New assessment for topic: CVE-2025-47957

Topic description: "Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. ..."

"# Software: https://www.microsoft.com/en/microsoft-365/excel?market=af ..."

Link: https://attackerkb.com/assessments/4f9ad32a-1fc4-440e-b270-9d21cce44bf0

New assessment for topic: CVE-2025-4653

Topic description: "Improper Neutralization of Special Elements in the backup name field may allow OS command injection ..."

"I recently opened another box of Pandora ;-) and found some vulnerabilities. ..."

Link: https://attackerkb.com/assessments/5b2df46c-e99c-4e86-8fe9-22b639c85a47

New assessment for topic: CVE-2025-27751

Topic description: "Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. ..."

"# Software: https://www.microsoft.com/en/microsoft-365/excel?market=af ..."

Link: https://attackerkb.com/assessments/aad43a7e-ca5a-469b-8fa7-b041e4b0861f

New assessment for topic: CVE-2025-33053

Topic description: "External control of file name or path in WebDAV allows an unauthorized attacker to execute code over a network. ..."

"CVE-2025-33053 is a zero-day vulnerability that enables remote code execution (RCE) through abuse of how Windows processes resolve executable paths relative to the working directory ..."

Link: https://attackerkb.com/assessments/31876429-6c7c-4d98-9458-6805bedbbb56

New assessment for topic: CVE-2025-33073

Topic description: "Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network. ..."

"CVE-2025-33073 is a logical flaw in the Windows SMB client that enables authenticated remote attackers to achieve SYSTEM-level command execution by bypassing long-standing NTLM reflection mitigations ..."

Link: https://attackerkb.com/assessments/b38be88a-6d03-4442-8582-8e185caac3a5

New assessment for topic: CVE-2025-41646

Topic description: "An unauthorized remote attacker can bypass the authentication of the affected software package by misusing an incorrect type conversion ..."

"< if ( (($objLoginData->ownPW == "") && (md5($defaultPW[0]) == $hashcode) ) || ..."

Link: https://attackerkb.com/assessments/ee73eaf9-b173-4c60-8b1b-f0e7d6b22152

New assessment for topic: CVE-2025-48734

Topic description: "Improper Access Control vulnerability in Apache Commons. ..."

"On May 28 2025, Apache posted an [advisory](https://www.openwall.com/lists/oss-security/2025/05/28/6) to the OSS Security mailing list warning that Apache Commons BeanUtils versions 1.x before 1.11.0 and 2.x before 2.0.0-M2 were vulnerable to insecure access to the Java Classloader via exposed enum properties, namely the `declaredClass` property ..."

Link: https://attackerkb.com/assessments/1d98f952-f6f1-475a-8646-74062d040247

New assessment for topic: CVE-2025-41232

Topic description: "Spring Security Aspects may not correctly locate method security annotations on private methods ..."

"On May 19 2025, Spring released an [advisory](https://spring.io/security/cve-2025-41232) warning that Spring Security versions before `6.4.6` were vulnerable to a flaw in how Spring security annotations were identified and processed, that could lead to annotations being ignored on private methods, potentially leading to authorization bypasses on those private methods ..."

Link: https://attackerkb.com/assessments/c3734c78-c018-4e5f-9c70-b5f3c074a411

New Rapid7 Analysis on AttackerKB topic: CVE-2024-58136

"Yii framework is a component-based MVC web application framework, providing developers with the building blocks to create complex web applications including modules for authentication, database access, REST etc ..."

Link: https://attackerkb.com/topics/622fff34-7ccf-4193-8a78-60e6b21d8811

New assessment for topic: CVE-2025-4427

Topic description: "An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API. ..."

"On May 13, 2025, Ivanti [published an advisory](https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM?language=en_US) for [CVE-2025-4427](https://nvd.nist.gov/vuln/detail/CVE-2025-4427), a high severity authentication bypass in Ivanti Endpoint Manager Mobile (EPMM) ..."

Link: https://attackerkb.com/assessments/ef99e5bd-b83c-485a-9841-e0d54a7d4650

New assessment for topic: CVE-2025-4428

Topic description: "Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests. ..."

