver | Unauthenticated Remote Attack | Unrestricted File Upload Vulnerability | CVE-2025-31324 [EUVD-EUVD-2025-11987] | Details, PoC

  2. Connectwise Screenconnect | Unauthenticated Remote Attack | ViewState Code Injection Vulnerability | CVE-2025-3935 [EUVD-EUVD-2025-12502] | Details

  3. SimpleHelp Remote Support Software | Authenticated Remote Attack | Missing Authorization and Path Traversal Vulnerabilities | CVE-2024-57726 [EUVD-EUVD-2024-53724], CVE-2024-57728 [EUVD-EUVD-2024-53726] | Details1, Details2

  4. Langflow | Unauthenticated Remote Attack | Code Injection Vulnerability | CVE-2025-3248 [EUVD-EUVD-2025-10011] | Details, PoC

  5. Citrix NetScaler Console | Unauthenticated Remote Attack | Sensitive Information Disclosure Vulnerability | CVE-2024-6235 [EUVD-EUVD-2024-47363] | Details, PoC

Vulnerability Statistics

  • Total: 590
  • Critical: 8
  • High: 51
  • Medium: 75
  • Low: 15
  • Unknown: 441

Calendar Week 16 2025

Top 5

  1. Erlang/OTP Libraries | Unauthenticated Remote Attack | Missing Authentication Vulnerability | CVE-2025-32433 [EUVD-EUVD-2025-11793] | Details, PoC

  2. Google Chromium | Unauthenticated Remote Attack | Type Confusion Vulnerability | CVE-2024-7971 [EUVD-EUVD-2024-48804] | Details, PoC

  3. Apple Multiple Products | Unauthenticated Remote Attack | Memory Corruption Vulnerability | CVE-2025-31200 [EUVD-EUVD-2025-11380] | Details, PoC

  4. Microsoft Windows NTLM | Unauthenticated Remote Attack | Hash Disclosure Spoofing Vulnerability | CVE-2025-24054 [EUVD-EUVD-2025-6336] | Details, PoC

  5. YesWiki | Unauthenticated Remote Attack | Path Traversal Vulnerability | CVE-2025-31131 [EUVD-EUVD-2025-9333] | Details, PoC

Vulnerability Statistics

  • Total: 1112
  • Critical: 4
  • High: 94
  • Medium: 92
  • Low: 11
  • Unknown: 911

Calendar Week 15 2025

Top 5

  1. DELMIA Apriso | Unauthenticated Remote Attack | Improper Object Deserialization Vulnerability | CVE-2024-3300 [EUVD-EUVD-2024-31890] | Details, PoC

  2. Moodle Learning Management System | Unauthenticated Remote Attack | Cross-site Scripting Vulnerability | CVE-2025-26529 [EUVD-EUVD-2025-4274] | Details, PoC

  3. WordPress Plugins Uncanny Automator and Shield Security | Authenticated Remote Attack | Missing Authorization and Cross-Site Scripting Vulnerabilities | CVE-2025-2075 [EUVD-EUVD-2025-9708], CVE-2024-7313 [EUVD-EUVD-2024-48254] | Details1, Details2, PoC1, PoC2

  4. Vite JS | Unauthenticated Remote Attack | Improper Access Control Vulnerabilities | CVE-2025-31125 [EUVD-EUVD-2025-8866], CVE-2025-30208 [EUVD-EUVD-2025-8079] | Details1, Details2, PoC1, PoC2

  5. PostgreSQL pgAdmin | Authenticated Remote Attack | Code Injection Vulnerability | CVE-2025-2945 [EUVD-EUVD-2025-9605] | Details, PoC

Vulnerability Statistics

  • Total: 969
  • Critical: 31
  • High: 175
  • Medium: 127
  • Low: 4
  • Unknown: 632

Calendar Week 14 2025

Top 5

  1. WordPress Kubio AI Page Builder and WP01 Plugins | Unauthenticated Remote Attack | Path Traversal Vulnerabilities | CVE-2025-2294 [EUVD-EUVD-2025-15115], CVE-2025-30567 [EUVD-EUVD-2025-8102] | Details1, Details2, PoC1, PoC2

  2. GLPI IT Management Software | Unauthenticated Remote Attack | SQL Injection Vulnerability | CVE-2025-24799 [EUVD-EUVD-2025-6704] | Details, PoC

  3. Ivanti Connect Secure | Unauthenticated Remote Attack | Stack-Based Buffer Overflow Vulnerability | CVE-2025-22457 [EUVD-EUVD-2025-9646] | Details, PoC

  4. CrushFTP | Unauthenticated Remote Attack | Authentication Bypass Vulnerability | CVE-2025-31161 [EUVD-EUVD-2025-9910] | Details, PoC

  5. Apple Multiple Products Webkit | Authenticated Remote Attack | Out-of-Bounds Write Vulnerability | CVE-2025-24201 [EUVD-EUVD-2025-6302] | Details, PoC

Vulnerability Statistics

  • Total: 1349
  • Critical: 9
  • High: 52
  • Medium: 106
  • Low: 20
  • Unknown: 1162

Calendar Week 13 2025

Top 5

  1. Kubernetes Ingress-Nginx Controller | Unauthenticated Remote Attack | Improper Input Validation and Improper Isolation Vulnerabilities | CVE-2025-1974 [EUVD-EUVD-2025-8035], CVE-2025-1097 [EUVD-EUVD-2025-8034] | Details1, Details2, PoC1, PoC2

  2. Google Chromium | Unauthenticated Remote Attack | Sandbox Escape Vulnerability | CVE-2025-2783 [EUVD-EUVD-2025-8225] | Details, PoC

