Most recent sightings.

Most recent sightings. https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sun, 21 Jun 2026 06:44:04 +0000 a3392733-6433-41f5-b728-b01e53d44712 https://vulnerability.circl.lu/sighting/a3392733-6433-41f5-b728-b01e53d44712/export {"uuid": "a3392733-6433-41f5-b728-b01e53d44712", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20061", "type": "seen", "source": "https://t.me/true_secator/6862", "content": "\u041f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u043c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0442\u044c \u0442\u0440\u0435\u043d\u0434\u043e\u0432\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0435 \u0441 \u043d\u0438\u043c\u0438 \u0443\u0433\u0440\u043e\u0437\u044b:\n\n1. \u041d\u0430\u0431\u043e\u0440 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0439 \u043a\u0430\u043a\u00a0DRAY:BREAK, \u0442\u0435\u043f\u0435\u0440\u044c \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0431\u043e\u0442\u043d\u0435\u0442\u043e\u043c Mirai. \u041f\u043e\u0434 \u0443\u0433\u0440\u043e\u0437\u043e\u0439 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u044b DrayTek Vigor.\n\n2. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 watchTowr \u0432\u044b\u044f\u0432\u0438\u043b\u0438\u00a0\u0442\u0440\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438\u00a0\u0432 Kentico Xperience CMS, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u0432\u0437\u043b\u043e\u043c\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0441\u0430\u0439\u0442\u043e\u0432.\n\n\u041e\u043d\u0438 \u0432\u043a\u043b\u044e\u0447\u0430\u044e\u0442 \u0434\u0432\u0430 \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438 RCE \u043f\u043e\u0441\u043b\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438. \u041f\u0430\u0442\u0447\u0438 \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u044b, \u043d\u043e CVE \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0442.\n\n3. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0410\u043b\u0435\u043a\u0441\u0430\u043d\u0434\u0440 \u0422\u0430\u043d \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b \u0434\u0432\u0435\u00a0\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0435 JavaScript XML-crypto, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0434\u043b\u044f \u043e\u0431\u0445\u043e\u0434\u0430 \u0441\u0438\u0441\u0442\u0435\u043c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u0433\u0434\u0435 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043f\u043e\u0434\u043f\u0438\u0441\u0430\u043d\u043d\u044b\u0445 XML-\u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u043e\u0432.\n\nWorkOS \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u043b\u0430, \u0447\u0442\u043e \u043e\u0448\u0438\u0431\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0434\u043b\u044f \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 SAML \u0438 \u0432\u044b\u0434\u0430\u0447\u0438 \u0441\u0435\u0431\u044f \u0437\u0430 \u043b\u044e\u0431\u0443\u044e \u0443\u0447\u0435\u0442\u043d\u0443\u044e \u0437\u0430\u043f\u0438\u0441\u044c. \u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0434\u0440\u0443\u0433\u0438\u0435 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 SAML, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0435 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0443, \u0442\u0430\u043a\u0436\u0435 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b.\n\n4. \u0412 SIEM \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c Wazuh \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430\u00a0\u043e\u0448\u0438\u0431\u043a\u0430 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 (CVE-2025-24016).\n\n5. 0-day \u0432 Windows \u044d\u043a\u0441\u043f\u043e\u0440\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0439 \u043a\u0438\u0431\u0435\u0440\u0448\u043f\u0438\u043e\u043d\u0430\u0436\u0430 \u0432 \u0442\u0435\u0447\u0435\u043d\u0438\u0435 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0445 \u0432\u043e\u0441\u044c\u043c\u0438 \u043b\u0435\u0442.