NVD disclosure day

Published threat advisories for February 26, 2025

CVE advisoryCRITICAL

CVE-2025-25785

JizhiCMS SSRF Vulnerability Allows Intranet Scanning.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A Server-Side Request Forgery vulnerability in JizhiCMS software could allow attackers to scan internal networks. This critical flaw enables malicious actors to send crafted requests to reveal information about internal systems. Security-aware leaders should confirm if JizhiCMS is in use and externally exposed to asses

CVE advisoryCRITICAL

CVE-2025-25783

Emlog Pro Arbitrary File Upload Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

An arbitrary file upload vulnerability exists in Emlog Pro's administrative plugin component, potentially allowing unauthenticated attackers to execute arbitrary code by uploading a crafted Zip file. If Emlog Pro is deployed publicly, this could lead to a system compromise. Organizations should determine if they use th