Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2025-6391 — Broadcom Brocade_active_support_connectivity_gateway: An attacker with access to the log files can withdraw the unencrypted tokens with
Brocade ASCG before 3.3.0 logs JSON Web Tokens (JWT) in log files. An attacker with access to the log files can withdraw the unencrypted tokens with security implications, such as unauthorized access, session hijacking, and information disclosure. CVSSv3.1 9.1 (CRITICAL)
CVE-2025-53867 — Island: Lake WebBatch before 2025C allows Remote Code Execution via a crafted URL.
Island Lake WebBatch before 2025C allows Remote Code Execution via a crafted URL. CVSSv3.1 9.8 (CRITICAL) · EPSS 50th percentile
CVE-2025-52836 — Incorrect: Privilege Assignment vulnerability in Unity Business Technology Pty Ltd The E-Commerce ERP profitori
Incorrect Privilege Assignment vulnerability in Unity Business Technology Pty Ltd The E-Commerce ERP profitori allows Privilege Escalation.This issue affects The E-Commerce ERP: from n/a through <= 2.1.1.3. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-52819 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in pakkemx Pakke Envíos pakke allows SQL Injection.This issue affects Pakke Envíos: from n/a through <= 1.0.2. CVSSv3.1 8.5 (HIGH)
CVE-2025-52714 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler traveler allows SQL Injection.This issue affects Traveler: from n/a through < 3.2.2. CVSSv3.1 9.3 (CRITICAL)
CVE-2025-49876 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows SQL Injection.This issue affects ProfileGrid : from n/a through <= 5.9.5.2. CVSSv3.1 8.5 (HIGH)
CVE-2025-48300 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Adrian Tobey Groundhogg groundhogg allows
Unrestricted Upload of File with Dangerous Type vulnerability in Adrian Tobey Groundhogg groundhogg allows Upload a Web Shell to a Web Server.This issue affects Groundhogg: from n/a through <= 4.2.1. CVSSv3.1 9.1 (CRITICAL)
CVE-2025-47645 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ELEXtensions ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes elex-bulk-edit-products-prices-attributes-for-woocommerce-basic allows SQL Injection.This issue affects ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes: from n/a through <= 1.4.9. CVSSv3.1 8.5 (HIGH)
CVE-2025-32574 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla WPGYM gym-management allows SQL Injection.This issue affects WPGYM: from n/a through <= 65.0. CVSSv3.1 8.5 (HIGH)
CVE-2025-31422 — Deserialization: of Untrusted Data vulnerability in designthemes Visual Art | Gallery WordPress Theme visual-arts
Deserialization of Untrusted Data vulnerability in designthemes Visual Art | Gallery WordPress Theme visual-arts allows Object Injection.This issue affects Visual Art | Gallery WordPress Theme: from n/a through <= 2.4. CVSSv3.1 8.8 (HIGH)
CVE-2025-30973 — Deserialization: of Untrusted Data vulnerability in Codexpert, Inc CoSchool LMS coschool allows Object Injection.This
Deserialization of Untrusted Data vulnerability in Codexpert, Inc CoSchool LMS coschool allows Object Injection.This issue affects CoSchool LMS: from n/a through <= 1.4.3. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-30949 — Deserialization: of Untrusted Data vulnerability in Guru Team Site Chat on Telegram site-chat-on-telegram allows
Deserialization of Untrusted Data vulnerability in Guru Team Site Chat on Telegram site-chat-on-telegram allows Object Injection.This issue affects Site Chat on Telegram: from n/a through <= 1.0.4. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-30936 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Torod Company for Information Technology Torod torod allows SQL Injection.This issue affects Torod: from n/a through <= 2.1. CVSSv3.1 9.3 (CRITICAL)
CVE-2025-29009 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Webkul Medical Prescription Attachment Plugin
Unrestricted Upload of File with Dangerous Type vulnerability in Webkul Medical Prescription Attachment Plugin for WooCommerce medical-prescription-attachment-plugin-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects Medical Prescription Attachment Plugin for WooCommerce: from n/a through <= 1.2.3. CVSSv3.1 10.0 (CRITICAL)
CVE-2025-28982 — Thimpress Wp_pipes: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThimPress WP Pipes wp-pipes allows SQL Injection.This issue affects WP Pipes: from n/a through <= 1.4.3. CVSSv3.1 9.3 (CRITICAL)
CVE-2025-28965 — Authorization: Missing Authorization vulnerability in Md Yeasin Ul Haider URL Shortener exact-links allows Accessing Functionality
Missing Authorization vulnerability in Md Yeasin Ul Haider URL Shortener exact-links allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects URL Shortener: from n/a through <= 3.0.7. CVSSv3.1 8.6 (HIGH)
CVE-2025-28961 — Deserialization: of Untrusted Data vulnerability in Md Yeasin Ul Haider URL Shortener exact-links allows
Deserialization of Untrusted Data vulnerability in Md Yeasin Ul Haider URL Shortener exact-links allows Object Injection.This issue affects URL Shortener: from n/a through <= 3.0.7. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-28959 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Md Yeasin Ul Haider URL Shortener exact-links allows SQL Injection.This issue affects URL Shortener: from n/a through <= 3.0.7. CVSSv3.1 9.3 (CRITICAL)
CVE-2025-24779 — Deserialization: of Untrusted Data vulnerability in NooTheme Yogi yogi allows Object Injection.This issue affects
Deserialization of Untrusted Data vulnerability in NooTheme Yogi yogi allows Object Injection.This issue affects Yogi: from n/a through < 2.9.3. CVSSv3.1 8.8 (HIGH)
CVE-2025-24777 — Deserialization: of Untrusted Data vulnerability in awethemes Hillter hillter allows Object Injection.This issue affects
Deserialization of Untrusted Data vulnerability in awethemes Hillter hillter allows Object Injection.This issue affects Hillter: from n/a through <= 3.0.7. CVSSv3.1 8.8 (HIGH)
CVE-2025-24759 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CMSJunkie - WordPress Business Directory Plugins WP-BusinessDirectory wp-businessdirectory allows Blind SQL Injection.This issue affects WP-BusinessDirectory: from n/a through <= 3.1.4. CVSSv3.1 9.3 (CRITICAL)
CVE-2025-54026 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in QuanticaLabs GymBase Theme Classes gymbase_classes allows SQL Injection.This issue affects GymBase Theme Classes: from n/a through <= 1.4. CVSSv3.1 8.5 (HIGH)
CVE-2025-54010 — Site: Cross-Site Request Forgery (CSRF) vulnerability in Shahjahan Jewel FluentSnippets easy-code-manager allows Cross Site Request
Cross-Site Request Forgery (CSRF) vulnerability in Shahjahan Jewel FluentSnippets easy-code-manager allows Cross Site Request Forgery.This issue affects FluentSnippets: from n/a through <= 10.50. CVSSv3.1 9.6 (CRITICAL)
CVE-2024-9342 — Eclipse Glassfish: In Eclipse GlassFish versions before 8.0.3 it is possible to perform Login Brute Force
In Eclipse GlassFish versions before 8.0.3 it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts. GlassFish 8.0.3 adds automatic attack protection documented in https://glassfish.org/docs/latest/security-guide.html#brute-force-attack-protection . CVSSv3.1 9.8 (CRITICAL)
CVE-2025-7359 — Counter: The Counter live visitors for WooCommerce plugin for WordPress is vulnerable to arbitrary file
The Counter live visitors for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wcvisitor_get_block function in all versions up to, and including, 1.3.6. This makes it possible for unauthenticated attackers to delete arbitrary files on the server. NOTE: This particular vulnerability deletes all the files in a targeted arbitrary directory rather than a specified arbitrary file, which can lead to loss of da CVSSv3.1 8.2 (HIGH)