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0442\u044c \u0430\u0440\u0433\u0443\u043c\u0435\u043d\u0442\u044b \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u0438 \u0432 \u0444\u0430\u0439\u043b\u044b \u044f\u0440\u043b\u044b\u043a\u043e\u0432 LNK, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043d\u0435\u0432\u0438\u0434\u0438\u043c\u044b \u0434\u043b\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f.\n\n\u041f\u043e \u043a\u0440\u0430\u0439\u043d\u0435\u0439 \u043c\u0435\u0440\u0435 11 APT \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043b\u0438 \u043d\u0443\u043b\u044c \u0434\u043b\u044f \u0441\u043e\u043a\u0440\u044b\u0442\u0438\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u0438\u043d\u0441\u0442\u0440\u0443\u043a\u0446\u0438\u0439 \u0432 \u0444\u0430\u0439\u043b\u0430\u0445 LNK. \n\nTrend Micro\u00a0\u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 \u043f\u043e\u0447\u0442\u0438 1000 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u0444\u0430\u0439\u043b\u043e\u0432 LNK, \u0437\u043b\u043e\u0443\u043f\u043e\u0442\u0440\u0435\u0431\u043b\u044f\u044e\u0449\u0438\u0445 \u044d\u0442\u043e\u0439 \u0442\u0435\u0445\u043d\u0438\u043a\u043e\u0439.\n\n\u041d\u043e \u0431\u043e\u043b\u044c\u0448\u0435 \u0432\u0441\u0435\u0433\u043e \u0443\u0434\u0438\u0432\u043b\u044f\u0435\u0442 Microsoft, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043e\u0442\u043a\u0430\u0437\u0430\u043b\u0430\u0441\u044c \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u043f\u043e\u0441\u043b\u0435 \u043e\u0442\u0447\u0435\u0442\u0430 Trend Micro \u0432 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u0435 \u043f\u0440\u043e\u0448\u043b\u043e\u0433\u043e \u0433\u043e\u0434\u0430. \u0412\u0438\u0434\u0438\u043c\u043e, \u043d\u0435 \u0441\u043e\u0433\u043b\u0430\u0441\u043e\u0432\u0430\u043b\u0438 \u043a\u0443\u0440\u0430\u0442\u043e\u0440\u044b.\n\n6. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 WordPress \u0441\u0442\u0430\u043d\u043e\u0432\u044f\u0442\u0441\u044f \u0432\u0441\u0435 \u043f\u0440\u043e\u0449\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c, \u043d\u0430 \u0447\u0442\u043e \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u044e\u0442 \u0432\u044b\u0432\u043e\u0434\u044b \u0438\u0437\u00a0\u043e\u0442\u0447\u0435\u0442\u0430 Patchstack \u0437\u0430 2024 \u0433\u043e\u0434.\n\n43% \u0432\u0441\u0435\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 WordPress, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0445 \u0432 \u043f\u0440\u043e\u0448\u043b\u043e\u043c \u0433\u043e\u0434\u0443, \u043d\u0435 \u0442\u0440\u0435\u0431\u043e\u0432\u0430\u043b\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0434\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438, \u0430 \u043f\u043e\u0434\u0430\u0432\u043b\u044f\u044e\u0449\u0435\u0435 \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u043e \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u043b\u043e \u043f\u043b\u0430\u0433\u0438\u043d\u044b, \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044f \u0442\u0435\u043d\u0434\u0435\u043d\u0446\u0438\u044e, \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u0432\u0448\u0443\u044e\u0441\u044f \u0432 \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0438\u0435 \u0433\u043e\u0434\u044b.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0431\u044b\u043b\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u043e \u043b\u0438\u0448\u044c \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043d\u043e \u0432\u0440\u0435\u043c\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0431\u044b\u043b\u043e \u043a\u043e\u0440\u043e\u0447\u0435, \u0447\u0435\u043c \u0432 \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0438\u0435 \u0433\u043e\u0434\u044b. \u041f\u043e \u0438\u0442\u043e\u0433\u0430\u043c \u0432\u0437\u043b\u043e\u043c\u0430\u043d\u043e \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u043b\u0443\u043c\u0438\u043b\u043b\u0438\u043e\u043d\u0430 \u0441\u0430\u0439\u0442\u043e\u0432 WordPress.\n\n7. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 PRODAFT \u0440\u0430\u0441\u043a\u0440\u044b\u043b\u0438 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438\u00a0\u0434\u0432\u0443\u0445 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 mySCADA myPRO, \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0434\u0438\u0441\u043f\u0435\u0442\u0447\u0435\u0440\u0441\u043a\u043e\u0433\u043e \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0438 \u0441\u0431\u043e\u0440\u0430 \u0434\u0430\u043d\u043d\u044b\u0445, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u0443\u044e \u0432 \u0441\u0440\u0435\u0434\u0430\u0445 OT, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u043c\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u043c\u0438.\n\n\u041e\u0431\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0441\u0432\u044f\u0437\u0430\u043d\u044b \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435\u043c \u043a\u043e\u043c\u0430\u043d\u0434 \u041e\u0421, \u043e\u0446\u0435\u043d\u0438\u0432\u0430\u044e\u0442\u0441\u044f \u043d\u0430 9,3 \u043f\u043e CVSS v4 \u0438 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u044e\u0442\u0441\u044f \u043a\u0430\u043a CVE-2025-20014 \u0438 CVE-2025-20061.\n\n\u0423\u0441\u043f\u0435\u0448\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043b\u044e\u0431\u043e\u0439 \u0438\u0437 \u0434\u0432\u0443\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432\u043d\u0435\u0434\u0440\u0438\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u044b \u0432 mySCADA PRO \u041c\u0435\u043d\u0435\u0434\u0436\u0435\u0440 1.3 \u0438 mySCADA PRO Runtime 9.2.1.", "creation_timestamp": "2025-03-20T18:30:07.000000Z"} {"uuid": "a3392733-6433-41f5-b728-b01e53d44712", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20061", "type": "seen", "source": "https://t.me/true_secator/6862", "content": "\u041f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u043c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0442\u044c \u0442\u0440\u0435\u043d\u0434\u043e\u0432\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0435 \u0441 \u043d\u0438\u043c\u0438 \u0443\u0433\u0440\u043e\u0437\u044b:\n\n1. \u041d\u0430\u0431\u043e\u0440 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0439 \u043a\u0430\u043a\u00a0DRAY:BREAK, \u0442\u0435\u043f\u0435\u0440\u044c \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0431\u043e\u0442\u043d\u0435\u0442\u043e\u043c Mirai. \u041f\u043e\u0434 \u0443\u0433\u0440\u043e\u0437\u043e\u0439 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u044b DrayTek Vigor.\n\n2. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 watchTowr \u0432\u044b\u044f\u0432\u0438\u043b\u0438\u00a0\u0442\u0440\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438\u00a0\u0432 Kentico Xperience CMS, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u0432\u0437\u043b\u043e\u043c\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0441\u0430\u0439\u0442\u043e\u0432.\n\n\u041e\u043d\u0438 \u0432\u043a\u043b\u044e\u0447\u0430\u044e\u0442 \u0434\u0432\u0430 \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438 RCE \u043f\u043e\u0441\u043b\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438. \u041f\u0430\u0442\u0447\u0438 \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u044b, \u043d\u043e CVE \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0442.\n\n3. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0410\u043b\u0435\u043a\u0441\u0430\u043d\u0434\u0440 \u0422\u0430\u043d \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b \u0434\u0432\u0435\u00a0\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0435 JavaScript XML-crypto, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0434\u043b\u044f \u043e\u0431\u0445\u043e\u0434\u0430 \u0441\u0438\u0441\u0442\u0435\u043c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u0433\u0434\u0435 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043f\u043e\u0434\u043f\u0438\u0441\u0430\u043d\u043d\u044b\u0445 XML-\u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u043e\u0432.