  3. Next.js | Unauthenticated Remote Attack | Middleware Bypass Vulnerability | CVE-2025-29927 [EUVD-EUVD-2025-7243] | Details, PoC

  4. Microsoft Active Directory | Authenticated Remote Attack | Improper Access Control Vulnerability | CVE-2025-21293 [EUVD-EUVD-2025-2358] | Details, PoC

  5. CrushFTP | Unauthenticated Remote Attack | Improper Authentication Vulnerability | CVE-2025-2825 [EUVD-EUVD-2025-8227] | Details, PoC

Vulnerability Statistics

  • Total: 1054
  • Critical: 23
  • High: 47
  • Medium: 106
  • Low: 10
  • Unknown: 868

Calendar Week 12 2025

Top 5

  1. GitHub Action tj-actions/changed-files | Unauthenticated Remote Attack | Embedded Malicious Code Vulnerability | CVE-2025-30066 [EUVD-EUVD-2025-6565] | Details, PoC

  2. HUSKY - WooCommerce plugin for WordPress | Unauthenticated Remote Attack | Arbitrary Local File Inclusion Vulnerability | CVE-2025-1661 [EUVD-EUVD-2025-7408] | Details, PoC

  3. Apache Tomcat | Unauthenticated Remote Attack | Ambiguous Path Equivalence Vulnerability | CVE-2025-24813 [EUVD-EUVD-2025-6498] | Details, PoC

  4. Windows File Explorer | Unauthenticated Remote Attack | Sensitive Information Exposure Vulnerability | CVE-2025-24071 [EUVD-EUVD-2025-6328] | Details, PoC

  5. Veeam Backup & Replication | Authenticated Remote Attack | Deserialization of Untrusted Data Vulnerability | CVE-2025-23120 [EUVD-EUVD-2025-7177] | Details, PoC

Vulnerability Statistics

  • Total: 811
  • Critical: 16
  • High: 43
  • Medium: 70
  • Low: 20
  • Unknown: 662

Calendar Week 11 2025

Top 5

  1. D-Link DIR-859 Router | Unauthenticated Remote Attack | Authentication Bypass Vulnerability | CVE-2024-57045 [EUVD-EUVD-2025-4681] | Details, PoC

  2. Ivanti Endpoint Manager (EPM) | Unauthenticated Remote Attack | Path Traversal Vulnerability | CVE-2024-13161 [EUVD-EUVD-2024-51387] | Details, PoC

  3. GitLab | Unauthenticated Remote Attack | Authentication Bypass Vulnerabilities | CVE-2025-25291 [EUVD-EUVD-2025-6415], CVE-2025-25292 [EUVD-EUVD-2025-6414] | Details, PoC

  4. Apache Camel | Unauthenticated Remote Attack | Code Injection Vulnerabilities | CVE-2025-27636 [EUVD-EUVD-2025-6662], CVE-2025-29891 [EUVD-EUVD-2025-6254] | Details, PoC

  5. Fortinet FortiOS and FortiProxy | Unauthenticated Remote Attack | Authentication Bypass Vulnerability | CVE-2025-24472 [EUVD-EUVD-2025-3725] | Details

Vulnerability Statistics

  • Total: 743
  • Critical: 17
  • High: 139
  • Medium: 141
  • Low: 23
  • Unknown: 423

Calendar Week 10 2025

Top 5

  1. JSONpath-Plus | Unauthenticated Remote Attack | Improper Input Sanitization Vulnerability | CVE-2025-1302 [EUVD-EUVD-2025-2104] | Details, PoC

  2. Hewlett Packard Insight Remote Support | Unauthenticated Remote Attack | Path Traversal Vulnerability | CVE-2024-53676 [EUVD-EUVD-2024-52024] | Details, PoC

  3. Exim Internet Mailer | Unauthenticated Remote Attack | SQL Injection Vulnerability | CVE-2025-26794 [EUVD-EUVD-2025-4451] | Details, PoC

  4. Elastic Kibana | Authenticated Remote Attack | Prototype Pollution Vulnerability | CVE-2025-25012 [EUVD-EUVD-2025-19084] | Details

  5. Zohocorp ManageEngine ADSelfService Plus | Authenticated Remote Attack | Session Mishandling Vulnerability | CVE-2025-1723 [EUVD-EUVD-2025-5812] | Details

Vulnerability Statistics

  • Total: 905
  • Critical: 28
  • High: 104
  • Medium: 153
  • Low: 10
  • Unknown: 610

Calendar Week 09 2025

Top 5

  1. Angular-base64-upload Library | Unauthenticated Remote Attack | Unrestricted File Upload Vulnerability | CVE-2024-42640 [EUVD-EUVD-2024-3143] | Details, PoC

  2. Ivanti Endpoint Manager (EPM) | Unauthenticated Remote Attack | Path Traversal Vulnerabilities | CVE-2024-13159 [EUVD-EUVD-2024-51385], CVE-2024-13160 [EUVD-EUVD-2024-51386] | Details, PoC1, PoC2

  3. Microsoft Partner Center | Unauthenticated Remote Attack | Improper Access Control Vulnerability | CVE-2024-49035 [EUVD-EUVD-2024-43908] | Details

  4. BIG-IP iControl REST | Authenticated Remote Attack | Command Injection Vulnerability | CVE-2025-20029 [EUVD-EUVD-2025-2142] | Details, PoC

  5. Oracle WebLogic Server | Unauthenticated Remote Attack | Missing Authentication Vulnerability | CVE-2025-21535 [EUVD-EUVD-2025-2524] | Details

Vulnerability Statistics

  • Total: 1475
  • Critical: 27
  • High: 123
  • Medium: 227
  • Low: 41
  • Unknown: 1057

