New assessment for topic: CVE-2025-34152

Topic description: "An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) via the 'time' parameter of the '/protocol.csp?' endpoint ..."

"[CVE-2025-34152](https://nvd.nist.gov/vuln/detail/CVE-2025-34152) is a critical unauthenticated OS command injection vulnerability affecting the Shenzhen Aitemi M300 (MT02) Wi-Fi repeater ..."

Link: https://attackerkb.com/assessments/f9232c59-7c73-4a11-be35-41796596deb5

New assessment for topic: CVE-2024-5805

Topic description: "Improper Authentication vulnerability in Progress MOVEit Gateway (SFTP modules) allows Authentication Bypass.This issue affects MOVEit Gateway: 2024.0.0. ..."

"[CVE-2024-5805](https://community.progress.com/s/article/MOVEit-Gateway-Critical-Security-Alert-Bulletin-June-2024-CVE-2024-5805) is a critical SFTP authentication bypass vulnerability affecting Progress [MOVEit Gateway](https://community.progress.com/s/article/Gateway-Overview), an optional DMZ proxy designed to be used with the MOVEit Transfer file sharing software ..."

Link: https://attackerkb.com/assessments/ea949df7-483a-458b-917b-683e0f53521a

New assessment for topic: CVE-2025-57791

Topic description: "An issue was discovered in Commvault before 11.36.60 ..."

"[CVE-2025-57791](https://documentation.commvault.com/securityadvisories/CV_2025_08_1.html) is a highly impactful unauthenticated argument injection vulnerability affecting Commvault for Windows and Linux ..."

Link: https://attackerkb.com/assessments/3265b8b6-674f-438b-a33d-e092ac4bbfbc

New assessment for topic: CVE-2025-57788

Topic description: "An issue was discovered in Commvault before 11.36.60 ..."

"CVE-2025-57788 is [a medium-severity vulnerability in Commvault](https://documentation.commvault.com/securityadvisories/CV_2025_08_3.html) for Windows and Linux, affecting the web service ..."

Link: https://attackerkb.com/assessments/ab3c1929-9e46-4a88-8c8e-7e4e22474aba

New assessment for topic: CVE-2025-42957

Topic description: "SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC ..."

"A low-privileged SAP user who can invoke the vulnerable RFC function can inject arbitrary ABAP, bypassing critical auth checks and achieving administrative control over SAP S/4HANA; pivot to the underlying host is feasible. ..."

Link: https://attackerkb.com/assessments/9e4b5480-8085-4545-a60b-a224b42105c1

New assessment for topic: CVE-2023-29059

Topic description: "3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023 ..."

"CVE-2023-29059 is a supply chain attack that [targeted systems in the wild](https://www.rapid7.com/blog/post/2023/03/30/backdoored-3cxdesktopapp-installer-used-in-active-threat-campaign/) in March, 2023, via infected 3CX DesktopApp Electron application packages ..."

Link: https://attackerkb.com/assessments/4b37df41-d0ef-4199-bd3c-a19e6be4dbf7

New assessment for topic: CVE-2025-53693

Topic description: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Cache Poisoning.This issue affects Sitecore Experience Manager (XM): from 9.0 through 9.3, from 10.0 through 10.4; Experience Platform (XP): from 9.0 through 9.3, from 10.0 through 10.4. ..."

"CVE-2025-53693 is an unauthenticated server-side cache poisoning vulnerability affecting Sitecore Experience Manager and Sitecore Experience Platform ..."

Link: https://attackerkb.com/assessments/3d97308e-ef14-4f17-a30b-84550e8c8f69

New assessment for topic: CVE-2025-50154

Topic description: "Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. ..."

"CVE-2025-50154 is easy to exploit ..."

Link: https://attackerkb.com/assessments/29dae763-b740-4740-bd8f-c048380ccc59

New assessment for topic: CVE-2023-28459

Topic description: "pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature) ..."

"Pretalx is a web-based conference planning tool used to manage call for papers (CfP) submissions, select talks, communicate with speakers, and publish conference schedules ..."

Link: https://attackerkb.com/assessments/9366f871-5537-409f-ac6a-6b0013fd3bfb

New assessment for topic: CVE-2024-32019

Topic description: "Netdata is an open source observability tool ..."

"Netdata is an open-source observability tool that contains a designated tool to run a set of defined commands with elevated privileges ..."

Link: https://attackerkb.com/assessments/2d9e32c1-bf84-4cea-a07f-dca060dc86bf

New assessment for topic: CVE-2025-7775

Topic description: "Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server ..."