\n\nWorkOS \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u043b\u0430, \u0447\u0442\u043e \u043e\u0448\u0438\u0431\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0434\u043b\u044f \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 SAML \u0438 \u0432\u044b\u0434\u0430\u0447\u0438 \u0441\u0435\u0431\u044f \u0437\u0430 \u043b\u044e\u0431\u0443\u044e \u0443\u0447\u0435\u0442\u043d\u0443\u044e \u0437\u0430\u043f\u0438\u0441\u044c. \u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0434\u0440\u0443\u0433\u0438\u0435 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 SAML, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0435 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0443, \u0442\u0430\u043a\u0436\u0435 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b.\n\n4. \u0412 SIEM \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c Wazuh \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430\u00a0\u043e\u0448\u0438\u0431\u043a\u0430 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 (CVE-2025-24016).\n\n5. 0-day \u0432 Windows \u044d\u043a\u0441\u043f\u043e\u0440\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0439 \u043a\u0438\u0431\u0435\u0440\u0448\u043f\u0438\u043e\u043d\u0430\u0436\u0430 \u0432 \u0442\u0435\u0447\u0435\u043d\u0438\u0435 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0445 \u0432\u043e\u0441\u044c\u043c\u0438 \u043b\u0435\u0442.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0442\u044c \u0430\u0440\u0433\u0443\u043c\u0435\u043d\u0442\u044b \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u0438 \u0432 \u0444\u0430\u0439\u043b\u044b \u044f\u0440\u043b\u044b\u043a\u043e\u0432 LNK, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043d\u0435\u0432\u0438\u0434\u0438\u043c\u044b \u0434\u043b\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f.\n\n\u041f\u043e \u043a\u0440\u0430\u0439\u043d\u0435\u0439 \u043c\u0435\u0440\u0435 11 APT \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043b\u0438 \u043d\u0443\u043b\u044c \u0434\u043b\u044f \u0441\u043e\u043a\u0440\u044b\u0442\u0438\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u0438\u043d\u0441\u0442\u0440\u0443\u043a\u0446\u0438\u0439 \u0432 \u0444\u0430\u0439\u043b\u0430\u0445 LNK. \n\nTrend Micro\u00a0\u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 \u043f\u043e\u0447\u0442\u0438 1000 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u0444\u0430\u0439\u043b\u043e\u0432 LNK, \u0437\u043b\u043e\u0443\u043f\u043e\u0442\u0440\u0435\u0431\u043b\u044f\u044e\u0449\u0438\u0445 \u044d\u0442\u043e\u0439 \u0442\u0435\u0445\u043d\u0438\u043a\u043e\u0439.\n\n\u041d\u043e \u0431\u043e\u043b\u044c\u0448\u0435 \u0432\u0441\u0435\u0433\u043e \u0443\u0434\u0438\u0432\u043b\u044f\u0435\u0442 Microsoft, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043e\u0442\u043a\u0430\u0437\u0430\u043b\u0430\u0441\u044c \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u043f\u043e\u0441\u043b\u0435 \u043e\u0442\u0447\u0435\u0442\u0430 Trend Micro \u0432 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u0435 \u043f\u0440\u043e\u0448\u043b\u043e\u0433\u043e \u0433\u043e\u0434\u0430. \u0412\u0438\u0434\u0438\u043c\u043e, \u043d\u0435 \u0441\u043e\u0433\u043b\u0430\u0441\u043e\u0432\u0430\u043b\u0438 \u043a\u0443\u0440\u0430\u0442\u043e\u0440\u044b.\n\n6. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 WordPress \u0441\u0442\u0430\u043d\u043e\u0432\u044f\u0442\u0441\u044f \u0432\u0441\u0435 \u043f\u0440\u043e\u0449\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c, \u043d\u0430 \u0447\u0442\u043e \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u044e\u0442 \u0432\u044b\u0432\u043e\u0434\u044b \u0438\u0437\u00a0\u043e\u0442\u0447\u0435\u0442\u0430 Patchstack \u0437\u0430 2024 \u0433\u043e\u0434.\n\n43% \u0432\u0441\u0435\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 WordPress, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0445 \u0432 \u043f\u0440\u043e\u0448\u043b\u043e\u043c \u0433\u043e\u0434\u0443, \u043d\u0435 \u0442\u0440\u0435\u0431\u043e\u0432\u0430\u043b\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0434\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438, \u0430 \u043f\u043e\u0434\u0430\u0432\u043b\u044f\u044e\u0449\u0435\u0435 \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u043e \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u043b\u043e \u043f\u043b\u0430\u0433\u0438\u043d\u044b, \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044f \u0442\u0435\u043d\u0434\u0435\u043d\u0446\u0438\u044e, \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u0432\u0448\u0443\u044e\u0441\u044f \u0432 \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0438\u0435 \u0433\u043e\u0434\u044b.