CVE-2026-25191 is a high-severity vulnerability in the installer of Digital Arts Inc. 's FinalCode Ver. 5 series prior to version 5. 43R01. The issue arises from an uncontrolled search path element for DLL loading during installation. If an attacker can place a malicious DLL in the same directory as the installer and convince a user to run the installer, arbitrary code execution can occur with the installer's privileges. Exploitation requires local access and user interaction but no prior authentication. The vulnerability impacts confidentiality, integrity, and availability due to potential full system compromise. No known exploits are currently reported in the wild. Organizations using affected versions should update promptly and implement strict directory and file integrity controls to mitigate risk.

CVE-2026-25191 is a vulnerability affecting the installer component of Digital Arts Inc.'s FinalCode Ver.5 series, specifically versions prior to 5.43R01. The root cause is an uncontrolled search path element for DLLs during the installation process. When the installer executes, it loads DLLs from its current directory without validating or restricting the search path, allowing an attacker with local access to place a malicious DLL alongside the installer executable. Upon execution, the installer loads the malicious DLL, resulting in arbitrary code execution with the installer's execution privileges. This vulnerability requires the attacker to have the ability to place files in the installer's directory and to persuade a user to run the installer, implying user interaction is necessary. The CVSS v3.0 base score is 7.8, reflecting high severity due to the potential for full system compromise (confidentiality, integrity, and availability impacts). The attack vector is local (AV:L), with low attack complexity (AC:L), no privileges required (PR:N), but user interaction is needed (UI:R). The scope remains unchanged (S:U). Although no exploits are currently known in the wild, the vulnerability poses a significant risk to environments where FinalCode Ver.5 is deployed, especially if users have the ability to run installers from untrusted directories. The vulnerability highlights the importance of secure DLL loading practices and proper installer design to prevent DLL hijacking or search path manipulation attacks.

CVE Database V5

Detailed information about CVE-2026-25191: Uncontrolled Search Path Element in Digital Arts Inc. FinalCode Ver.5 series affecting Digital Arts Inc. FinalCode Ve

CVE-2026-25191: Uncontrolled Search Path Element in Digital Arts Inc. FinalCode Ver.5 series - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2026-25191: Uncontrolled Search Path Element in Digital Arts Inc. FinalCode Ver.5 series

CVE-2026-23703 is a high-severity vulnerability in Digital Arts Inc. 's FinalCode Ver. 5 series installer, affecting versions prior to 5. 43R01. The vulnerability arises from incorrect default permissions set by the installer, allowing a non-administrative user to execute arbitrary code with SYSTEM privileges. Exploitation requires local access and low privileges but no user interaction, making it a significant privilege escalation risk. Although no known exploits are currently reported in the wild, the vulnerability impacts confidentiality, integrity, and availability due to the potential for full system compromise. Organizations using FinalCode Ver. 5 should prioritize patching to version 5. 43R01 or later.

CVE-2026-23703 is a vulnerability identified in the installer of Digital Arts Inc.'s FinalCode Ver.5 series, specifically affecting versions prior to 5.43R01. The root cause is incorrect default permissions set during the installation process, which inadvertently grant non-administrative users the ability to execute arbitrary code with SYSTEM-level privileges. This represents a classic privilege escalation vulnerability. The vulnerability requires local access with low privileges (AV:L - local attack vector, PR:L - low privileges) but does not require user interaction (UI:N). The scope is unchanged (S:U), meaning the impact is confined to the vulnerable system. The CVSS v3.0 base score is 7.8, indicating a high severity due to the combined impact on confidentiality, integrity, and availability (all rated high). Exploiting this flaw allows an attacker to gain full control over the affected system, potentially leading to data breaches, unauthorized data manipulation, or disruption of services. Although no known exploits have been reported in the wild, the vulnerability's nature makes it a critical concern for organizations relying on FinalCode for digital rights management and secure document handling. The vulnerability was published on February 26, 2026, with the vendor presumably releasing patches in version 5.43R01 or later. The vulnerability was assigned by JPCERT, indicating recognition by a reputable security entity. The lack of CWE identifiers suggests the vulnerability is straightforward, focusing on permission misconfiguration rather than complex logic errors.

