CVEs - Compromised Website Report

CVEs - Compromised Website Report.

Description

This is a critical report that identifies websites reported to have been compromised. The report covers a broad category of web related compromises. It may include a compromised Content Management System (CMS) for example, but also includes devices that we have detected to be compromised with webshells or implants that are accessible via HTTP.
Finally, the report includes HTML lnks to provide recipients more context of the suspected compromise. It is believed the websites, software products and devices identified in the report were compromised primarily through unpatched vulnerabilities.

The following compromises may be included in Reports:

CVE Number	Vendor	Product	CVSSv3 Score	Tag(s)	Description
N/A	WordPress ecosystem	WordPress sites / plugins	N/A	clickfix	ClickFix injected JavaScript in compromised WordPress sites/plugins used for malware delivery via social engineering.
CVE-2026-1281	Ivanti	Endpoint Manager Mobile (EPMM)	9.8	ivanti-epmm-compromised	Exploitation leads to webshell/artifact deployment on EPMM devices.
CVE-2025-57819	Sangoma	FreePBX	10	freepbx-compromised	Webshell installation following exploitation enabling remote persistence.
CVE-2025-53770	Microsoft	SharePoint	9.8	sharepoint-compromised	Webshell deployment in SharePoint environments after exploitation.
CVE-2025-25257	Fortinet	FortiWeb	9.6	fortiweb-compromised	Webshells detected on FortiWeb appliances due to exploitation.
CVE-2025-31324	SAP	NetWeaver	10	netweaver-compromised	Webshell compromise of SAP NetWeaver systems via remote exploitation.
CVE-2025-68686	Fortinet	Fortinet appliances	5.3	fortinet-compromised	Symlink-based persistence mechanism used on compromised devices.
CVE-2017-17215 / CVE-2024-7029	AVTECH	Murdoc botnet devices	N/A / 8.8	murdoc-botnet	Devices recruited into Murdoc (Mirai-based) botnet.
CVE-2025-0282 (partial)	Ivanti	Connect Secure VPN	9	backdoor;ivanti-connect-secure	Multi-campaign compromises with backdoor activity and suspected exploitation.
CVE-2024-0012	Palo Alto Networks	PAN-OS	9.8	panos-compromised	Management interface compromise enabling remote access.
N/A	Samsung Techwin	NVR Web Viewer	N/A	http;samsung-techwin-nvr-web-viewer;webshell	Webshell (update.php) in NVR systems enabling remote control.
CVE-2024-4577	PHP	PHP runtime	9.8	tell-youthepass (ransomware campaign)	Remote code execution used in ransomware campaigns (TellYouThePass).
CVE-2023-48365 / 41265 / 41266	Qlik	Qlik Sense	9.6 / 9.6 / 8.2	injected-code;qliksense;ssl;webshell	Exploited by Cactus ransomware via injected files and persistence artifacts.
CVE-2024-21893	Ivanti	Connect Secure VPN	8.2	backdoor-activity;ivanti-connect-secure	Backdoor activity following exploitation campaigns.
CVE-2024-21887 / CVE-2023-46805	Ivanti	Connect Secure VPN	9.1 / 8.2	ivanti-connect-secure;credential-stealer;injected-code	Credential stealing injected code enabling persistence and access.
CVE-2024-21887 / CVE-2023-46805	Ivanti	Connect Secure VPN	9.1 / 8.2	ivanti-connect-secure;webshell	GIFTEDVISITOR webshell variant enabling remote control.
CVE-2023-20198	Cisco	IOS XE	10	badcandy;device-implant	“BadCandy” implant used for persistence via web management interface abuse.
CVE-2023-3519	Citrix	NetScaler ADC / Gateway	9.8	citrix;webshell	Webshell deployment and credential harvesting via exploitation.
CVE-2023-3519	Citrix	NetScaler ADC / Gateway	9.8	citrix;injected-code	Injected code used for credential theft and persistent access.

Common Vulnerabilities & Exposures (CVEs).

Systems used for reporting and assessing the severity of security vulnerabilities.

No.	System	Description
1.	Common Vulnerabilities and Exposures (CVE).	The CVE system is used to identify, define, catalogue and publicly disclosed known information-security vulnerabilities and exposures.
2.	The Common Vulnerability Scoring System (CVSS).	CVSS is a free and open industry standard for assessing the severity of computer system security vulnerabilities. It provides a numerical (0-10) representation of the severity of an information security vulnerability.

CVSSv3.0 Metrics.

No.	Base Score Range	Severity
1.	0.0	None
2.	0.1 - 3.9	Low
3.	4.0 - 6.9	Medium
4.	7.0 - 8.9	High
5.	9.0 - 10.0	Critical