Calendar Week 08 2025

Top 5

  1. PostgreSQL Libpq | Unauthenticated Remote Attack | SQL Injection Vulnerability | CVE-2025-1094 [EUVD-EUVD-2025-1999] | Details, PoC

  2. Microsoft Power Pages | Unauthenticated Remote Attack | Improper Access Control Vulnerability | CVE-2025-24989 [EUVD-EUVD-2025-4642] | Details

  3. Juniper Session Smart Conductor and WAN Assurance Managed Routers | Unauthenticated Remote Attack | Authentication Bypass Vulnerability | CVE-2025-21589 | Details

  4. NetScaler Console and Agent | Authenticated Remote Attack | Improper Privilege Management Vulnerability | CVE-2024-12284 [EUVD-EUVD-2025-4641] | Details

  5. Adobe Commerce and Magento | Unauthenticated Remote Attack | Improper Authorization Vulnerability | CVE-2025-24434 [EUVD-EUVD-2025-3713] | Details

Vulnerability Statistics

  • Total: 681
  • Critical: 8
  • High: 49
  • Medium: 174
  • Low: 11
  • Unknown: 439

Calendar Week 07 2025

Top 5

  1. Zimbra Collaboration | Unauthenticated Remote Attack | SQL Injection Vulnerability | CVE-2025-25064 [EUVD-EUVD-2025-4006] | Details, PoC

  2. Windows Lightweight Directory Access Protocol (LDAP) | Unauthenticated Remote Attack | Heap-based Buffer Overflow Vulnerability | CVE-2025-21376 [EUVD-EUVD-2025-2439] | Details

  3. Palo Alto Networks PAN-OS | Unauthenticated Remote Attack | Authentication Bypass Vulnerability | CVE-2025-0108 [EUVD-EUVD-2025-1505] | Details, PoC

  4. Zyxel Customer premise equipment (CPE) | Authenticated Remote Attack | Command Injection and Insecure Default Credentials Vulnerabilities | CVE-2025-0890 [EUVD-EUVD-2025-1913], CVE-2024-40890 [EUVD-EUVD-2024-38809], CVE-2024-40891 [EUVD-EUVD-2024-38851] | Details, PoC

  5. Microsoft Windows WinSock and Storage Link | Local Attack | Heap-based Buffer Overflow and Link Following Vulnerabilities | CVE-2025-21418 [EUVD-EUVD-2025-2476], CVE-2025-21391 [EUVD-EUVD-2025-2452] | Details

Vulnerability Statistics

  • Total: 881
  • Critical: 12
  • High: 120
  • Medium: 112
  • Low: 24
  • Unknown: 613

Calendar Week 06 2025

Top 5

  1. SimpleHelp | Unauthenticated Remote Attack | Path Traversal Vulnerability | CVE-2024-57727 [EUVD-EUVD-2024-53725] | Details, PoC

  2. Cisco Identity Services Engine (ISE) | Authenticated Remote Attack | Untrusted Deserialization and Improper Authorization Vulnerabilities | CVE-2025-20124 [EUVD-EUVD-2025-2152], CVE-2025-20125 [EUVD-EUVD-2025-2153] | Details, PoC

  3. 7-Zip | Remote Attack | Mark of the Web Bypass Vulnerability | CVE-2025-0411 [EUVD-EUVD-2025-1658] | Details, PoC

  4. Advantive VeraCore | Unauthenticated Remote Attack | SQL Injection Vulnerability | CVE-2025-25181 [EUVD-EUVD-2025-4072] | Details, PoC

  5. Veeam Backup | Unauthenticated Remote Attack | Code Injection Vulnerability | CVE-2025-23114 [EUVD-EUVD-2025-3128] | Details

Vulnerability Statistics

  • Total: 734
  • Critical: 13
  • High: 53
  • Medium: 144
  • Low: 10
  • Unknown: 514

Calendar Week 05 2025

  1. Microsoft Windows | Unauthenticated Remote Attack | NTLMv2 Hash Disclosure Spoofing Vulnerability | CVE-2024-43451 [EUVD-EUVD-2024-40720] | Details, PoC

  2. VMware Avi Load Balancer | Unauthenticated Remote Attack | SQL Injection Vulnerability | CVE-2025-22217 [EUVD-EUVD-2025-2673] | Details

  3. Oracle JD Edwards EnterpriseOne Tools | Unauthenticated Remote Attack | Code Injection Vulnerability | CVE-2025-21524 [EUVD-EUVD-2025-2513] | Details

  4. QNAP QTS and QuTS hero | Unauthenticated Remote Attack | Link Following Vulnerability | CVE-2024-53691 [EUVD-EUVD-2024-52034] | Details, PoC

  5. Liferay Portal | Unauthenticated Remote Attack | Cross-Site Scripting (XSS) Vulnerability | CVE-2024-25608 [EUVD-EUVD-2024-22931] | Details

Calendar Week 04 2025

  1. Mitel MiCollab | Unauthenticated Remote Attack | Path Traversal Vulnerability | CVE-2024-41713 [EUVD-EUVD-2024-39339] | Details, PoC

  2. Next.js | Unauthenticated Remote Attack | Authorization Bypass Vulnerability | CVE-2024-46982 [EUVD-EUVD-2024-2803] | Details, PoC

  3. SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Server (CMS) | Unauthenticated Remote Attack | Deserialization of Untrusted Data Vulnerability | CVE-2025-23006 [EUVD-EUVD-2025-3070] | Details

  4. Jenkins Bitbucket Server Integration and OpenID Connect Authentication Plugins | Unauthenticated Remote Attack | Multiple Vulnerabilities Including Cross-Site Request Forgery (CSRF) and Incorrect Default Permissions | CVE-2025-24398 [EUVD-EUVD-2025-0187], CVE-2025-24399 [EUVD-EUVD-2025-0186] | Details