Detailed information about CVE-2026-23703: Incorrect default permissions in Digital Arts Inc. FinalCode Ver.5 series affecting Digital Arts Inc. FinalCode Ver.5

CVE-2026-23703: Incorrect default permissions in Digital Arts Inc. FinalCode Ver.5 series - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2026-23703: Incorrect default permissions in Digital Arts Inc. FinalCode Ver.5 series

CVE-2026-1311 is a high-severity path traversal vulnerability in the Worry Proof Backup WordPress plugin by bearsthemes, affecting all versions up to 0. 2. 4. Authenticated users with Subscriber-level access or higher can exploit this flaw by uploading a crafted ZIP archive containing path traversal sequences. This allows arbitrary file writes anywhere on the server, including placing executable PHP files, potentially leading to remote code execution. The vulnerability requires no user interaction beyond authentication and has a CVSS score of 8. 8, indicating a critical impact on confidentiality, integrity, and availability. No known exploits are currently reported in the wild. Organizations using this plugin should prioritize patching or mitigating this issue to prevent server compromise. The threat primarily affects WordPress sites using this plugin, with higher risk in countries where WordPress market share is significant and where targeted attacks on web infrastructure are common.

CVE-2026-1311 is a path traversal vulnerability classified under CWE-22 found in the Worry Proof Backup plugin for WordPress, versions up to and including 0.2.4. The vulnerability arises from improper validation of pathname inputs during the backup upload process. Authenticated attackers with at least Subscriber-level privileges can upload a malicious ZIP archive containing path traversal sequences (e.g., '../') that bypass directory restrictions. This allows them to write arbitrary files to any location on the server's filesystem, including web-accessible directories. By placing executable PHP files, attackers can achieve remote code execution (RCE), gaining full control over the affected server. The vulnerability does not require user interaction beyond authentication and has a low attack complexity with no special privileges beyond Subscriber access. The CVSS v3.1 score of 8.8 reflects the high impact on confidentiality, integrity, and availability, as attackers can exfiltrate data, modify or delete files, and disrupt services. Although no known exploits have been reported in the wild, the vulnerability poses a significant risk due to the widespread use of WordPress and the plugin's functionality. The lack of available patches at the time of reporting necessitates immediate mitigation efforts by administrators.

Detailed information about CVE-2026-1311: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in bearsthemes Worry Proof Backu

CVE-2026-1311: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in bearsthemes Worry Proof Backup - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2026-1311: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in bearsthemes Worry Proof Backup

This report details insights gained from operating a honeypot sensor enhanced with AI assistance to analyze internet scanning and attack traffic. The honeypot collected millions of logs from thousands of IPs, revealing automated scanning campaigns targeting vulnerable Apache servers, Linux web interfaces, and IoT devices. A notable User-Agent string "libredtail-http" was linked to a botnet-driven multi-stage scanning toolkit aiming to enroll new systems for malicious purposes such as DDoS. The analysis highlights the challenges of distinguishing meaningful threat data from noise and the value of AI tools like ChatGPT in accelerating log interpretation and threat validation. The threat involves automated, low-cost, rotating IP scanning campaigns that exploit known vulnerabilities to compromise exposed systems. Mitigation requires proactive patching, network segmentation, and enhanced telemetry beyond incoming traffic logs. Countries with significant deployments of Apache, Linux, and IoT devices are at elevated risk. The threat is assessed as medium severity due to its automated nature, reliance on known vulnerabilities, and potential for widespread exploitation if unpatched systems remain exposed.

The documented threat arises from automated scanning and exploitation attempts observed via a honeypot sensor deployed to mimic vulnerable internet-facing systems. Over several months, the honeypot collected approximately 8 million logs from 14,000 unique IP addresses, capturing a high volume of background noise from automated scanners and toolkits. A key finding was the identification of a User-Agent string "libredtail-http," associated with a multi-stage scanning toolkit likely operated by a botnet. This toolkit targets vulnerable Apache HTTP servers, Linux web interfaces, and IoT devices by exploiting known vulnerabilities such as CVE-2021-41773 and CVE-2021-42013, which involve path traversal and remote code execution. The scanning campaigns use low-cost IP rotation and intermittent bursts to evade detection and attribution. The honeypot logs primarily contain metadata (source IP, ports, protocols, URLs) but lack payload content, limiting full visibility into exploit details. AI assistance via ChatGPT was instrumental in interpreting log data, validating hypotheses, and focusing investigative efforts, demonstrating AI's role as a collaborative analytical aid rather than a fully automated solution. The threat actor's goal appears to be enrolling compromised devices into a botnet infrastructure for expanded scanning, proxying, and DDoS capabilities. The report underscores the importance of comprehensive telemetry, including outbound traffic monitoring, to detect post-compromise activity. It also highlights that large volumes of logs do not guarantee actionable intelligence without proper scope and interpretation. Overall, this threat exemplifies persistent, automated exploitation attempts leveraging known vulnerabilities and emphasizes the need for continuous monitoring, patching, and intelligent analysis.

