Tag: 2025-01-13

3 Attack Reports | 108 Vulnerabilities

Attack reports

Russia-nexus APT possibly related to APT28 conducts cyber espionage on Central Asia and Kazakhstan diplomatic relations

A cyber espionage campaign targeting Central Asian countries, particularly Kazakhstan's external relations, has been uncovered. The campaign, attributed to the Russia-aligned intrusion set UAC-0063, uses a sophisticated infection chain called Double-Tap to deliver the HATVIBE and CHERRYSPY malware.…
apt28
cyber espionage
2025-01-13
kazakhstan
cherryspy
diplomatic
central asia
double-tap
hatvibe
Published: January 13, 2025
Downloadable IOCs: 12

Infostealer LummaC2 Spreading Through Fake CAPTCHA Verification Page

A new distribution method for the LummaC2 infostealer malware has been identified, using a fake CAPTCHA verification page. The process begins with a deceptive authentication screen that copies a malicious command to the clipboard when users click 'I'm not a robot'. This command executes an obfuscat…
obfuscation
phishing
powershell
lummac2
infostealer
cryptocurrency
captcha
2025-01-13
clipbanker
Published: January 13, 2025
Downloadable IOCs: 4

Exploitation in the Wild of Aviatrix Controller RCE (CVE-2024-50603)

A critical code execution vulnerability, CVE-2024-50603, affecting Aviatrix Controller has been observed being exploited in the wild. This unauthenticated remote code execution flaw allows attackers to execute arbitrary commands on the system, potentially leading to privilege escalation in AWS envi…
backdoor
xmrig
sliver
cloud security
cryptojacking
privilege escalation
aws
rce
CVE-2024-50603
2025-01-13
aviatrix controller
Published: January 13, 2025
Downloadable IOCs: 6
Click here to see more Attack Reports

Vulnerabilities

CVE-2024-46479

9.9
    Venki Supravizio BPM
  • Version(s): through 18.0.1
Published: January 13, 2025

CVE-2025-22777

9.8
    GiveWP
  • Version(s): from n/a through 3.19.3
Published: January 13, 2025

CVE-2024-5743

9.8
    Eve Play
  • Version(s): through 1.1.42
Published: January 13, 2025

CVE-2024-46310

9.1
    FXServer
  • Version(s): v9601 and earlier
Published: January 13, 2025

CVE-2024-57811

9.1
    Eaton X303
  • Version(s): 3.5.16 - 3.5.17 Build 712
Published: January 13, 2025

CVE-2024-47897

8.8
    UNKNOWN
Published: January 13, 2025

CVE-2023-42228

8.8
    Pat Infinite Solutions HelpdeskAdvanced
  • Version(s): <= 11.0.33
Published: January 13, 2025

CVE-2023-42244

8.8
    Selesta Visual Access Manager (VAM)
  • Version(s): before 4.42.2
Published: January 13, 2025

CVE-2024-47796

8.4
    OFFIS DCMTK
  • Version(s): 3.6.8
Published: January 13, 2025

CVE-2024-52333

8.4
    OFFIS DCMTK
  • Version(s): 3.6.8
Published: January 13, 2025

CVE-2024-46480

8.4
    Venki Supravizio BPM
  • Version(s): up to 18.0.1
Published: January 13, 2025

CVE-2023-42231

8.1
    Pat Infinite Solutions HelpdeskAdvanced
  • Version(s): <= 11.0.33
Published: January 13, 2025

CVE-2025-0412

7.8
    Luxion KeyShot Viewer
Published: January 13, 2025

CVE-2024-52938

7.8
    Unknown
Published: January 13, 2025

CVE-2024-11128

7.8
    Bitdefender
  • Virus Scanner
Published: January 13, 2025

CVE-2024-12274

7.5
    Appointment Booking Calendar Plugin
  • Version(s): before 1.1.23
    Scheduling Plugin WordPress plugin
  • Version(s): before 1.1.23
Published: January 13, 2025