"On May 13, 2025, Ivanti [published an advisory](https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM?language=en_US) for [CVE-2025-4428](https://nvd.nist.gov/vuln/detail/CVE-2025-4428), a high-privilege expression language server-side template injection vulnerability in Ivanti Endpoint Manager Mobile (EPMM) ..."

Link: https://attackerkb.com/assessments/a8195fc7-566e-4ad2-9926-3101a8e4d0f8

New assessment for topic: CVE-2023-41425

Topic description: "Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component. ..."

"On November 5th, WonderCMS released version 3.4.3, which addresses vulnerability CVE-2023-41425 - a reflected cross-site scripting vulnerability ..."

Link: https://attackerkb.com/assessments/7540246c-ba79-4cb1-8fed-0407049ba2b0

New assessment for topic: CVE-2025-3096

Topic description: "Clinic’s Patient Management System versions 2.0 suffers from a SQL injection vulnerability in the login page. ..."

"Clinic Patient Management System (CPMS) 2.0 is a management system written in PHP to control and manage patients and their health information ..."

Link: https://attackerkb.com/assessments/4dc1dd4e-1815-4515-a096-1fed078d0c83

New assessment for topic: CVE-2024-58136

Topic description: "Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025. ..."

"On the April 9 2025, Yii released an advisory warning that Yii framework versions before `2.0.52` were susceptible to Unsafe Reflection, with this CVE essentially a patch bypass of `CVE-2024-4990` ..."

Link: https://attackerkb.com/assessments/e6d2c5ff-8653-41a3-acf1-882330960fe1

New assessment for topic: CVE-2025-22457

Topic description: "A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution. ..."

"[metadata only] ..."

Link: https://attackerkb.com/assessments/699141dd-fa5f-4a99-ae53-8b385bfdebc0

New assessment for topic: CVE-2025-25065

Topic description: "SSRF vulnerability in the RSS feed parser in Zimbra Collaboration 9.0.0 before Patch 43, 10.0.x before 10.0.12, and 10.1.x before 10.1.4 allows unauthorized redirection to internal network endpoints. ..."

"On the 17th December 2024, Zimbra released an [advisory](https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.4#Security_Fixes) warning that Zimbra versions before 10.1.4 were susceptible to Server-Side Request Forgery (SSRF) via the RSS feed parser ..."

Link: https://attackerkb.com/assessments/3a9053d9-8891-4e66-8d99-af387e965048

New assessment for topic: CVE-2025-32354

Topic description: "In Zimbra Collaboration (ZCS) 9.0 through 10.1, a Cross-Site Request Forgery (CSRF) vulnerability exists in the GraphQL endpoint (/service/extension/graphql) of Zimbra webmail due to a lack of CSRF token validation ..."

"On the 17th December 2024, Zimbra released an [advisory](https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.4#Security_Fixes) warning that Zimbra versions before `10.1.4` were susceptible to Cross-Site Request Forgery (CSRF) attacks on an exposed GraphQL endpoint ..."

Link: https://attackerkb.com/assessments/48571868-d8f5-4408-8e24-b7ccec2ef7e3

New assessment for topic: CVE-2025-30406

Topic description: "Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025 ..."

"[metadata only] ..."

Link: https://attackerkb.com/assessments/25edbe02-53c3-4f7b-9993-e57282580766

New assessment for topic: CVE-2024-38475

Topic description: "Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure ..."

"SonicWall [updated a 2024 advisory](https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0018) to note that this third-party vulnerability is being exploited in the wild in their SMA100 devices ..."

Link: https://attackerkb.com/assessments/306036ec-fc18-46f2-91b8-d8c5391031c5

New assessment for topic: CVE-2025-3935

Topic description: "ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code injection attack ..."

"On the 24th April 2025 Connectwise released an advisory warning that ScreenConnect versions before `25.2.3` were susceptible to ViewState code injection attacks, if an attacker had privileged access and hence access to the machine keys defined in application config ..."

Link: https://attackerkb.com/assessments/cd141f73-7686-4848-b0cd-2893225b446b