2025-07-17
2025-07-17 22:15Z
CRIT

CVE-2025-6391 — Broadcom Brocade_active_support_connectivity_gateway: An attacker with access to the log files can withdraw the unencrypted tokens with

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-6391

Brocade ASCG before 3.3.0 logs JSON Web Tokens (JWT) in log files. An attacker with access to the log files can withdraw the unencrypted tokens with security implications, such as unauthorized access, session hijacking, and information disclosure. CVSSv3.1 9.1 (CRITICAL)

CWECWE 532VNDBroadcomVNDBrocadeTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2025-07-17
2025-07-17 16:15Z
CRIT

CVE-2025-53867 — Island: Lake WebBatch before 2025C allows Remote Code Execution via a crafted URL.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-53867

Island Lake WebBatch before 2025C allows Remote Code Execution via a crafted URL. CVSSv3.1 9.8 (CRITICAL) · EPSS 50th percentile

CWECWE 94VNDIslandTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-07-16
2025-07-16 12:15Z
CRIT

CVE-2025-52836 — Incorrect: Privilege Assignment vulnerability in Unity Business Technology Pty Ltd The E-Commerce ERP profitori

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-52836

Incorrect Privilege Assignment vulnerability in Unity Business Technology Pty Ltd The E-Commerce ERP profitori allows Privilege Escalation.This issue affects The E-Commerce ERP: from n/a through <= 2.1.1.3. CVSSv3.1 9.8 (CRITICAL)

CWECWE 266TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-07-16
2025-07-16 12:15Z
HIGH

CVE-2025-52819 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-52819

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in pakkemx Pakke Envíos pakke allows SQL Injection.This issue affects Pakke Envíos: from n/a through <= 1.0.2. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2025-07-16
2025-07-16 12:15Z
CRIT

CVE-2025-52714 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-52714

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler traveler allows SQL Injection.This issue affects Traveler: from n/a through < 3.2.2. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2025-07-16
2025-07-16 12:15Z
HIGH

CVE-2025-49876 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-49876

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows SQL Injection.This issue affects ProfileGrid : from n/a through <= 5.9.5.2. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2025-07-16
2025-07-16 12:15Z
CRIT

CVE-2025-48300 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Adrian Tobey Groundhogg groundhogg allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-48300

Unrestricted Upload of File with Dangerous Type vulnerability in Adrian Tobey Groundhogg groundhogg allows Upload a Web Shell to a Web Server.This issue affects Groundhogg: from n/a through <= 4.2.1. CVSSv3.1 9.1 (CRITICAL)

CWECWE 434TYPVulnerability
9.1
CVSS v3.1
96
Edit Score
728 × 90 / responsive · programmatic ad slot
2025-07-16
2025-07-16 12:15Z
HIGH

CVE-2025-47645 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-47645

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ELEXtensions ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes elex-bulk-edit-products-prices-attributes-for-woocommerce-basic allows SQL Injection.This issue affects ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes: from n/a through <= 1.4.9. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2025-07-16
2025-07-16 12:15Z
HIGH

CVE-2025-32574 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32574

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla WPGYM gym-management allows SQL Injection.This issue affects WPGYM: from n/a through <= 65.0. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2025-07-16
2025-07-16 12:15Z
HIGH

CVE-2025-31422 — Deserialization: of Untrusted Data vulnerability in designthemes Visual Art | Gallery WordPress Theme visual-arts

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-31422

Deserialization of Untrusted Data vulnerability in designthemes Visual Art | Gallery WordPress Theme visual-arts allows Object Injection.This issue affects Visual Art | Gallery WordPress Theme: from n/a through <= 2.4. CVSSv3.1 8.8 (HIGH)

CWECWE 502TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-07-16
2025-07-16 12:15Z
CRIT

CVE-2025-30973 — Deserialization: of Untrusted Data vulnerability in Codexpert, Inc CoSchool LMS coschool allows Object Injection.This

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-30973

Deserialization of Untrusted Data vulnerability in Codexpert, Inc CoSchool LMS coschool allows Object Injection.This issue affects CoSchool LMS: from n/a through <= 1.4.3. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-07-16
2025-07-16 12:15Z
CRIT

CVE-2025-30949 — Deserialization: of Untrusted Data vulnerability in Guru Team Site Chat on Telegram site-chat-on-telegram allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-30949

Deserialization of Untrusted Data vulnerability in Guru Team Site Chat on Telegram site-chat-on-telegram allows Object Injection.This issue affects Site Chat on Telegram: from n/a through <= 1.0.4. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-07-16
2025-07-16 12:15Z
CRIT

CVE-2025-30936 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-30936

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Torod Company for Information Technology Torod torod allows SQL Injection.This issue affects Torod: from n/a through <= 2.1. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2025-07-16
2025-07-16 12:15Z
CRIT

CVE-2025-29009 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Webkul Medical Prescription Attachment Plugin

