Browse all 5 CVE security advisories affecting rascals. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Rascals is a network monitoring tool primarily used for real-time traffic analysis and security auditing. Historically, these devices have been vulnerable to multiple remote code execution flaws, cross-site scripting attacks, and privilege escalation vulnerabilities due to insufficient input validation and access controls. Notable security characteristics include default administrative credentials and unpatched firmware, which have led to several high-profile breaches where attackers gained complete network control. The five documented CVEs highlight consistent patterns in authentication bypass and command injection weaknesses, making these devices attractive targets for lateral movement in enterprise environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-25360 | WordPress Vex theme < 1.2.9 - PHP Object Injection vulnerability — VexCWE-502 | 8.8 | High | 2026-03-25 |
| CVE-2026-25358 | WordPress Meloo theme < 2.8.2 - PHP Object Injection vulnerability — MelooCWE-502 | 8.8 | High | 2026-03-25 |
| CVE-2026-25359 | WordPress Pendulum theme < 3.1.5 - PHP Object Injection vulnerability — PendulumCWE-502 | 8.8 | High | 2026-03-25 |
| CVE-2025-60039 | WordPress Noisa theme <= 2.6.0 - PHP Object Injection vulnerability — NoisaCWE-502 | 9.8 | Critical | 2025-10-22 |
| CVE-2025-53560 | WordPress Noisa theme <= 2.6.0 - PHP Object Injection Vulnerability — NoisaCWE-502 | 8.8 | High | 2025-08-20 |
This page lists every published CVE security advisory associated with rascals. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.