CVE-2025-22963

7.5
    Teedy
  • Version(s): 1.11 and earlier
Published: January 13, 2025

CVE-2023-42225

7.5
    Pat Infinite Solutions HelpdeskAdvanced
  • Version(s): <= 11.0.33
Published: January 13, 2025

CVE-2023-42226

7.5
    Pat Infinite Solutions HelpdeskAdvanced
  • Version(s): <= 11.0.33
Published: January 13, 2025

CVE-2023-42227

7.5
    Pat Infinite Solutions HelpdeskAdvanced
  • Version(s): <= 11.0.33
Published: January 13, 2025

CVE-2023-42232

7.5
    Pat Infinite Solutions HelpdeskAdvanced
  • Version(s): <= 11.0.33
Published: January 13, 2025

CVE-2024-46481

7.2
    Venki Supravizio BPM
  • Version(s): up to 18.1.1
Published: January 13, 2025

CVE-2024-47894

7.1
    UNKNOWN
Published: January 13, 2025

CVE-2024-47895

7.1
    UNKNOWN
Published: January 13, 2025

CVE-2024-56065

7.1
    WP2LEADS
  • Version(s): from n/a, 3.4.2
Published: January 13, 2025

CVE-2024-56301

7.1
    Eniture Technology Distance Based Shipping Calculator
  • Version(s): n/a, 2.0.21
Published: January 13, 2025

CVE-2025-22314

7.1
    WP Scripts Food Store – Online Food Delivery & Pickup
  • Version(s): n/a, 1.5.1
Published: January 13, 2025

CVE-2025-22337

7.1
    Order Audit Log for WooCommerce
  • Version(s): n/a, 2.0
Published: January 13, 2025

CVE-2025-22344

7.1
    Media Category Library
  • Version(s): from n/a, 2.7
Published: January 13, 2025

CVE-2025-22498

7.1
    LucidLMS
  • Version(s): n/a, 1.0.5
Published: January 13, 2025

CVE-2025-22499

7.1
    FAKTOR VIER F4 Post Tree
  • Version(s): n/a, 1.1.18
Published: January 13, 2025

CVE-2025-22506

7.1
    SmartAgenda
  • Version(s): n/a, 4.7
Published: January 13, 2025

CVE-2025-22514

7.1
    Yamna Tatheer KNR Author List Widget
  • Version(s): n/a, 3.1.1
Published: January 13, 2025

CVE-2025-22567

7.1
    TRUSTist REVIEWer
  • Version(s): n/a, 2.0
Published: January 13, 2025

CVE-2025-22568

7.1
    Post And Page Reactions
  • Version(s): n/a, 1.0.5
Published: January 13, 2025

CVE-2025-22569

7.1
    Featured Page Widget
  • Version(s): from n/a through 2.2
Published: January 13, 2025

CVE-2025-22570

7.1
    Miloš Đekić Inline Tweets
  • Version(s): n/a, 2.0
Published: January 13, 2025

CVE-2025-22576

7.1
    Site PIN
  • Version(s): n/a, 1.3
Published: January 13, 2025

CVE-2025-22583

7.1
    Scan External Links
  • Version(s): n/a, 1.0
Published: January 13, 2025

CVE-2025-22586

7.1
    WPEX Replace DB Urls
  • Version(s): from n/a through 0.4.0
Published: January 13, 2025

CVE-2025-22588

7.1
    Scanventory
  • Version(s): n/a, 1.1.3
Published: January 13, 2025

CVE-2024-52937

6.7
    UNKNOWN
Published: January 13, 2025

CVE-2024-54999

6.5
    MonicaHQ
  • Version(s): 4.1.2
Published: January 13, 2025

CVE-2024-57487

6.5
    Code-Projects Online Car Rental System
  • Version(s): 1.0
Published: January 13, 2025

CVE-2024-57488

6.5
    Online Car Rental System
  • Version(s): 1.0
Published: January 13, 2025

CVE-2024-46920

6.5
    Samsung Mobile Processor Exynos 9820
Published: January 13, 2025

CVE-2024-46921

6.5
    Samsung Mobile Processor and Modem Exynos
  • Version(s): 9820, 9825, 980, 990, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W1000, Modem 5123, Modem 5300, Modem 5400
Published: January 13, 2025

