Julien Ahrens

**Name of the Vulnerable Software and Affected Versions** Stackfield Desktop App versions prior to 1.10.2 **Description** A path traversal issue exists in the decryption functionality when processing the `filePath` property. This allows a malicious export to write arbitrary content to any path on the victim's filesystem, which can lead to remote code execution (RCE), a state where an attacker can execute arbitrary commands on the target machine. **Recommendations** Update to version 1.10.2 or later.

**Name of the Vulnerable Software and Affected Versions** Consul versions prior to 1.22.0 Consul Enterprise versions prior to 1.22.0 Consul Enterprise version 1.21.6 Consul Enterprise version 1.20.8 Consul Enterprise version 1.18.12 **Description** The key/value endpoint in Consul and Consul Enterprise is susceptible to a denial of service (DoS) condition. This is caused by improper validation of the Content Length header. **Recommendations** Update to Consul Community Edition 1.22.0 or later. Update to Consul Enterprise 1.22.0 or later. Update to Consul Enterprise 1.21.6. Update to Consul Enterprise 1.20.8. Update to Consul Enterprise 1.18.12.

**Name of the Vulnerable Software and Affected Versions** Consul versions prior to 1.22.0 Consul Enterprise versions prior to 1.22.0 Consul Enterprise version 1.21.6 Consul Enterprise version 1.20.8 Consul Enterprise version 1.18.12 **Description** The event endpoint in Consul and Consul Enterprise is susceptible to a denial of service (DoS) condition. This is caused by the absence of a maximum value restriction on the Content Length header. A malicious actor could potentially exploit this to disrupt service availability. **Recommendations** Update Consul to version 1.22.0 or later. Update Consul Enterprise to version 1.22.0 or later. Update Consul Enterprise to version 1.21.6. Update Consul Enterprise to version 1.20.8. Update Consul Enterprise to version 1.18.12.

**Name of the Vulnerable Software and Affected Versions** Wing FTP Server versions prior to 7.4.4 **Description** Wing FTP Server contains an information disclosure issue in the `loginok.html` file. The vulnerability occurs when a long value is provided in the `UID` cookie. This allows a remote attacker to disclose the full local installation path of the application. This vulnerability is actively exploited in the wild and has been observed being chained with remote code execution exploits. Attackers have leveraged this vulnerability to download malicious Lua files and install Remote Monitoring and Management (RMM) tools. CISA has added this vulnerability, identified as CVE-2025-47813, to its Known Exploited Vulnerabilities catalog, requiring federal agencies to patch within a specified timeframe. The vulnerability is triggered by improper validation of the `UID` cookie value. **Recommendations** Update Wing FTP Server to version 7.4.4 or later.

Name of the Vulnerable Software and Affected Versions: Wing FTP Server versions through 7.4.4 Description: The administrative web interface (listening by default on port 5466) runs with elevated privileges (root or SYSTEM) by default. The web application provides methods to execute arbitrary system commands, which are automatically executed with these high privileges. This situation may lead to privilege escalation, as administrative users of the web interface are not necessarily system administrators. Recommendations: Versions prior to 7.4.4: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wing FTP Server versions prior to 7.4.4 **Description** Wing FTP Server is affected by a critical remote code execution (RCE) vulnerability (CVE-2025-47812) stemming from improper handling of null bytes ('0') in the web interfaces. This allows attackers to inject arbitrary Lua code into user session files, potentially executing arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default). The vulnerability is exploitable even with anonymous FTP accounts. Active exploitation of this flaw has been observed, with attackers attempting to gain root/SYSTEM access, scan systems, and install malware. Over 8,100 systems are estimated to be exposed, including those belonging to the U.S. Air Force and Airbus. The vulnerability allows for unauthenticated remote code execution. The `loginok.html` endpoint is a target for exploitation. **Recommendations** Update Wing FTP Server to version 7.4.4 or later.