SANS ISC Handlers Diary

Detailed information about Finding Signal in the Noise: Lessons Learned Running a Honeypot with AI Assistance &#x5b;Guest Diary&#x5d;, (Tue, Feb 24th). Get real

Finding Signal in the Noise: Lessons Learned Running a Honeypot with AI Assistance &#x5b;Guest Diary&#x5d;, (Tue, Feb 24th) - Live Threat Intelligence - Threat Radar | OffSeq.com

Original Source

Finding Signal in the Noise: Lessons Learned Running a Honeypot with AI Assistance &#x5b;Guest Diary&#x5d;, (Tue, Feb 24th)

CVE-2026-2506 is a stored cross-site scripting (XSS) vulnerability in the EM Cost Calculator WordPress plugin (versions up to 2. 3. 1). It arises because the plugin stores attacker-controlled 'customer_name' data and renders it in the admin customer list without proper output escaping. This allows unauthenticated attackers to inject malicious scripts that execute when an administrator views the EMCC Customers page. The vulnerability has a CVSS score of 6. 1 (medium severity) and requires no privileges but does require the admin to view the infected page, involving user interaction. Exploitation could lead to partial compromise of confidentiality and integrity, such as session hijacking or admin account manipulation. No known exploits are currently reported in the wild. Organizations using this plugin should prioritize patching or applying mitigations to prevent exploitation.

CVE-2026-2506 is a stored cross-site scripting (XSS) vulnerability identified in the EM Cost Calculator plugin for WordPress, maintained by motahar1. The vulnerability affects all versions up to and including 2.3.1. It stems from improper neutralization of input (CWE-79) during web page generation, specifically the failure to escape the 'customer_name' field before rendering it in the administrative interface. An unauthenticated attacker can submit malicious JavaScript payloads via the 'customer_name' input, which the plugin stores without sanitization. When an administrator accesses the EMCC Customers page, the malicious script executes in their browser context. This can lead to session hijacking, privilege escalation, or other attacks leveraging the administrator's elevated permissions. The vulnerability has a CVSS v3.1 base score of 6.1, reflecting its medium severity, with an attack vector of network (remote), low attack complexity, no privileges required, but requiring user interaction (admin viewing the page). The scope is changed as the vulnerability affects the confidentiality and integrity of the system. No patches or official fixes are currently linked, and no known exploits have been reported in the wild. The vulnerability highlights the importance of proper output encoding and input validation in WordPress plugins, especially those handling administrative data.

Detailed information about CVE-2026-2506: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in motahar1 EM Cost Calcul

CVE-2026-2506: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in motahar1 EM Cost Calculator - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2026-2506: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in motahar1 EM Cost Calculator

Windows Storage Elevation of Privilege Vulnerability

Detailed information about CVE-2024-38248: CWE-416: Use After Free in Microsoft Windows Server 2022 affecting Microsoft Windows Server 2022. Get real-time updat

CVE-2024-38248: CWE-416: Use After Free in Microsoft Windows Server 2022

CVE-2024-38248: CWE-416: Use After Free in Microsoft Windows Server 2022

Description

Technical Details

Community Reviews

Related Threats

CVE-2026-25191: Uncontrolled Search Path Element in Digital Arts Inc. FinalCode Ver.5 series

CVE-2026-23703: Incorrect default permissions in Digital Arts Inc. FinalCode Ver.5 series

CVE-2026-1311: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in bearsthemes Worry Proof Backup

CVE-2026-2506: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in motahar1 EM Cost Calculator

CVE-2026-2499: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in tgrk Custom Logo

Actions

External Links

Need more coverage?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility