CyberAlerts

CVE-2025-40635

Description: SQL injection vulnerability in Comerzzia Backoffice: Sales Orchestrator 3.0.15. This vulnerability allows an attacker to retrieve, create, update and delete databases via the ‘uidActivity’, ‘codCompany’ and ‘uidInstance’ parameters of the ‘/comerzzia/login’ endpoint.

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE

May 20th, 2025 (18 days ago)

CVE-2025-40634

Stack-based buffer overflow in TP-Link Archer AX50

Description: Stack-based buffer overflow vulnerability in the 'conn-indicator' binary running as root on the TP-Link Archer AX50 router, in firmware versions prior to 1.0.15 build 241203 rel61480. This vulnerability allows an attacker to execute arbitrary code on the device over LAN and WAN networks.

CVSS: CRITICAL (9.2)

EPSS Score: 0.02%

Source: CVE

May 20th, 2025 (18 days ago)

CVE-2025-4322

Motors <= 5.6.67 - Unauthenticated Privilege Escalation via Password Update/Account Takeover

Description: The Motors theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.6.67. This is due to the theme not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user passwords, including those of administrators, and leverage that to gain access to their account.

CVSS: CRITICAL (9.8)

EPSS Score: 0.1%

Source: CVE

May 20th, 2025 (18 days ago)

[samlify] samlify SAML Signature Wrapping attack

Description: A Signature Wrapping attack has been found in samlify References https://github.com/tngan/samlify/security/advisories/GHSA-r683-v43c-6xqv https://nvd.nist.gov/vuln/detail/CVE-2025-47949 https://github.com/tngan/samlify/commit/115679acd89f0a37ea3ebd8fff7db54fca3e8af3 https://github.com/advisories/GHSA-r683-v43c-6xqv

CVSS: CRITICAL (9.9)

EPSS Score: 0.02%

Source: Github Advisory Database (NPM)

May 19th, 2025 (19 days ago)

[github.com/gardener/gardener] Gardener allows metadata injection for a project secret which can lead to privilege escalation

Description: A security vulnerability was discovered in the gardenlet component of Gardener. It could allow a user with administrative privileges for a Gardener project to obtain control over the seed cluster(s) where their shoot clusters are managed. Am I Vulnerable? This CVE affects all Gardener installations where https://github.com/gardener/gardener-extension-provider-gcp is in use. Affected Components gardener/gardener (gardenlet) Affected Versions < v1.116.4 < v1.117.5 < v1.118.2 < v1.119.0 Fixed Versions >= v1.116.4 >= v1.117.5 >= v1.118.2 >= v1.119.0 How do I mitigate this vulnerability? Update to a fixed version. References https://github.com/gardener/gardener/security/advisories/GHSA-9x73-87fh-54w9 https://nvd.nist.gov/vuln/detail/CVE-2025-47284 https://github.com/advisories/GHSA-9x73-87fh-54w9

CVSS: CRITICAL (9.9)

EPSS Score: 0.05%

Source: Github Advisory Database (Go)

May 19th, 2025 (19 days ago)

CVE-2025-48340

WordPress User Profile Meta Manager plugin <= 1.02 - CSRF to Privilege Escalation vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in Danny Vink User Profile Meta Manager allows Privilege Escalation.This issue affects User Profile Meta Manager: from n/a through 1.02.

CVSS: CRITICAL (9.8)

EPSS Score: 0.03%

Source: CVE

May 19th, 2025 (19 days ago)

CVE-2025-47949

samlify SAML Signature Wrapping attack

Description: samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider. Version 2.10.0 fixes the issue.

CVSS: CRITICAL (9.9)

EPSS Score: 0.02%

Source: CVE

May 19th, 2025 (19 days ago)

CVE-2025-39410

WordPress Smart Sections Theme Builder - WPBakery Page Builder Addon plugin <= 1.7.8 - PHP Object Injection vulnerability

Description: Deserialization of Untrusted Data vulnerability in themegusta Smart Sections Theme Builder - WPBakery Page Builder Addon.This issue affects Smart Sections Theme Builder - WPBakery Page Builder Addon: from n/a through 1.7.8.

CVSS: CRITICAL (9.8)

EPSS Score: 0.05%

Source: CVE

May 19th, 2025 (19 days ago)

CVE-2025-39406

WordPress WPAMS plugin <= 44.0 - Local File Inclusion to Privilege Escalation vulnerability

Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in mojoomla WPAMS allows PHP Local File Inclusion.This issue affects WPAMS: from n/a through 44.0.

CVSS: CRITICAL (9.8)

EPSS Score: 0.15%

Source: CVE

May 19th, 2025 (19 days ago)

CVE-2025-39402

WordPress WPAMS plugin <= 44.0 (17-08-2023) - Arbitrary File Upload vulnerability

Description: Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla WPAMS allows Upload a Web Shell to a Web Server.This issue affects WPAMS: from n/a through 44.0 (17-08-2023).