**Name of the Vulnerable Software and Affected Versions** Intel Data Center Manager SDK versions prior to 5.2 **Description** The issue is related to a protection mechanism failure in Intel Data Center Manager software, which may allow an unauthenticated user to potentially enable escalation of privilege via network access. This could permit a remote attacker to elevate their privileges. The problem is described as an incorrect use of protection mechanisms. **Recommendations** For versions prior to 5.2, update to version 5.2 or later to resolve the issue. As a temporary workaround, consider restricting network access to the affected system until a patch is applied. Restrict access to vulnerable components to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Quiz And Survey Master plugin for WordPress versions up to, and including, 8.0.8 **Description** The issue is related to Cross-Site Request Forgery due to missing nonce validation on the function associated with the `qsm remove file fd question` AJAX action. This allows unauthenticated attackers to delete arbitrary media files via a forged request if they can trick a site administrator into performing a specific action, such as clicking on a link. **Recommendations** For versions up to, and including, 8.0.8, update to a version that includes nonce validation for the `qsm remove file fd question` AJAX action to prevent Cross-Site Request Forgery attacks. As a temporary workaround, consider restricting access to the `qsm remove file fd question` AJAX action to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Intel(R) DCM software versions prior to 5.0.1 **Description** The issue concerns insufficiently protected credentials in the Intel(R) DCM software, which may allow an authenticated user to potentially enable information disclosure via network access. **Recommendations** For versions prior to 5.0.1, update to version 5.0.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SecurePoint UTM versions prior to 12.2.5.1 **Description** An issue was discovered in the firewall's endpoint at "/spcgi.cgi" that allows sessionid information disclosure via an invalid authentication attempt. This can be used to bypass the device's authentication and gain access to the administrative interface. **Recommendations** For versions prior to 12.2.5.1, update to version 12.2.5.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/spcgi.cgi" endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** SecurePoint UTM versions prior to 12.2.5.1 **Description** An issue in the firewall's endpoint at "/spcgi.cgi" allows information disclosure of memory contents to be achieved by an authenticated user. Uninitialized data can be retrieved via an approach in which a `sessionid` is obtained but not used. **Recommendations** For versions prior to 12.2.5.1, update to version 12.2.5.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/spcgi.cgi" endpoint until a patch is applied. Avoid using the `sessionid` in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Intel(R) Quartus Prime Pro and Standard edition software (affected versions not specified) **Description** The issue is related to insufficient control flow management, which may allow an authenticated user to potentially enable escalation of privilege via local access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel(R) Quartus Prime Pro and Standard edition software (affected versions not specified) **Description** The issue is related to path traversal in the software, which may allow an authenticated user to potentially enable escalation of privilege via local access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel(R) Quartus Prime Pro and Standard edition (affected versions not specified) **Description** The issue is related to improper neutralization in the software, which may allow an authenticated user to potentially enable escalation of privilege via local access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The Quiz And Survey Master for WordPress versions up to, and including, 8.0.8 **Description** The issue is related to a missing capability check on the function associated with the `qsm remove file fd question` AJAX action. This allows unauthenticated attackers to delete arbitrary media files. The vulnerability can be exploited by a remote attacker to remove files. **Recommendations** For versions up to, and including, 8.0.8, update to a version that includes a fix for the missing capability check on the `qsm remove file fd question` function to prevent unauthorized file deletion. As a temporary workaround, consider disabling the `qsm remove file fd question` AJAX action until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Becustom plugin for WordPress versions up to, and including, 1.0.5.2 **Description** The issue is due to missing nonce validation when saving the plugin's settings, making it possible for unauthenticated attackers to update the plugin's settings, such as `betheme url slug`, `replaced theme author`, and `betheme label`, via a forged request. This can be achieved if attackers can trick a site administrator into performing an action, like clicking on a link. **Recommendations** For versions up to, and including, 1.0.5.2, update to a version that includes nonce validation for the plugin's settings to prevent Cross-Site Request Forgery attacks. As a temporary workaround, consider restricting access to the plugin's settings page to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Betheme theme for WordPress versions up to, and including, 26.5.1.4 **Description** The issue concerns PHP Object Injection via deserialization of untrusted input. This is made possible through the `import`, `mfn-items-import-page`, and `mfn-items-import` parameters passed through the `mfn builder import`, `mfn builder import page`, `importdata`, `importsinglepage`, and `importfromclipboard` functions. Authenticated attackers with contributor level permissions and above can inject a PHP Object, potentially allowing them to execute code, retrieve sensitive data, or delete files if a POP chain is present. **Recommendations** For versions up to, and including, 26.5.1.4, consider disabling the `mfn builder import`, `mfn builder import page`, `importdata`, `importsinglepage`, and `importfromclipboard` functions as a temporary workaround until a patch is available. Restrict access to the `import`, `mfn-items-import-page`, and `mfn-items-import` parameters to minimize the risk of exploitation. Avoid using these parameters in the affected functions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel(R) Quartus Prime Standard edition software versions prior to 21.1 Patch 0.02std **Description** The issue is related to an uncontrolled search path element, which may allow an authenticated user to potentially enable escalation of privilege via local access. **Recommendations** For versions prior to 21.1 Patch 0.02std, update to version 21.1 Patch 0.02std or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Intel(R) DCM software versions prior to 5.0 **Description** The issue is related to a protection mechanism failure in the Intel(R) DCM software, which may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. **Recommendations** For versions prior to 5.0, update to version 5.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Transposh WordPress Translation plugin versions up to, and including, 1.0.8.1 **Description** The issue allows unauthorized setting changes by unauthenticated users due to insufficient validation of settings on the 'tp translation' AJAX action. This makes it possible for attackers to bypass restrictions and influence the data shown on the site. The problem is caused by a faulty validation in "wp/transposh db.php" when the "autotranslate" feature is enabled and the HTTP POST parameter `sr0` is larger than 0. **Recommendations** For versions up to, and including, 1.0.8.1, update to a version that fixes the insufficient validation issue. As a temporary workaround, consider disabling the 'autotranslate' feature until a patch is available. Restrict access to the 'tp translation' AJAX action to minimize the risk of exploitation. Avoid using the HTTP POST parameter `sr0` in the affected AJAX action until the issue is resolved.