  5. Linear eMerge e3-Series | Unauthenticated Remote Attack | Command Injection Vulnerability | CVE-2024-9441 [EUVD-EUVD-2024-49940] | Details, PoC

Calendar Week 03 2025

  1. Microsoft Configuration Manager | Unauthenticated Remote Attack | SQL Injection Vulnerability | CVE-2024-43468 [EUVD-EUVD-2024-40737] | Details, PoC

  2. Fortinet FortiOS | Unauthenticated Remote Attack | Authorization Bypass Vulnerability | CVE-2024-55591 [EUVD-EUVD-2024-52819] | Details, PoC

  3. Kubernetes kubelet | Authenticated Remote Attack | Path Traversal Vulnerability | CVE-2024-10220 [EUVD-EUVD-2024-3336] | Details, PoC

  4. Windows OLE | Unauthenticated Remote Attack | Use After Free Vulnerability | CVE-2025-21298 [EUVD-EUVD-2025-2363] | Details, PoC

  5. Oracle Agile PLM Framework | Unauthenticated Remote Attack | Incorrect Authorization Vulnerability | CVE-2024-21287 [EUVD-EUVD-2024-19000] | Details

Calendar Week 02 2025

  1. Aviatrix Controller | Unauthenticated Remote Attack | Command Injection Vulnerability | CVE-2024-50603 [EUVD-EUVD-2024-44623] | Details, PoC

  2. WordPress GiveWP Donation Plugin and Fundraising Platform | Unauthenticated Remote Attack | PHP Object Injection Vulnerability | CVE-2024-8353 [EUVD-EUVD-2024-49119] | Details, PoC

  3. Ivanti Connect Secure, Policy Secure, and ZTA Gateways | Unauthenticated Remote Attack | Stack-Based Buffer Overflow Vulnerabilities | CVE-2025-0282 [EUVD-EUVD-2025-1580], CVE-2025-0283 [EUVD-EUVD-2025-1581] | Details, PoC

  4. Oracle WebLogic Server | Unauthenticated Remote Attack | Improper Deserialization Vulnerability | CVE-2020-2883 [EUVD-EUVD-2020-22676] | Details, PoC

  5. SonicWall SonicOS SSLVPN | Unauthenticated Remote Attack | Authentication Bypass Vulnerability | CVE-2024-53704 [EUVD-EUVD-2024-52037] | Details, PoC

Calendar Week 01 2025

  1. Windows Lightweight Directory Access Protocol (LDAP) | Unauthenticated Remote Attack | Denial of Service Vulnerability | CVE-2024-49113 [EUVD-EUVD-2024-43756] | Details, PoC

  2. Apache Traffic Control | Authenticated Remote Attack | SQL Injection Vulnerability | CVE-2024-45387 [EUVD-EUVD-2024-3616] | Details, PoC

  3. Oracle WebLogic Server | Unauthenticated Remote Attack | Java Naming and Directory Interface (JNDI) Injection Vulnerability | CVE-2024-21182 [EUVD-EUVD-2024-18896] | Details, PoC

  4. Progress WhatsUp Gold | Unauthenticated Remote Attack | Multiple Vulnerabilities Including Authentication Bypass and LDAP Configuration | CVE-2024-12106 [EUVD-EUVD-2024-50600], CVE-2024-12108 [EUVD-EUVD-2024-50602] | Details

  5. D-Link DIR-845L router | Unauthenticated Remote Attack | Command Injection Vulnerability | CVE-2024-33112 [EUVD-EUVD-2024-30857] | Details

Calendar Week 52 2024

  1. Apache Tomcat | Unauthenticated Remote Attack | Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability | CVE-2024-56337 [EUVD-EUVD-2024-3542] | Details, PoC

  2. Splunk Enterprise | Unauthenticated Remote Attack | Path Traversal Vulnerability | CVE-2024-36991 [EUVD-EUVD-2024-36378] | Details, PoC

  3. Craft CMS | Unauthenticated Remote Attack | Code Injection Vulnerability | CVE-2024-56145 [EUVD-EUVD-2024-3545] | Details, PoC

  4. libxml2 | Unauthenticated Remote Attack | External Entity Injection Vulnerability | CVE-2024-40896 [EUVD-EUVD-2024-38822] | Details

  5. Adobe ColdFusion | Unauthenticated Remote Attack | Path Traversal Vulnerability | CVE-2024-53961 [EUVD-EUVD-2024-52216] | Details

Calendar Week 51 2024

  1. Apache Tomcat | Unauthenticated Remote Attack | Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability | CVE-2024-50379 [EUVD-EUVD-2024-3537] | Details, PoC

  2. BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) | Unauthenticated Remote Attack | Command Injection Vulnerability | CVE-2024-12356 [EUVD-EUVD-2024-50801] | Details, PoC

  3. Spring Framework | Unauthenticated Remote Attack | Path Traversal Vulnerability | CVE-2024-38819 [EUVD-EUVD-2024-3583] | Details, PoC

  4. Sophos Firewall | Unauthenticated Remote Attack | Multiple Vulnerabilities Including Code Injection, Weak Credentials and SQL Injection | CVE-2024-12727 [EUVD-EUVD-2024-51075], CVE-2024-12728 [EUVD-EUVD-2024-51076], CVE-2024-12729 [EUVD-EUVD-2024-51077] | Details

  5. Kerio Control | Unauthenticated Remote Attack | HTTP Response Splitting Vulnerability | CVE-2024-52875 [EUVD-EUVD-2024-46263] | Details, PoC

Calendar Week 50 2024

  1. Cleo Harmony, VLTrader and LexiCom | Unauthenticated Remote Attack | Unrestricted File Upload and Download Vulnerability | CVE-2024-50623 [EUVD-EUVD-2024-45217] | Details, PoC

  2. Ivanti Cloud Service Appliance | Unauthenticated Remote Attack | Authentication Bypass Vulnerability | CVE-2024-11639 [EUVD-EUVD-2024-34149] | Details

  3. WordPress Plugins - Widget Options, WP Umbrella, My Geo Posts | Unauthenticated Remote Attack | Multiple Vulnerabilities Including Improper Input Sanitization, Arbitrary File Upload and Deserialization of Untrusted Data | CVE-2024-8672 [EUVD-EUVD-2024-49590], CVE-2024-12209 [EUVD-EUVD-2024-50682], CVE-2024-52433 [EUVD-EUVD-2024-46003] | Details1, Details2, Details3, PoC1, PoC2, PoC3

  4. Microsoft Windows LDAP and Common Log File Systems | Unauthenticated Remote Attack | Multiple Vulnerabilities Including Remote Code Execution and Heap-based Buffer Overflow | CVE-2024-49112 [EUVD-EUVD-2024-43797], CVE-2024-49138 [EUVD-EUVD-2024-43765] | Details1, Details2

  5. Apache Struts | Unauthenticated Remote Attack | Unrestricted File Upload Vulnerability | CVE-2024-53677 [EUVD-EUVD-2024-3418] | Details, PoC

Calendar Week 49 2024

  1. Zabbix Server | Authenticated Remote Attack | SQL Injection Vulnerability | CVE-2024-42327 [EUVD-EUVD-2024-39873] | Details, PoC

  2. ProjectSend | Unauthenticated Remote Attack | Improper Authentication Vulnerability | CVE-2024-11680 [EUVD-EUVD-2024-34152] | Details, PoC

  3. SailPoint IdentityIQ | Unauthenticated Remote Attack | Improper Access Control Vulnerability | CVE-2024-10905 [EUVD-EUVD-2024-33546] | Details

  4. TP-Link Archer, Deco, and Tapo Series Routers | Authenticated Remote Attack | Command Injection Vulnerability | CVE-2024-53375 [EUVD-EUVD-2024-51959] | Details, PoC

  5. 7-Zip Zstandard Decompression | Unauthenticated Remote Attack | Integer Underflow Vulnerability | CVE-2024-11477 [EUVD-EUVD-2024-34129] | Details, PoC

Calendar Week 48 2024

  1. CleanTalk Spam Protection and Firewall Plugin for WordPress | Unauthenticated Remote Attack | Authorization Bypass Vulnerability | CVE-2024-10542 [EUVD-EUVD-2024-33435] | Details, PoC

  2. OpenSSL | Unauthenticated Remote Attack | Memory Corruption and Command Injection Vulnerabilities | CVE-2024-5535 [EUVD-EUVD-2024-46737], CVE-2022-2274 [EUVD-EUVD-2022-6272], CVE-2022-1292 [EUVD-EUVD-2022-24621], CVE-2022-2068 [EUVD-EUVD-2022-34360] | Details, PoC1, PoC2

  3. Zyxel ATP and USG Flex Firewall | Unauthenticated Remote Attack | Command Injection Vulnerability | CVE-2024-42057 [EUVD-EUVD-2024-39425] | Details

  4. QNAP QuRouter | Unauthenticated Remote Attack | Command Injection Vulnerabilities | CVE-2024-48860 [EUVD-EUVD-2024-43181], CVE-2024-48861 [EUVD-EUVD-2024-43182] | Details

  5. Kubernetes kubelet | Authenticated Remote Attack | Path Traversal Vulnerability | CVE-2024-10220 [EUVD-EUVD-2024-3336] | Details, PoC

Calendar Week 47 2024

  1. Palo Alto PAN-OS | Unauthenticated Remote Attack | Authentication Bypass and Command Injection Vulnerabilities | CVE-2024-0012 [EUVD-EUVD-2024-15815], CVE-2024-9474 [EUVD-EUVD-2024-50354] | Details1, Details2, PoC1, PoC2

  2. WordPress WP Time Capsule Backup and Staging Plugin | Unauthenticated Remote Attack | Arbitrary File Upload Vulnerability | CVE-2024-8856 [EUVD-EUVD-2024-49578] | Details, PoC

  3. WordPress Really Simple Security Plugin | Unauthenticated Remote Attack | Authentication Bypass Vulnerability | CVE-2024-10924 [EUVD-EUVD-2024-33353] | Details, PoC

  4. Citrix Session Recording | Authenticated Remote Attack | Authenticated Remote Attack | CVE-2024-8069 [EUVD-EUVD-2024-48915] | Details, PoC

  5. SAP BusinessObjects Business Intelligence Platform | Unauthenticated Remote Attack | Missing Authentication Check Vulnerability | CVE-2024-41730 [EUVD-EUVD-2024-39173] | Details, PoC

Calendar Week 46 2024

  1. Rocket.Chat | Unauthenticated Remote Attack | Server-Side Request Forgery (SSRF) Vulnerability | CVE-2024-39713 [EUVD-EUVD-2024-2575] | Details, PoC

  2. D-Link NAS Devices | Unauthenticated Remote Attack | Command Injection Vulnerability | CVE-2024-10914 [EUVD-EUVD-2024-33344] | Details, PoC

  3. Fortinet FortiManager | Unauthenticated Remote Attack | Missing Authentication Vulnerability | CVE-2024-47575 [EUVD-EUVD-2024-42531] | Details, PoC

  4. Nginx UI | Unauthenticated Remote Attack | Logrotate Misconfiguration Vulnerability | CVE-2024-49368 [EUVD-EUVD-2024-43405] | Details, PoC

  5. LiteSpeed Cache | Unauthenticated Remote Attack | Insufficiently Protected Credentials Vulnerability | CVE-2024-44000 [EUVD-EUVD-2024-40782] | Details, PoC

Calendar Week 45 2024

  1. Jenkins Command Line Interface | Unauthenticated Remote Attack | Path Traversal Vulnerability | CVE-2024-23987 | Details, PoC

  2. ScienceLogic SL1 | Unauthenticated Remote Attack | Remote Code Execution Vulnerability | CVE-2024-9537 [EUVD-EUVD-2024-49996] | Details

  3. Cisco Ultra-Reliable Wireless Backhaul Access Points | Unauthenticated Remote Attack | Improper Input Validation Vulnerability | CVE-2024-20418 [EUVD-EUVD-2024-18133] | Details

  4. HPE Aruba Networking Access Points | Unauthenticated Remote Attack | Command Injection Vulnerability | CVE-2024-42509 [EUVD-EUVD-2024-39657] | Details

  5. Symphony PHP framework | Unauthenticated Remote Attack | Improper Input Validation Vulnerability | CVE-2024-50340 [EUVD-EUVD-2024-3330] | Details, PoC

Calendar Week 44 2024

  1. CyberPanel | Unauthenticated Remote Attack | Authentication Bypass and Command Injection Vulnerabilities | CVE-2024-51567 [EUVD-EUVD-2024-45733], CVE-2024-51378 [EUVD-EUVD-2024-45807] | Details, PoC1, PoC2

  2. RoundCube Webmail | Unauthenticated Remote Attack | Cross-Site Scripting (XSS) Vulnerability | CVE-2024-37383 [EUVD-EUVD-2024-36625] | Details, PoC

  3. PyTorch | Unauthenticated Remote Attack | Insecure Deserialization Vulnerability | CVE-2024-48063 [EUVD-EUVD-2024-42923] | Details, PoC

  4. Microsoft Sharepoint | Authenticated Remote Attack | Insecure Deserialization Vulnerability | CVE-2024-38094 [EUVD-EUVD-2024-37782] | Details

  5. Microsoft Windows Server | Authenticated Remote Attack | Elevation of Privilege Vulnerability | CVE-2024-43532 [EUVD-EUVD-2024-40657] | Details

Calendar Week 43 2024

  1. Grafana | Authenticated Remote Attack | Code Injection Vulnerability | CVE-2024-9264 [EUVD-EUVD-2024-3110] | Details, PoC1, PoC2

  2. pfSense | Unauthenticated Remote Attack | Cross-Site Scripting (XSS) Vulnerability | CVE-2024-46538 [EUVD-EUVD-2024-41866] | Details, PoC

  3. Fortinet FortiManager | Unauthenticated Remote Attack | Missing Authentication Vulnerability | CVE-2024-47575 [EUVD-EUVD-2024-42531] | Details1, Details2

  4. WordPress TI WooCommerce Wishlist Plugin | Unauthenticated Remote Attack | SQL Injection Vulnerability | CVE-2024-43917 [EUVD-EUVD-2024-40567] | Details, PoC

  5. WordPress Premium ARForms Form Builder Plugin | Unauthenticated Remote Attack | Unauthenticated File Upload Vulnerability | CVE-2024-4620 [EUVD-EUVD-2024-44228] | Details, PoC

Calendar Week 42 2024

  1. ConnectWise ScreenConnect | Unauthenticated Remote Attack | Authentication Bypass Vulnerability | CVE-2024-1709 [EUVD-EUVD-2024-17443] | Details, PoC

  2. GitHub Enterprise Server | Unauthenticated Remote Attack | Improper Verification of Cryptographic Signature | CVE-2024-9487 [EUVD-EUVD-2024-49973] | Details, PoC

  3. Ruby SAML | Unauthenticated Remote Attack | Improper Verification of SAML Response Signature | CVE-2024-45409 [EUVD-EUVD-2024-2828] | Details, PoC

  4. Mozilla Firefox and Firefox ESR | Unauthenticated Remote Attack | Use After Free Vulnerability | CVE-2024-9680 [EUVD-EUVD-2024-50087] | Details, PoC

  5. Veeam Backup and Replication | Unauthenticated Remote Attack | Deserialization of Untrusted Data Vulnerability | CVE-2024-40711 [EUVD-EUVD-2024-38578] | Details, PoC

Calendar Week 41 2024

  1. Palo Alto Networks Expedition | Unauthenticated Remote Attack | OS and SQL Injection Vulnerabilities | CVE-2024-9463 [EUVD-EUVD-2024-49955], CVE-2024-9464 [EUVD-EUVD-2024-49956], CVE-2024-9465 [EUVD-EUVD-2024-49957] | Details, PoC1, PoC2

  2. Mozilla Firefox and Firefox ESR | Unauthenticated Remote Attack | Use After Free Vulnerability | CVE-2024-9680 [EUVD-EUVD-2024-50087] | Details, PoC

  3. Fortinet FortiOS, FortiPAM, FortiProxy, and FortiWeb | Unauthenticated Remote Attack | Format String Vulnerability | CVE-2024-23113 [EUVD-EUVD-2024-20638] | Details, PoC

  4. Windows RDP | Unauthenticated Remote Attack | Use After Free Vulnerability | CVE-2024-43582 [EUVD-EUVD-2024-40336] | Details

  5. PostgreSQL pgAdmin | Unauthenticated Remote Attack | Insufficiently Protected Credentials in OAuth2 Authentication | CVE-2024-9014 [EUVD-EUVD-2024-2825] | Details, PoC

Calendar Week 40 2024

  1. Cisco IOS XE | Unauthenticated Remote Attack | Improper Resource Management Vulnerability | CVE-2024-20467 [EUVD-EUVD-2024-18182] | Details, PoC