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-29009

Unrestricted Upload of File with Dangerous Type vulnerability in Webkul Medical Prescription Attachment Plugin for WooCommerce medical-prescription-attachment-plugin-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects Medical Prescription Attachment Plugin for WooCommerce: from n/a through <= 1.2.3. CVSSv3.1 10.0 (CRITICAL)

CWECWE 434TYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2025-07-16
2025-07-16 12:15Z
CRIT

CVE-2025-28982 — Thimpress Wp_pipes: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-28982

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThimPress WP Pipes wp-pipes allows SQL Injection.This issue affects WP Pipes: from n/a through <= 1.4.3. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89VNDThimpressTYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2025-07-16
2025-07-16 12:15Z
HIGH

CVE-2025-28965 — Authorization: Missing Authorization vulnerability in Md Yeasin Ul Haider URL Shortener exact-links allows Accessing Functionality

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-28965

Missing Authorization vulnerability in Md Yeasin Ul Haider URL Shortener exact-links allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects URL Shortener: from n/a through <= 3.0.7. CVSSv3.1 8.6 (HIGH)

CWECWE 862TYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2025-07-16
2025-07-16 12:15Z
CRIT

CVE-2025-28961 — Deserialization: of Untrusted Data vulnerability in Md Yeasin Ul Haider URL Shortener exact-links allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-28961

Deserialization of Untrusted Data vulnerability in Md Yeasin Ul Haider URL Shortener exact-links allows Object Injection.This issue affects URL Shortener: from n/a through <= 3.0.7. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-07-16
2025-07-16 12:15Z
CRIT

CVE-2025-28959 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-28959

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Md Yeasin Ul Haider URL Shortener exact-links allows SQL Injection.This issue affects URL Shortener: from n/a through <= 3.0.7. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2025-07-16
2025-07-16 12:15Z
HIGH

CVE-2025-24779 — Deserialization: of Untrusted Data vulnerability in NooTheme Yogi yogi allows Object Injection.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-24779

Deserialization of Untrusted Data vulnerability in NooTheme Yogi yogi allows Object Injection.This issue affects Yogi: from n/a through < 2.9.3. CVSSv3.1 8.8 (HIGH)

CWECWE 502TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-07-16
2025-07-16 12:15Z
HIGH

CVE-2025-24777 — Deserialization: of Untrusted Data vulnerability in awethemes Hillter hillter allows Object Injection.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-24777

Deserialization of Untrusted Data vulnerability in awethemes Hillter hillter allows Object Injection.This issue affects Hillter: from n/a through <= 3.0.7. CVSSv3.1 8.8 (HIGH)

CWECWE 502TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-07-16
2025-07-16 12:15Z
CRIT

CVE-2025-24759 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-24759

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CMSJunkie - WordPress Business Directory Plugins WP-BusinessDirectory wp-businessdirectory allows Blind SQL Injection.This issue affects WP-BusinessDirectory: from n/a through <= 3.1.4. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2025-07-16
2025-07-16 11:15Z
HIGH

CVE-2025-54026 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-54026

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in QuanticaLabs GymBase Theme Classes gymbase_classes allows SQL Injection.This issue affects GymBase Theme Classes: from n/a through <= 1.4. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2025-07-16
2025-07-16 11:15Z
CRIT

CVE-2025-54010 — Site: Cross-Site Request Forgery (CSRF) vulnerability in Shahjahan Jewel FluentSnippets easy-code-manager allows Cross Site Request

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-54010

Cross-Site Request Forgery (CSRF) vulnerability in Shahjahan Jewel FluentSnippets easy-code-manager allows Cross Site Request Forgery.This issue affects FluentSnippets: from n/a through <= 10.50. CVSSv3.1 9.6 (CRITICAL)

CWECWE 352TYPVulnerability
9.6
CVSS v3.1
98
Edit Score
2025-07-16
2025-07-16 11:15Z
CRIT

CVE-2024-9342 — Eclipse Glassfish: In Eclipse GlassFish versions before 8.0.3 it is possible to perform Login Brute Force

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-9342

In Eclipse GlassFish versions before 8.0.3 it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts. GlassFish 8.0.3 adds automatic attack protection documented in https://glassfish.org/docs/latest/security-guide.html#brute-force-attack-protection . CVSSv3.1 9.8 (CRITICAL)

CWECWE 307VNDEclipseTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-07-16
2025-07-16 07:15Z
HIGH

CVE-2025-7359 — Counter: The Counter live visitors for WooCommerce plugin for WordPress is vulnerable to arbitrary file

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-7359

The Counter live visitors for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wcvisitor_get_block function in all versions up to, and including, 1.3.6. This makes it possible for unauthenticated attackers to delete arbitrary files on the server. NOTE: This particular vulnerability deletes all the files in a targeted arbitrary directory rather than a specified arbitrary file, which can lead to loss of da CVSSv3.1 8.2 (HIGH)

CWECWE 22VNDCounterTYPVulnerability
8.2
CVSS v3.1
91
Edit Score