CVE-2023-42229

6.5
    Pat Infinite Solutions HelpdeskAdvanced
  • Version(s): <= 11.0.33
Published: January 13, 2025

CVE-2023-42248

6.5
    Selesta Visual Access Manager (VAM)
  • Version(s): before 4.42.2
Published: January 13, 2025

CVE-2025-0402

6.3
    UNKNOWN
Published: January 13, 2025

CVE-2025-0404

6.3
    liujianview gymxmjpa
  • Version(s): 1.0
Published: January 13, 2025

CVE-2025-0405

6.3
    UNKNOWN
Published: January 13, 2025

CVE-2025-0406

6.3
    liujianview gymxmjpa
  • Version(s): 1.0
Published: January 13, 2025

CVE-2025-0407

6.3
    UNKNOWN
Published: January 13, 2025

CVE-2025-0408

6.3
    liujianview gymxmjpa
  • Version(s): 1.0
Published: January 13, 2025

CVE-2025-0409

6.3
    liujianview gymxmjpa
  • Version(s): 1.0
Published: January 13, 2025

CVE-2025-0410

6.3
    liujianview gymxmjpa
  • Version(s): 1.0
Published: January 13, 2025

CVE-2024-44771

6.1
    BigId PrivacyPortal
  • Version(s): v179
Published: January 13, 2025

CVE-2025-23026

6.1
    jte (Java Template Engine)
  • Version(s): <= 3.1.15
Published: January 13, 2025

CVE-2023-42230

6.1
    Pat Infinite Solutions HelpdeskAdvanced
  • Version(s): <= 11.0.33
Published: January 13, 2025

CVE-2023-42233

6.1
    Pat Infinite Solutions HelpdeskAdvanced
  • Version(s): <= 11.0.33
Published: January 13, 2025

CVE-2023-42245

6.1
    Selesta Visual Access Manager
  • Version(s): < 4.42.2
Published: January 13, 2025

CVE-2023-42246

6.1
    Selesta Visual Access Manager
  • Version(s): before 4.42.2
Published: January 13, 2025

CVE-2023-42247

6.1
    Selesta Visual Access Manager
  • Version(s): < 4.42.2
Published: January 13, 2025

CVE-2023-42249

6.1
    Selesta Visual Access Manager
  • Version(s): before 4.42.2
Published: January 13, 2025

CVE-2023-42250

6.1
    Selesta Visual Access Manager
  • Version(s): before 4.42.2
Published: January 13, 2025

CVE-2024-12211

5.4
    Pega Platform
  • Version(s): 8.1 to Infinity 24.2.0
Published: January 13, 2025

CVE-2023-42234

5.4
    Pat Infinite Solutions HelpdeskAdvanced
  • Version(s): <= 11.0.33
Published: January 13, 2025

CVE-2023-42243

5.4
    Selesta Visual Access Manager
  • Version(s): < 4.42.2
Published: January 13, 2025

CVE-2025-0401

5.3
    UNKNOWN
Published: January 13, 2025

CVE-2025-0403

5.3
    1902756969 reggie
  • Version(s): 1.0
Published: January 13, 2025

CVE-2024-46919

5.3
    Samsung Exynos processors
Published: January 13, 2025

CVE-2024-11636

4.8
    Email Subscribers by Icegram Express WordPress plugin
  • Version(s): before 5.7.45
Published: January 13, 2025

CVE-2024-12566

4.8
    Email Subscribers by Icegram Express WordPress plugin
  • Version(s): before 5.7.45
Published: January 13, 2025

CVE-2024-12567

4.8
    Email Subscribers by Icegram Express WordPress plugin
  • Version(s): before 5.7.45
Published: January 13, 2025

CVE-2024-12568

4.8
    Email Subscribers by Icegram Express WordPress plugin
  • Version(s): before 5.7.45
Published: January 13, 2025

CVE-2024-52936

4.4
    UNKNOWN
Published: January 13, 2025

CVE-2025-22828

4.3
    Apache CloudStack
  • Version(s): 4.16.0
Published: January 13, 2025

CVE-2025-22800

4.3
    Post SMTP
  • Version(s): n/a - 2.9.11
Published: January 13, 2025

CVE-2024-48883

4.3
    Samsung Mobile Processor, Wearable Processor, Modem
  • Version(s): Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300
Published: January 13, 2025

CVE-2024-6352

4.3
    Ember ZNet stack
Published: January 13, 2025

CVE-2025-22134

4.2
    Vim
  • Version(s): 9.1.1003
Published: January 13, 2025

CVE-2024-52935

4.1
    UNKNOWN
Published: January 13, 2025

CVE-2024-56138

4.0
    notation-go
  • Version(s): 1.3.0-rc.2 and below
Published: January 13, 2025

CVE-2023-42235

3.8
    Selesta Visual Access Manager (VAM)
  • Version(s): before 4.42.2
Published: January 13, 2025

CVE-2023-42236

3.8
    Selesta Visual Access Manager (VAM)
  • Version(s): before 4.42.2
Published: January 13, 2025

CVE-2023-42237

3.8
    Selesta Visual Access Manager (VAM)
  • Version(s): before 4.42.2
Published: January 13, 2025

CVE-2023-42238

3.8
    Selesta Visual Access Manager (VAM)
  • Version(s): before 4.42.2
Published: January 13, 2025

CVE-2023-42239

3.8
    Selesta Visual Access Manager (VAM)
  • Version(s): before 4.42.2
Published: January 13, 2025

CVE-2023-42240

3.8
    Selesta Visual Access Manager (VAM)
  • Version(s): before 4.42.2
Published: January 13, 2025

CVE-2023-42241

3.8
    Selesta Visual Access Manager (VAM)
  • Version(s): before 4.42.2
Published: January 13, 2025

CVE-2023-42242

3.8
    Selesta Visual Access Manager (VAM)
  • Version(s): before 4.42.2
Published: January 13, 2025

CVE-2024-51491

3.3
    notation-go
  • Version(s): 1.3.0-rc.2
Published: January 13, 2025

CVE-2024-51728

None
    UNKNOWN
Published: January 13, 2025

CVE-2025-22142

None
    NamelessMC
  • Version(s): 2.1.3
Published: January 13, 2025

CVE-2025-22144

None
    NamelessMC
  • Version(s): 2.1.3
Published: January 13, 2025

CVE-2025-23027

None
    next-forge
Published: January 13, 2025

CVE-2024-13154

None
    UNKNOWN
Published: January 13, 2025

CVE-2024-13324

None
    UNKNOWN
Published: January 13, 2025

CVE-2025-22138

None
    @codidact/qpixel
Published: January 13, 2025

CVE-2025-22613

None
    WeGIA
  • Version(s): 3.2.6
Published: January 13, 2025

CVE-2025-22614

None
    WeGIA
  • Version(s): 3.2.6
Published: January 13, 2025

CVE-2025-22615

None
    WeGIA
  • Version(s): 3.2.6
Published: January 13, 2025

CVE-2025-22616

None
    WeGIA
  • Version(s): 3.2.6
Published: January 13, 2025

CVE-2025-22617

None
    WeGIA
  • Version(s): 3.2.7 and above
Published: January 13, 2025

CVE-2025-22618

None
    WeGIA
  • Version(s): 3.2.6
Published: January 13, 2025

CVE-2025-22619

None
    WeGIA
  • Version(s): 3.2.6
Published: January 13, 2025

CVE-2024-56323

None
    OpenFGA
  • Version(s): 1.3.8, 1.8.2
Published: January 13, 2025
Click here to see more Vulnerabilities