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0431\u044b\u043b\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u043e \u043b\u0438\u0448\u044c \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043d\u043e \u0432\u0440\u0435\u043c\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0431\u044b\u043b\u043e \u043a\u043e\u0440\u043e\u0447\u0435, \u0447\u0435\u043c \u0432 \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0438\u0435 \u0433\u043e\u0434\u044b. \u041f\u043e \u0438\u0442\u043e\u0433\u0430\u043c \u0432\u0437\u043b\u043e\u043c\u0430\u043d\u043e \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u043b\u0443\u043c\u0438\u043b\u043b\u0438\u043e\u043d\u0430 \u0441\u0430\u0439\u0442\u043e\u0432 WordPress.\n\n7. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 PRODAFT \u0440\u0430\u0441\u043a\u0440\u044b\u043b\u0438 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438\u00a0\u0434\u0432\u0443\u0445 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 mySCADA myPRO, \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0434\u0438\u0441\u043f\u0435\u0442\u0447\u0435\u0440\u0441\u043a\u043e\u0433\u043e \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0438 \u0441\u0431\u043e\u0440\u0430 \u0434\u0430\u043d\u043d\u044b\u0445, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u0443\u044e \u0432 \u0441\u0440\u0435\u0434\u0430\u0445 OT, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u043c\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u043c\u0438.\n\n\u041e\u0431\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0441\u0432\u044f\u0437\u0430\u043d\u044b \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435\u043c \u043a\u043e\u043c\u0430\u043d\u0434 \u041e\u0421, \u043e\u0446\u0435\u043d\u0438\u0432\u0430\u044e\u0442\u0441\u044f \u043d\u0430 9,3 \u043f\u043e CVSS v4 \u0438 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u044e\u0442\u0441\u044f \u043a\u0430\u043a CVE-2025-20014 \u0438 CVE-2025-20061.\n\n\u0423\u0441\u043f\u0435\u0448\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043b\u044e\u0431\u043e\u0439 \u0438\u0437 \u0434\u0432\u0443\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432\u043d\u0435\u0434\u0440\u0438\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u044b \u0432 mySCADA PRO \u041c\u0435\u043d\u0435\u0434\u0436\u0435\u0440 1.3 \u0438 mySCADA PRO Runtime 9.2.1.", "creation_timestamp": "2025-03-20T18:30:07.000000Z"} https://vulnerability.circl.lu/sighting/a3392733-6433-41f5-b728-b01e53d44712/export Thu, 20 Mar 2025 18:30:07 +0000 f82a1544-ef74-4c78-add1-98d93ce4a613 https://vulnerability.circl.lu/sighting/f82a1544-ef74-4c78-add1-98d93ce4a613/export {"uuid": "f82a1544-ef74-4c78-add1-98d93ce4a613", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2006", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9537", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2006\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The Inline Image Upload for BBPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the file uploading functionality in all versions up to, and including, 1.1.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. This may be exploitable by unauthenticated attackers when the \"Allow guest users without accounts to create topics and replies\" setting is enabled.\n\ud83d\udccf Published: 2025-03-29T07:03:31.321Z\n\ud83d\udccf Modified: 2025-03-29T07:03:31.321Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/df09af41-399a-4878-8420-721f1198d895?source=cve\n2. https://plugins.trac.wordpress.org/browser/image-upload-for-bbpress/tags/1.1.19/bbp-image-upload.php#L136", "creation_timestamp": "2025-03-29T07:28:42.000000Z"} {"uuid": "f82a1544-ef74-4c78-add1-98d93ce4a613", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2006", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9537", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2006\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The Inline Image Upload for BBPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the file uploading functionality in all versions up to, and including, 1.1.