2025-08-22
2025-08-22 17:15Z
CRIT

CVE-2025-57105 — Dlink Di-7400g\+_firmware: The DI-7400G+ router has a command injection vulnerability, which allows attackers to execute arbitrary

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-57105

The DI-7400G+ router has a command injection vulnerability, which allows attackers to execute arbitrary commands on the device. The sub_478D28 function in in mng_platform.asp, and sub_4A12DC function in wayos_ac_server.asp of the jhttpd program, with the parameter ac_mng_srv_host. CVSSv3.1 9.8 (CRITICAL) · EPSS 88th percentile

CWECWE 77VNDDlinkTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2025-08-22
2025-08-22 15:09Z
INFO

v3.4.9

Nuclei releases·github.com

Nuclei v3.4.9 released with a minor bug fix addressing output event handling for skipped hosts. This is a routine maintenance release with no security implications or feature additions.

SRFApplicationVNDProjectdiscoveryTYPTool
25
Edit Score
2025-08-21
2025-08-21 15:15Z
CRIT

CVE-2025-53251 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in An-Themes Pin WP pin-wp allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-53251

Unrestricted Upload of File with Dangerous Type vulnerability in An-Themes Pin WP pin-wp allows Upload a Web Shell to a Web Server.This issue affects Pin WP: from n/a through < 7.2. CVSSv3.1 9.9 (CRITICAL)

CWECWE 434TYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2025-08-21
2025-08-21 14:15Z
HIGH

CVE-2025-55370 — Jishenghua Jsherp: Incorrect access control in the component \controller\ResourceController.java of jshERP v3.5 allows unauthorized attackers to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-55370

Incorrect access control in the component \controller\ResourceController.java of jshERP v3.5 allows unauthorized attackers to obtain all the corresponding ID data by modifying the ID value. CVSSv3.1 8.8 (HIGH) · EPSS 32th percentile

CWECWE 639VNDJishenghuaTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-08-21
2025-08-21 14:15Z
HIGH

CVE-2025-55368 — Jishenghua Jsherp: Incorrect access control in the component \controller\RoleController.java of jshERP v3.5 allows unauthorized attackers to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-55368

Incorrect access control in the component \controller\RoleController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account. CVSSv3.1 8.8 (HIGH) · EPSS 32th percentile

CWECWE 284VNDJishenghuaTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-08-20
2025-08-20 09:15Z
HIGH

CVE-2025-5260 — Server: Server-Side Request Forgery (SSRF) vulnerability in Pik Online Yazılım Çözümleri A.Ş.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-5260

Server-Side Request Forgery (SSRF) vulnerability in Pik Online Yazılım Çözümleri A.Ş. Pik Online allows Server Side Request Forgery. This issue affects Pik Online: before 3.1.5. CVSSv3.1 8.6 (HIGH) · EPSS 25th percentile

CWECWE 918TYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2025-08-20
2025-08-20 08:15Z
HIGH

CVE-2025-54735 — Incorrect: Privilege Assignment vulnerability in Imran Tauqeer CubeWP cubewp-framework allows Privilege Escalation.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-54735

Incorrect Privilege Assignment vulnerability in Imran Tauqeer CubeWP cubewp-framework allows Privilege Escalation.This issue affects CubeWP: from n/a through <= 1.1.24. CVSSv3.1 8.8 (HIGH)

CWECWE 266TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
728 × 90 / responsive · programmatic ad slot
2025-08-20
2025-08-20 08:15Z
CRIT

CVE-2025-54726 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-54726

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Miguel Useche JS Archive List jquery-archive-list-widget allows SQL Injection.This issue affects JS Archive List: from n/a through < 6.1.6. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2025-08-20
2025-08-20 08:15Z
CRIT

CVE-2025-54713 — Authentication: Bypass Using an Alternate Path or Channel vulnerability in magepeopleteam Taxi Booking Manager

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-54713

Authentication Bypass Using an Alternate Path or Channel vulnerability in magepeopleteam Taxi Booking Manager for WooCommerce ecab-taxi-booking-manager allows Authentication Abuse.This issue affects Taxi Booking Manager for WooCommerce: from n/a through <= 1.3.0. CVSSv3.1 9.8 (CRITICAL)

CWECWE 288TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-08-20
2025-08-20 08:15Z
CRIT

CVE-2025-54677 — Vcita Online_booking_\&_scheduling_calendar: Unrestricted Upload of File with Dangerous Type vulnerability in vcita Online Booking & Scheduling

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-54677

Unrestricted Upload of File with Dangerous Type vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita meeting-scheduler-by-vcita allows Using Malicious Files.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through <= 4.5.3. CVSSv3.1 9.1 (CRITICAL)

CWECWE 434VNDVcitaTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2025-08-20
2025-08-20 08:15Z
CRIT

CVE-2025-54049 — Incorrect: Privilege Assignment vulnerability in miniOrange Custom API for WP custom-api-for-wp allows Privilege Escalation.This

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-54049

Incorrect Privilege Assignment vulnerability in miniOrange Custom API for WP custom-api-for-wp allows Privilege Escalation.This issue affects Custom API for WP: from n/a through <= 4.2.2. CVSSv3.1 9.9 (CRITICAL)