  2. OpenPrinting CUPS | Unauthenticated Remote Attack | Binding to an Unrestricted IP Address and Input Validation Vulnerabilities | CVE-2024-47176 [EUVD-EUVD-2024-42298], CVE-2024-47076 [EUVD-EUVD-2024-42263], CVE-2024-47175 [EUVD-EUVD-2024-42297], CVE-2024-47177 [EUVD-EUVD-2024-42299] | Details, PoC1, PoC2

  3. Check Point Quantum Security Gateways | Unauthenticated Remote Attack | Information Disclosure Vulnerability | CVE-2024-24919 [EUVD-EUVD-2024-22282] | Details, PoC

  4. Synacor Zimbra Collaboration | Unauthenticated Remote Attack | Improper Access Control Vulnerability | CVE-2024-45519 [EUVD-EUVD-2024-41520] | Details, PoC

  5. Broadcom VMware vCenter Server | Unauthenticated Remote Attack | Heap Overflow Vulnerability | CVE-2024-38812 [EUVD-EUVD-2024-37703] | Details

Calendar Week 39 2024

  1. OpenPrinting CUPS | Unauthenticated Remote Attack | Binding to an Unrestricted IP Address and Input Validation Vulnerabilities | CVE-2024-47176 [EUVD-EUVD-2024-42298], CVE-2024-47076 [EUVD-EUVD-2024-42263], CVE-2024-47175 [EUVD-EUVD-2024-42297], CVE-2024-47177 [EUVD-EUVD-2024-42299] | Details, PoC

  2. Aruba Access Points | Unauthenticated Remote Attack | Command Injection Vulnerabilities | CVE-2024-42505 [EUVD-EUVD-2024-39653], CVE-2024-42506 [EUVD-EUVD-2024-39654], CVE-2024-42507 [EUVD-EUVD-2024-39655] | Details

  3. Cisco Smart Licensing Utility | Unauthenticated Remote Attack | Use of Hard-coded Credentials Vulnerability | CVE-2024-20439 [EUVD-EUVD-2024-18154] | Details, PoC

  4. MediaTek Wi-Fi Chipsets | Unauthenticated Remote Attack | Out-of-Bounds Write Vulnerability | CVE-2024-20017 [EUVD-EUVD-2024-17732] | Details, PoC

  5. Keycloak | Authenticated Remote Attack | Improper Signature Verification Vulnerability | CVE-2024-8698 [EUVD-EUVD-2024-3168] | Details, PoC

Calendar Week 38 2024

  1. Apache HugeGraph | Unauthenticated Remote Attack |  Improper Access Control Vulnerability | CVE-2024-27348 [EUVD-EUVD-2024-1059] | Details, PoC

  2. Ivanti Endpoint Manager | Unauthenticated Remote Attack | Improper Deserialization of Untrusted Data Vulnerability | CVE-2024-29847 [EUVD-EUVD-2024-26839] | Details, PoC

  3. Thinkphp | Unauthenticated Remote Attack | Improper Deserialization of Untrusted Data Vulnerability | CVE-2024-44902 [EUVD-EUVD-2024-2779] | Details, PoC

  4. Raisecom Gateway Devices | Unauthenticated Remote Attack | Command Injection Vulnerability | Details, [PoC](https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-7120 [EUVD-EUVD-2024-48098].yaml)

  5. Broadcom vCenter Server | Unauthenticated Remote Attack |Heap Overflow Vulnerability | CVE-2024-38812 [EUVD-EUVD-2024-37703] | Details

Calendar Week 37 2024

  1. Kemp LoadMaster | Unauthenticated Remote Attack | Command Injection Vulnerability | CVE-2024-1212 [EUVD-EUVD-2024-16979] | Details, PoC

  2. Qualitor ITSM | Unauthenticated Remote Attack | Arbitrary File Upload Vulnerability | CVE-2024-44849 [EUVD-EUVD-2024-41124] | Details, PoC

  3. Apache OFBiz | Unauthenticated Remote Attack | Server-Side Request Forgery Vulnerability | CVE-2024-45507 [EUVD-EUVD-2024-41516] | Details, PoC

  4. SonicWall SonicOS | Unauthenticated Remote Attack | Improper Access Control Vulnerability | CVE-2024-40766 [EUVD-EUVD-2024-38613] | Details

  5. GitLab CE/EE | Authenticated Remote Attack | Pipeline Execution Vulnerability | CVE-2024-6678 [EUVD-EUVD-2024-47729] | Details

Calendar Week 36 2024

  1. Cisco Smart Licensing Utility | Unauthenticated Remote Attack | Sensitive Information in Log Files and Static Admin Credentials Vulnerabilities | CVE-2024-20439 [EUVD-EUVD-2024-18154], CVE-2024-20440 [EUVD-EUVD-2024-18155] | Details, PoC1, PoC2

  2. Veeam Backup & Replication | Unauthenticated Remote Attack | Remote Code Execution Vulnerability | CVE-2024-40711 [EUVD-EUVD-2024-38578] | Details, PoC

  3. Ivanti Virtual Traffic Manager | Unauthenticated Remote Attack | Admin Authentication Bypass Vulnerability | CVE-2024-7593 [EUVD-EUVD-2024-48489] | Details, PoC

  4. Zyxel APs and Security Router Devices | Unauthenticated Remote Attack | Command Injection Vulnerability | CVE-2024-7261 [EUVD-EUVD-2024-48208] | Details

  5. WhatsUp Gold | Unauthenticated Remote Attack | SQL Injection Vulnerability | CVE-2024-6670 [EUVD-EUVD-2024-48017] | Details, PoC

