This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.
There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.
We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.
If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!
1. CVE-2025-0368
The Banner Garden Plugin for WordPress plugin through 0.1.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users.
https://nvd.nist.gov/vuln/detail/CVE-2025-0368
2. CVE-2025-68613
Improper neutralization of special elements used in a command (‘command injection’) in Windows PowerShell allows an unauthorized attacker to execute code locally.
https://nvd.nist.gov/vuln/detail/CVE-2025-68613
3. CVE-2016-10033
Improper neutralization of special elements used in a command (‘command injection’) in Windows PowerShell allows an unauthorized attacker to execute code locally.
https://nvd.nist.gov/vuln/detail/CVE-2016-10033
4. CVE-2022-21227
Improper neutralization of special elements used in a command (‘command injection’) in Windows PowerShell allows an unauthorized attacker to execute code locally.
https://nvd.nist.gov/vuln/detail/CVE-2022-21227
5. CVE-2021-40539
Improper neutralization of special elements used in a command (‘command injection’) in Windows PowerShell allows an unauthorized attacker to execute code locally.
https://nvd.nist.gov/vuln/detail/CVE-2021-40539
6. CVE-2025-50708
Improper neutralization of special elements used in a command (‘command injection’) in Windows PowerShell allows an unauthorized attacker to execute code locally.
https://nvd.nist.gov/vuln/detail/CVE-2025-50708
7. CVE-2024-21762
Improper neutralization of special elements used in a command (‘command injection’) in Windows PowerShell allows an unauthorized attacker to execute code locally.
https://nvd.nist.gov/vuln/detail/CVE-2024-21762
8. CVE-2025-21204
Improper neutralization of special elements used in a command (‘command injection’) in Windows PowerShell allows an unauthorized attacker to execute code locally.
https://nvd.nist.gov/vuln/detail/CVE-2025-21204
9. CVE-2024-34102
Improper neutralization of special elements used in a command (‘command injection’) in Windows PowerShell allows an unauthorized attacker to execute code locally.
https://nvd.nist.gov/vuln/detail/CVE-2024-34102
10. CVE-2017-8759
Improper neutralization of special elements used in a command (‘command injection’) in Windows PowerShell allows an unauthorized attacker to execute code locally.
https://nvd.nist.gov/vuln/detail/CVE-2017-8759