CWECWE 266TYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2025-08-20
2025-08-20 08:15Z
CRIT

CVE-2025-54048 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-54048

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in miniOrange Custom API for WP custom-api-for-wp allows SQL Injection.This issue affects Custom API for WP: from n/a through <= 4.2.2. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2025-08-20
2025-08-20 08:15Z
HIGH

CVE-2025-54031 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-54031

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Schiocco Support Board supportboard allows PHP Local File Inclusion.This issue affects Support Board: from n/a through <= 3.8.0. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-08-20
2025-08-20 08:15Z
CRIT

CVE-2025-54014 — Deserialization: of Untrusted Data vulnerability in QuanticaLabs MediCenter - Health Medical Clinic medicenter allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-54014

Deserialization of Untrusted Data vulnerability in QuanticaLabs MediCenter - Health Medical Clinic medicenter allows Object Injection.This issue affects MediCenter - Health Medical Clinic: from n/a through <= 15.1. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-08-20
2025-08-20 08:15Z
HIGH

CVE-2025-54007 — Deserialization: of Untrusted Data vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-54007

Deserialization of Untrusted Data vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Object Injection.This issue affects Post Grid and Gutenberg Blocks: from n/a through <= 2.3.11. CVSSv3.1 8.8 (HIGH)

CWECWE 502TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-08-20
2025-08-20 08:15Z
CRIT

CVE-2025-53580 — Incorrect: Privilege Assignment vulnerability in quantumcloud Simple Business Directory Pro simple-business-directory-pro allows Privilege Escalation.This

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-53580

Incorrect Privilege Assignment vulnerability in quantumcloud Simple Business Directory Pro simple-business-directory-pro allows Privilege Escalation.This issue affects Simple Business Directory Pro: from n/a through < 15.6.9. CVSSv3.1 9.8 (CRITICAL)

CWECWE 266TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-08-20
2025-08-20 08:15Z
CRIT

CVE-2025-53577 — Control: Improper Control of Generation of Code ('Code Injection') vulnerability in thehp Global DNS global-dns

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-53577

Improper Control of Generation of Code ('Code Injection') vulnerability in thehp Global DNS global-dns allows Remote Code Inclusion.This issue affects Global DNS: from n/a through <= 3.1.0. CVSSv3.1 10.0 (CRITICAL)

CWECWE 94TYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2025-08-20
2025-08-20 08:15Z
HIGH

CVE-2025-53567 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-53567

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in nK Ghost Kit ghostkit allows PHP Local File Inclusion.This issue affects Ghost Kit: from n/a through <= 3.4.1. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-08-20
2025-08-20 08:15Z
HIGH

CVE-2025-53565 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-53565

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Widget for Google Reviews business-reviews-wp allows PHP Local File Inclusion.This issue affects Widget for Google Reviews: from n/a through <= 1.0.15. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-08-20
2025-08-20 08:15Z
HIGH

CVE-2025-53560 — Deserialization: of Untrusted Data vulnerability in rascals Noisa noisa allows Object Injection.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-53560

Deserialization of Untrusted Data vulnerability in rascals Noisa noisa allows Object Injection.This issue affects Noisa: from n/a through <= 2.6.0. CVSSv3.1 8.8 (HIGH)

CWECWE 502TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-08-20
2025-08-20 08:15Z
CRIT

CVE-2025-53299 — Deserialization: of Untrusted Data vulnerability in ThemeMakers ThemeMakers Visual Content Composer tmm_content_composer allows Object

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-53299

Deserialization of Untrusted Data vulnerability in ThemeMakers ThemeMakers Visual Content Composer tmm_content_composer allows Object Injection.This issue affects ThemeMakers Visual Content Composer: from n/a through <= 1.5.8. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-08-20
2025-08-20 08:15Z
CRIT

CVE-2025-53213 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in ELEXtensions ReachShip WooCommerce Multi-Carrier &

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-53213

Unrestricted Upload of File with Dangerous Type vulnerability in ELEXtensions ReachShip WooCommerce Multi-Carrier & Conditional Shipping elex-reachship-multi-carrier-conditional-shipping allows Using Malicious Files.This issue affects ReachShip WooCommerce Multi-Carrier & Conditional Shipping: from n/a through <= 4.3.1. CVSSv3.1 9.9 (CRITICAL)

CWECWE 434TYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2025-08-20
2025-08-20 08:15Z
HIGH

CVE-2025-53207 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-53207

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Travel WP Travel Gutenberg Blocks wp-travel-blocks allows PHP Local File Inclusion.This issue affects WP Travel Gutenberg Blocks: from n/a through <= 3.9.0. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-08-20
2025-08-20 08:15Z
HIGH

CVE-2025-53204 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-53204

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme eventlist eventlist allows PHP Local File Inclusion.This issue affects eventlist: from n/a through <= 1.9.2. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-08-20
2025-08-20 08:15Z
HIGH

CVE-2025-53198 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-53198

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in favethemes Houzez houzez allows PHP Local File Inclusion.This issue affects Houzez: from n/a through <= 4.0.4. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score