Calendar Week 35 2024

  1. Wordpress Litespeed Cache | Unauthenticated Remote Attack | Incorrect Privilege Assignment Vulnerability | CVE-2024-28000 [EUVD-EUVD-2024-25174] | Details, PoC

  2. AVTECH IP Cameras | Unauthenticated Remote Attack | Command Injection Vulnerability | CVE-2024-7029 [EUVD-EUVD-2024-48461] | Details, PoC

  3. Apache OFBiz | Unauthenticated Remote Attack | Path Traversal and Incorrect Authorization Vulnerabilities | CVE-2024-32113 [EUVD-EUVD-2024-29935], CVE-2024-38856 [EUVD-EUVD-2024-37643] | Details, PoC1, PoC2

  4. Google Chromium V8 | Unauthenticated Remote Attack | Confusion and Inappropriate Implementation Vulnerabilities | CVE-2024-5274 [EUVD-EUVD-2024-46510], CVE-2024-7965 [EUVD-EUVD-2024-48798] | Details, Details, PoC1

  5. SonicWall SonicOS | Unauthenticated Remote Attack | Improper Access Control Vulnerability | CVE-2024-40766 [EUVD-EUVD-2024-38613] | Details

Calendar Week 34 2024

  1. GitHub Enterprise Server | Unauthenticated Remote Attack | Authentication Bypass Vulnerability | CVE-2024-6800 [EUVD-EUVD-2024-47827] | Details

  2. Ingress Nginx Controller | Authenticated Remote Attack | Annotation Validation Bypass Vulnerability | CVE-2024-7646 [EUVD-EUVD-2024-48533] | Details, PoC

  3. ServiceNow | Unauthenticated Remote Attack | Input Validation and Incomplete List of Disallowed Inputs Vulnerabilities | CVE-2024-5217 [EUVD-EUVD-2024-46457], CVE-2024-4879 [EUVD-EUVD-2024-44451] | Details, PoC1, PoC2

  4. Dahua IP Cameras, Video Intercom, NVR, XVR devices | Unauthenticated Remote Attack | Authentication Bypass Vulnerabilities | CVE-2021-33044 [EUVD-EUVD-2021-19759], CVE-2021-33045 [EUVD-EUVD-2021-19760] | Details, PoC

  5. Apache HTTP Server | Unauthenticated Remote Attack | Substitution Encoding Vulnerabilities | CVE-2024-38474 [EUVD-EUVD-2024-37355], CVE-2024-38475 [EUVD-EUVD-2024-37356] | Details, PoC

Calendar Week 33 2024

  1. TOTOLINK EX1800T and A3700R | Unauthenticated Remote Attack | Command Injection Vulnerabilities | CVE-2024-34257 [EUVD-EUVD-2024-34717], CVE-2023-46574 [EUVD-EUVD-2023-50779] | Details, PoC1, PoC2

  2. Windows 10, 11, and Server | Unauthenticated Remote Attack | TCP/IP Buffer Overflow Vulnerability in IPv6 Stack | CVE-2024-38063 [EUVD-EUVD-2024-37238] | Details, PoC

  3. VMware ESXi | Authenticated Remote Attack | Authentication Bypass Vulnerability | CVE-2024-37085 [EUVD-EUVD-2024-36416] | Details, PoC

  4. SolarWinds Web Help Desk | Unauthenticated Remote Attack | Deserialization of Untrusted Data Vulnerability | CVE-2024-28986 [EUVD-EUVD-2024-26048] | Details

  5. Ivanti Virtual Traffic Manager | Unauthenticated Remote Attack | Admin Authentication Bypass Vulnerability | CVE-2024-7593 [EUVD-EUVD-2024-48489] | Details, PoC

Calendar Week 32 2024

  1. Cacti Network Monitoring and Fault Management Framework | Unauthenticated Remote Attack | Command Injection Vulnerability | CVE-2024-29895 [EUVD-EUVD-2024-26876] | Details, PoC

  2. Jenkins | Unauthenticated Remote Attack | Path Traversal Vulnerability | CVE-2024-43044 [EUVD-EUVD-2024-2593] | Details, PoC

  3. ServiceNow | Unauthenticated Remote Attack | Input Validation and Incomplete List of Disallowed Inputs Vulnerabilities | CVE-2024-5217 [EUVD-EUVD-2024-46457], CVE-2024-4879 [EUVD-EUVD-2024-44451] | Details, PoC1, PoC2

  4. Progress WhatsUpGold | Unauthenticated Remote Attack | Improper Path Validation Vulnerability | CVE-2024-4885 [EUVD-EUVD-2024-44455] | Details, PoC

  5. Apache OFBiz | Unauthenticated Remote Attack | Path Traversal and Incorrect Authorization Vulnerabilities | CVE-2024-32113 [EUVD-EUVD-2024-29935], CVE-2024-38856 [EUVD-EUVD-2024-37643] | Details, PoC1, PoC2

All Rights Reserved by ENTRYZERO GmbH

Website by Sanico Software

IMPRINT: ENTRYZERO GmbH, Technologiezentrum Ruhr, Konrad-Zuse-Straße 18, 44801 Bochum, Registered Office: Bochum, Registration Court: Local Court Bochum, Registration number: HRB 21709, VAT ID: DE369315057, Managing Directors: Dr. Mohamad Sbeiti, Samet Gökbayrak, Tel.: +49 234 94426026, Email: info@entryzero.ai

PRIVACY POLICY: This website does not collect any personal data. We do not use cookies, trackers, forms or similar technologies. However, by visiting our website you agree that for every site request the following non-personal information is stored on the webserver for statistical, intrusion detection/prevention and troubleshooting purposes: requested address (URL), request date and time, client IP address, user-agent and referer. No information is given to or shared with third parties

Logo of the German Ministry