Recent Advisories

Severity ID Title Vendor Product Date Type
CRITICAL 9.4 CVE-2025-55168

WeGIA SQL Injection via id_fichamedica at endpoint `GET /html/saude/aplicar_medicamento.php`_CVE-2025-55168

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a SQL Injection vu...

LabRedesCefetRJ WeGIA < 3.4.8 CVE
CRITICAL 10 CVE-2025-55169

WeGIA Path Traversal at endpoint ‘html/socio/sistema/download_remessa.php’ via parameter ‘file’_CVE-2025-55169

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a path traversal v...

LabRedesCefetRJ WeGIA < 3.4.8 CVE
CRITICAL 9.7 CVE-2025-54382

Cherry Studio RCE Vulnerability Disclosure_CVE-2025-54382

Cherry Studio is a desktop client that supports for multiple LLM providers. In version 1.5.1, a remote code execution (RCE) vulnerability exists in...

CherryHQ cherry-studio = 1.5.1 CVE
CRITICAL 9.8 THN:6424C9AEB80...

Fortinet Warns About FortiSIEM Vulnerability (CVE-2025-25256) With In-the-Wild Exploit Code_THN:6424C9AEB80EB4FC9DACB5F58A480B35

![FortiSIEM Vulnerability \(CVE-2025-25256\)](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAA...

N/A N/A THN
CRITICAL 9.3 CVE-2025-8913

WellChoose|Organization Portal System – Local File Inclusion_CVE-2025-8913

Organization Portal System developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated remote attackers to execute a...

WellChoose Organization Portal System CVE
CRITICAL 10 THN:7B84183CA8F...

Microsoft August 2025 Patch Tuesday Fixes Kerberos Zero-Day Among 111 Total New Flaws_THN:7B84183CA8FDD4C95B491A65BC16DE76

![August 2025 Patch Tuesday](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=) M...

N/A N/A THN
CRITICAL 9.8 3FC9E9A2-42CE-

Exploit for Code Injection in Xwiki_3FC9E9A2-42CE-552A-A046-E205E2471000

# CVE-2025-24893 – Unauthenticated Remote Code Execution in XWiki ## 0 Table of Contents 1. [Summary](#1-summary) 2. [Vulnerability Details](#2...

N/A N/A GITHUBEXPLOIT
CRITICAL 9.8 CC794B3A-AEAA-

Exploit for Deserialization of Untrusted Data in Microsoft_CC794B3A-AEAA-5702-835E-CDE940323175

# CVE-2025-53770 – Microsoft SharePoint Server 2019 Unauthenticated RCE via Deserialization ![CVE-2025-53770](https://img.shields.io/badge/CVE-202...

N/A N/A GITHUBEXPLOIT
CRITICAL 9.8 BA812463-BBF5-

Exploit for Code Injection in Xwiki_BA812463-BBF5-56F4-857D-CA61CFE29B88

# CVE-2025-24893 Bash POC script for RCE vulnerability in XWiki Platform ### Example usage: Setup a netcat listener: ``` $ nc -nvlp ``` Then run...

N/A N/A GITHUBEXPLOIT
CRITICAL 9.8 E5B5FB6C-FB47-

Exploit for Code Injection in Xwiki_E5B5FB6C-FB47-5B80-9C21-F45B725632D3

# CVE-2025-24893 Install bun: ```bash curl -fsSL https://bun.com/install | bash ``` To install dependencies: ```bash bun install ``` To run: ...

N/A N/A GITHUBEXPLOIT