CVSS: CRITICAL (9.9)

EPSS Score: 0.05%

Source: CVE

May 19th, 2025 (19 days ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-40635	SQL injection at Comerzzia Description: SQL injection vulnerability in Comerzzia Backoffice: Sales Orchestrator 3.0.15. This vulnerability allows an attacker to retrieve, create, update and delete databases via the ‘uidActivity’, ‘codCompany’ and ‘uidInstance’ parameters of the ‘/comerzzia/login’ endpoint. CVSS: CRITICAL (9.3) EPSS Score: 0.04% Source: CVE May 20th, 2025 (18 days ago)
CVE-2025-40634	Stack-based buffer overflow in TP-Link Archer AX50 Description: Stack-based buffer overflow vulnerability in the 'conn-indicator' binary running as root on the TP-Link Archer AX50 router, in firmware versions prior to 1.0.15 build 241203 rel61480. This vulnerability allows an attacker to execute arbitrary code on the device over LAN and WAN networks. CVSS: CRITICAL (9.2) EPSS Score: 0.02% Source: CVE May 20th, 2025 (18 days ago)
CVE-2025-4322	Motors <= 5.6.67 - Unauthenticated Privilege Escalation via Password Update/Account Takeover Description: The Motors theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.6.67. This is due to the theme not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user passwords, including those of administrators, and leverage that to gain access to their account. CVSS: CRITICAL (9.8) EPSS Score: 0.1% Source: CVE May 20th, 2025 (18 days ago)
	[samlify] samlify SAML Signature Wrapping attack Description: A Signature Wrapping attack has been found in samlify References https://github.com/tngan/samlify/security/advisories/GHSA-r683-v43c-6xqv https://nvd.nist.gov/vuln/detail/CVE-2025-47949 https://github.com/tngan/samlify/commit/115679acd89f0a37ea3ebd8fff7db54fca3e8af3 https://github.com/advisories/GHSA-r683-v43c-6xqv CVSS: CRITICAL (9.9) EPSS Score: 0.02% Source: Github Advisory Database (NPM) May 19th, 2025 (19 days ago)
	[github.com/gardener/gardener] Gardener allows metadata injection for a project secret which can lead to privilege escalation Description: A security vulnerability was discovered in the gardenlet component of Gardener. It could allow a user with administrative privileges for a Gardener project to obtain control over the seed cluster(s) where their shoot clusters are managed. Am I Vulnerable? This CVE affects all Gardener installations where https://github.com/gardener/gardener-extension-provider-gcp is in use. Affected Components gardener/gardener (gardenlet) Affected Versions < v1.116.4 < v1.117.5 < v1.118.2 < v1.119.0 Fixed Versions >= v1.116.4 >= v1.117.5 >= v1.118.2 >= v1.119.0 How do I mitigate this vulnerability? Update to a fixed version. References https://github.com/gardener/gardener/security/advisories/GHSA-9x73-87fh-54w9 https://nvd.nist.gov/vuln/detail/CVE-2025-47284 https://github.com/advisories/GHSA-9x73-87fh-54w9 CVSS: CRITICAL (9.9) EPSS Score: 0.05% Source: Github Advisory Database (Go) May 19th, 2025 (19 days ago)
CVE-2025-48340	WordPress User Profile Meta Manager plugin <= 1.02 - CSRF to Privilege Escalation vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Danny Vink User Profile Meta Manager allows Privilege Escalation.This issue affects User Profile Meta Manager: from n/a through 1.02. CVSS: CRITICAL (9.8) EPSS Score: 0.03% Source: CVE May 19th, 2025 (19 days ago)
CVE-2025-47949	samlify SAML Signature Wrapping attack Description: samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider. Version 2.10.0 fixes the issue. CVSS: CRITICAL (9.9) EPSS Score: 0.02% Source: CVE May 19th, 2025 (19 days ago)
CVE-2025-39410	WordPress Smart Sections Theme Builder - WPBakery Page Builder Addon plugin <= 1.7.8 - PHP Object Injection vulnerability Description: Deserialization of Untrusted Data vulnerability in themegusta Smart Sections Theme Builder - WPBakery Page Builder Addon.This issue affects Smart Sections Theme Builder - WPBakery Page Builder Addon: from n/a through 1.7.8. CVSS: CRITICAL (9.8) EPSS Score: 0.05% Source: CVE May 19th, 2025 (19 days ago)
CVE-2025-39406	WordPress WPAMS plugin <= 44.0 - Local File Inclusion to Privilege Escalation vulnerability Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in mojoomla WPAMS allows PHP Local File Inclusion.This issue affects WPAMS: from n/a through 44.0. CVSS: CRITICAL (9.8) EPSS Score: 0.15% Source: CVE May 19th, 2025 (19 days ago)
CVE-2025-39402	WordPress WPAMS plugin <= 44.0 (17-08-2023) - Arbitrary File Upload vulnerability Description: Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla WPAMS allows Upload a Web Shell to a Web Server.This issue affects WPAMS: from n/a through 44.0 (17-08-2023). CVSS: CRITICAL (9.9) EPSS Score: 0.05% Source: CVE May 19th, 2025 (19 days ago)