Security Vulnerabilities - CVEs Published In January 2025
RE11S v1.11 was discovered to contain a command injection vulnerability via the component /goform/formAccept.
CVSS Score
9.8
EPSS Score
0.008
Published
2025-01-16
RE11S v1.11 was discovered to contain a stack overflow via the rootAPmac parameter in the formStaDrvSetup function.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-01-16
RE11S v1.11 was discovered to contain a stack overflow via the pppUserName parameter in the formPPPoESetup function.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-01-16
The The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.43. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-01-16
In Phiewer 4.1.0, a dylib injection leads to Command Execution which allow attackers to inject dylib file potentially leading to remote control and unauthorized access to sensitive user data.
CVSS Score
3.3
EPSS Score
0.02
Published
2025-01-15
An issue in termius before v.9.9.0 allows a local attacker to execute arbitrary code via a crafted script to the DYLD_INSERT_LIBRARIES component.
CVSS Score
3.3
EPSS Score
0.015
Published
2025-01-15
SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role.
CVSS Score
9.9
EPSS Score
0.002
Published
2025-01-15
CVE-2024-57727
SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing various secrets and hashed user passwords.
Known exploited
CVSS Score
7.5
EPSS Score
0.939
Published
2025-01-15
SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user.
CVSS Score
7.2
EPSS Score
0.005
Published
2025-01-15
A vulnerability classified as critical was found in Fanli2012 native-php-cms 1.0. This vulnerability affects unknown code of the file /fladmin/friendlink_dodel.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-01-15