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. This may be exploitable by unauthenticated attackers when the \"Allow guest users without accounts to create topics and replies\" setting is enabled.\n\ud83d\udccf Published: 2025-03-29T07:03:31.321Z\n\ud83d\udccf Modified: 2025-03-29T07:03:31.321Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/df09af41-399a-4878-8420-721f1198d895?source=cve\n2. https://plugins.trac.wordpress.org/browser/image-upload-for-bbpress/tags/1.1.19/bbp-image-upload.php#L136", "creation_timestamp": "2025-03-29T07:28:42.000000Z"} https://vulnerability.circl.lu/sighting/f82a1544-ef74-4c78-add1-98d93ce4a613/export Sat, 29 Mar 2025 07:28:42 +0000 d47a296c-8050-49f5-b780-213ad2096177 https://vulnerability.circl.lu/sighting/d47a296c-8050-49f5-b780-213ad2096177/export {"uuid": "d47a296c-8050-49f5-b780-213ad2096177", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2006", "type": "seen", "source": "Telegram/aF4xicIreuyE5yRRD33dmWV9qZXjTlaEQ3JU-sQx2NkHh1A", "content": "", "creation_timestamp": "2025-03-29T09:31:14.000000Z"} {"uuid": "d47a296c-8050-49f5-b780-213ad2096177", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2006", "type": "seen", "source": "Telegram/aF4xicIreuyE5yRRD33dmWV9qZXjTlaEQ3JU-sQx2NkHh1A", "content": "", "creation_timestamp": "2025-03-29T09:31:14.000000Z"} https://vulnerability.circl.lu/sighting/d47a296c-8050-49f5-b780-213ad2096177/export Sat, 29 Mar 2025 09:31:14 +0000 beb30cf7-10e7-44b7-afab-2c307541e07f https://vulnerability.circl.lu/sighting/beb30cf7-10e7-44b7-afab-2c307541e07f/export {"uuid": "beb30cf7-10e7-44b7-afab-2c307541e07f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2006", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114245088656993111", "content": "", "creation_timestamp": "2025-03-29T09:48:30.111328Z"} {"uuid": "beb30cf7-10e7-44b7-afab-2c307541e07f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2006", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114245088656993111", "content": "", "creation_timestamp": "2025-03-29T09:48:30.111328Z"} https://vulnerability.circl.lu/sighting/beb30cf7-10e7-44b7-afab-2c307541e07f/export Sat, 29 Mar 2025 09:48:30 +0000 ce843823-e484-4368-a95a-c13d7f6e168d https://vulnerability.circl.lu/sighting/ce843823-e484-4368-a95a-c13d7f6e168d/export {"uuid": "ce843823-e484-4368-a95a-c13d7f6e168d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2006", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114245088656993111", "content": "", "creation_timestamp": "2025-03-29T09:48:30.112537Z"} {"uuid": "ce843823-e484-4368-a95a-c13d7f6e168d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2006", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114245088656993111", "content": "", "creation_timestamp": "2025-03-29T09:48:30.112537Z"} https://vulnerability.circl.lu/sighting/ce843823-e484-4368-a95a-c13d7f6e168d/export Sat, 29 Mar 2025 09:48:30 +0000 16f00415-e284-46d0-a58f-e898dd5b3c4f https://vulnerability.circl.lu/sighting/16f00415-e284-46d0-a58f-e898dd5b3c4f/export {"uuid": "16f00415-e284-46d0-a58f-e898dd5b3c4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2006", "type": "seen", "source": "https://t.me/cvedetector/21506", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-2006 - \"BBPress Inline Image Upload Arbitrary File Upload Vulnerability\"\", \n \"Content\": \"CVE ID : CVE-2025-2006 \nPublished : March 29, 2025, 7:15 a.m. | 2\u00a0hours, 2\u00a0minutes ago \nDescription : The Inline Image Upload for BBPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the file uploading functionality in all versions up to, and including, 1.1.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. This may be exploitable by unauthenticated attackers when the \"Allow guest users without accounts to create topics and replies\" setting is enabled. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"29 Mar 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-29T10:28:57.000000Z"} {"uuid": "16f00415-e284-46d0-a58f-e898dd5b3c4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2006", "type": "seen", "source": "https://t.me/cvedetector/21506", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-2006 - \"BBPress Inline Image Upload Arbitrary File Upload Vulnerability\"\", \n \"Content\": \"CVE ID : CVE-2025-2006 \nPublished : March 29, 2025, 7:15 a.m. | 2\u00a0hours, 2\u00a0minutes ago \nDescription : The Inline Image Upload for BBPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the file uploading functionality in all versions up to, and including, 1.1.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. This may be exploitable by unauthenticated attackers when the \"Allow guest users without accounts to create topics and replies\" setting is enabled. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"29 Mar 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-29T10:28:57.000000Z"} https://vulnerability.circl.lu/sighting/16f00415-e284-46d0-a58f-e898dd5b3c4f/export Sat, 29 Mar 2025 10:28:57 +0000 bfac7bb7-8135-47b1-8e00-cb666ba58e07 https://vulnerability.circl.lu/sighting/bfac7bb7-8135-47b1-8e00-cb666ba58e07/export {"uuid": "bfac7bb7-8135-47b1-8e00-cb666ba58e07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20063", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lr466veqvn2q", "content": "", "creation_timestamp": "2025-06-08T15:22:57.873288Z"} {"uuid": "bfac7bb7-8135-47b1-8e00-cb666ba58e07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20063", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lr466veqvn2q", "content": "", "creation_timestamp": "2025-06-08T15:22:57.873288Z"} https://vulnerability.circl.lu/sighting/bfac7bb7-8135-47b1-8e00-cb666ba58e07/export Sun, 08 Jun 2025 15:22:57 +0000 8cdd8b7b-cadb-4766-af49-25586dda3eda https://vulnerability.circl.lu/sighting/8cdd8b7b-cadb-4766-af49-25586dda3eda/export {"uuid": "8cdd8b7b-cadb-4766-af49-25586dda3eda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20061", "type": "seen", "source": "MISP/02fb130c-7874-4693-9b66-81ed91a2e996", "content": "", "creation_timestamp": "2025-08-12T13:33:28.000000Z"} {"uuid": "8cdd8b7b-cadb-4766-af49-25586dda3eda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20061", "type": "seen", "source": "MISP/02fb130c-7874-4693-9b66-81ed91a2e996", "content": "", "creation_timestamp": "2025-08-12T13:33:28.000000Z"} https://vulnerability.circl.lu/sighting/8cdd8b7b-cadb-4766-af49-25586dda3eda/export Tue, 12 Aug 2025 13:33:28 +0000 81450941-294e-4e70-b7f6-304884d76c4f https://vulnerability.circl.lu/sighting/81450941-294e-4e70-b7f6-304884d76c4f/export {"uuid": "81450941-294e-4e70-b7f6-304884d76c4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20061", "type": "seen", "source": "MISP/02fb130c-7874-4693-9b66-81ed91a2e996", "content": "", "creation_timestamp": "2025-08-21T03:19:27.000000Z"} {"uuid": "81450941-294e-4e70-b7f6-304884d76c4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20061", "type": "seen", "source": "MISP/02fb130c-7874-4693-9b66-81ed91a2e996", "content": "", "creation_timestamp": "2025-08-21T03:19:27.000000Z"} https://vulnerability.circl.lu/sighting/81450941-294e-4e70-b7f6-304884d76c4f/export Thu, 21 Aug 2025 03:19:27 +0000 fe5c0aa7-90db-4be2-9be2-8874bac2922b https://vulnerability.circl.lu/sighting/fe5c0aa7-90db-4be2-9be2-8874bac2922b/export {"uuid": "fe5c0aa7-90db-4be2-9be2-8874bac2922b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20060", "type": "seen", "source": "MISP/af1fbe07-e10c-40c4-844e-d4419bdf6f80", "content": "", "creation_timestamp": "2025-08-22T13:26:18.000000Z"} {"uuid": "fe5c0aa7-90db-4be2-9be2-8874bac2922b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20060", "type": "seen", "source": "MISP/af1fbe07-e10c-40c4-844e-d4419bdf6f80", "content": "", "creation_timestamp": "2025-08-22T13:26:18.000000Z"} https://vulnerability.circl.lu/sighting/fe5c0aa7-90db-4be2-9be2-8874bac2922b/export Fri, 22 Aug 2025 13:26:18 +0000