"Based on the vendors CVSS rating of [9.2 Critical](https://www.first.org/cvss/calculator/4-0#CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L), we know this is unauthenticated, however the complexity rating is given as high and the attack requirements is given as being present, (i.e ..."

Link: https://attackerkb.com/assessments/4e09b69a-f48c-4c6c-be6e-8fc1d783cd7b

New assessment for topic: CVE-2025-49619

Topic description: "Skyvern through 0.1.85 is vulnerable to server-side template injection (SSTI) in the Prompt field of workflow blocks such as the Navigation v2 Block ..."

"On June 7th, CVE-2025-49619 was published, alongside a [write-up](https://cristibtz.blog/posts/CVE-2025-49619/) ..."

Link: https://attackerkb.com/assessments/fcb4d7e0-b562-4515-9a78-4f40640308f2

New assessment for topic: CVE-2024-51981

Topic description: "An unauthenticated attacker may perform a blind server side request forgery (SSRF), due to a CLRF injection issue that can be leveraged to perform HTTP request smuggling ..."

"A Server Side Request Forgery (SSRF) vulnerability exists due to how the Brother firmware handles Web Services Eventing (WS-Eventing) subscriptions ..."

Link: https://attackerkb.com/assessments/fa5c2bf7-82ec-44cc-8808-d8647ae037d4

New assessment for topic: CVE-2025-1094

Topic description: "Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns ..."

"An attacker can inject unexpected UTF-8 characters, such as `\xC0` into a string that is correctly escaped via the PSQL escaping routines, such as `pg_escape_string` ..."

Link: https://attackerkb.com/assessments/74e38297-224a-4205-beb2-c5cef31d2ecf

New assessment for topic: CVE-2024-51977

Topic description: "An unauthenticated attacker who can access either the HTTP service (TCP port 80), the HTTPS service (TCP port 443), or the IPP service (TCP port 631), can leak several pieces of sensitive information from a vulnerable device ..."

"An unauthenticated attacker who can access either the HTTP service (Port 80), the HTTPS service (Port 443), or the IPP service (Port 631), can leak several pieces of information from a vulnerable device ..."

Link: https://attackerkb.com/assessments/d00cbb64-c04d-4317-9f35-c201a4aa5733

New assessment for topic: CVE-2024-51979

Topic description: "An authenticated attacker may trigger a stack based buffer overflow by performing a malformed request to either the HTTP service (TCP port 80), the HTTPS service (TCP port 443), or the IPP service (TCP port 631) ..."

"An authenticated stack-based buffer overflow exists in the printers HTTP server ..."

Link: https://attackerkb.com/assessments/aa600177-e69d-4eba-810a-f317d2ddb369

New assessment for topic: CVE-2024-51980

Topic description: "An unauthenticated attacker may perform a limited server side request forgery (SSRF), forcing the target device to open a TCP connection to an arbitrary port number on an arbitrary IP address ..."

"A Server Side Request Forgery (SSRF) vulnerability exists due to how the Brother firmware handles Web Services Addressing (WS-Addressing) during SOAP requests to the SOAP service over HTTP (TCP port 80) ..."

Link: https://attackerkb.com/assessments/686ad46c-d2c3-4116-b31e-010e695ba288

New assessment for topic: CVE-2024-51982

Topic description: "An unauthenticated attacker who can connect to TCP port 9100 can issue a Printer Job Language (PJL) command that will crash the target device ..."

"An unauthenticated attacker who can connect to TCP port 9100 can issue a Printer Job Language (PJL) command that will crash the target device ..."

Link: https://attackerkb.com/assessments/f29cd000-e191-42dd-ab80-271c3eef8c2d

New assessment for topic: CVE-2024-51983

Topic description: "An unauthenticated attacker who can connect to the Web Services feature (HTTP TCP port 80) can issue a WS-Scan SOAP request containing an unexpected JobToken value which will crash the target device ..."

"The device’s Web Services feature operates over HTTP (Port 80) and accepts an XML-based SOAP request ..."

Link: https://attackerkb.com/assessments/9b5204d1-0cb0-4d9c-a7ae-97199dd23d80

New assessment for topic: CVE-2024-51984

Topic description: "An authenticated attacker can reconfigure the target device to use an external service (such as LDAP or FTP) controlled by the attacker ..."

"An affected device allows for multiple external services to be configured for use by the device, such as LDAP, FTP, SFTP, and SharePoint ..."

Link: https://attackerkb.com/assessments/ded3c328-b080-4b18-b7f3-4df3838bdd18