2025-07-04
2025-07-04 12:15Z
CRIT

CVE-2025-52830 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-52830

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BSecure - Your Universal Checkout bSecure &#8211; Your Universal Checkout bsecure allows Blind SQL Injection.This issue affects bSecure &#8211; Your Universal Checkout: from n/a through <= 1.7.9. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2025-07-04
2025-07-04 12:15Z
HIGH

CVE-2025-52828 — Deserialization: of Untrusted Data vulnerability in designthemes Red Art redart allows Object Injection.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-52828

Deserialization of Untrusted Data vulnerability in designthemes Red Art redart allows Object Injection.This issue affects Red Art: from n/a through <= 3.8. CVSSv3.1 8.8 (HIGH)

CWECWE 502TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-07-04
2025-07-04 12:15Z
HIGH

CVE-2025-52813 — Authorization: Missing Authorization vulnerability in pietro MobiLoud mobiloud-mobile-app-plugin allows Exploiting Incorrectly Configured Access Control Security

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-52813

Missing Authorization vulnerability in pietro MobiLoud mobiloud-mobile-app-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MobiLoud: from n/a through <= 4.6.6. CVSSv3.1 8.1 (HIGH)

CWECWE 862TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-07-04
2025-07-04 12:15Z
HIGH

CVE-2025-52807 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-52807

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusWP Kossy - Minimalist eCommerce WordPress Theme kossy allows PHP Local File Inclusion.This issue affects Kossy - Minimalist eCommerce WordPress Theme: from n/a through <= 1.45. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-07-04
2025-07-04 12:15Z
HIGH

CVE-2025-4414 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-4414

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in cmsmasters CMSMasters Content Composer cmsmasters-content-composer allows PHP Local File Inclusion.This issue affects CMSMasters Content Composer: from n/a through < 2.5.7. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-07-04
2025-07-04 12:15Z
CRIT

CVE-2025-49867 — Inspirythemes Realhomes: Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes realhomes allows Privilege Escalation.This issue affects RealHomes

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-49867

Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes realhomes allows Privilege Escalation.This issue affects RealHomes: from n/a through <= 4.4.0. CVSSv3.1 9.8 (CRITICAL)

CWECWE 266VNDInspirythemesTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-07-04
2025-07-04 12:15Z
CRIT

CVE-2025-49417 — Deserialization: of Untrusted Data vulnerability in BestWpDeveloper WooCommerce Product Multi-Action Woo-product-multiaction allows Object Injection.This

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-49417

Deserialization of Untrusted Data vulnerability in BestWpDeveloper WooCommerce Product Multi-Action Woo-product-multiaction allows Object Injection.This issue affects WooCommerce Product Multi-Action: from n/a through <= 1.3. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
728 × 90 / responsive · programmatic ad slot
2025-07-04
2025-07-04 12:15Z
CRIT

CVE-2025-49414 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Fastw3b LLC FW Gallery fw-gallery

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-49414

Unrestricted Upload of File with Dangerous Type vulnerability in Fastw3b LLC FW Gallery fw-gallery allows Using Malicious Files.This issue affects FW Gallery: from n/a through <= 8.0.0. CVSSv3.1 10.0 (CRITICAL)

CWECWE 434TYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2025-07-04
2025-07-04 12:15Z
CRIT

CVE-2025-49302 — Control: Improper Control of Generation of Code ('Code Injection') vulnerability in Scott Paterson Easy Stripe

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-49302

Improper Control of Generation of Code ('Code Injection') vulnerability in Scott Paterson Easy Stripe easy-stripe allows Remote Code Inclusion.This issue affects Easy Stripe: from n/a through <= 1.1. CVSSv3.1 10.0 (CRITICAL)

CWECWE 94TYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2025-07-04
2025-07-04 12:15Z
HIGH

CVE-2025-32297 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32297

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in quantumcloud Simple Link Directory qc-simple-link-directory allows SQL Injection.This issue affects Simple Link Directory: from n/a through < 14.8.1. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2025-07-04
2025-07-04 12:15Z
CRIT

CVE-2025-30933 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in LiquidThemes LogisticsHub logistics-hub allows Upload

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-30933

Unrestricted Upload of File with Dangerous Type vulnerability in LiquidThemes LogisticsHub logistics-hub allows Upload a Web Shell to a Web Server.This issue affects LogisticsHub: from n/a through <= 1.1.6. CVSSv3.1 10.0 (CRITICAL)

CWECWE 434TYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2025-07-04
2025-07-04 12:15Z
CRIT

CVE-2025-28983 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-28983

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ClickandPledge Click & Pledge Connect click-pledge-connect allows Privilege Escalation.This issue affects Click & Pledge Connect: from n/a through <= 25.04010101-WP6.8. CVSSv3.1 9.8 (CRITICAL)

CWECWE 89TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-07-04
2025-07-04 12:15Z
HIGH

CVE-2025-24780 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-24780

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in printcart Printcart Web to Print Product Designer for WooCommerce printcart-integration allows SQL Injection.This issue affects Printcart Web to Print Product Designer for WooCommerce: from n/a through <= 2.4.0. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2025-07-04
2025-07-04 12:15Z
CRIT

CVE-2025-23970 — Incorrect: Privilege Assignment vulnerability in aonetheme Service Finder Booking sf-booking allows Privilege Escalation.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-23970

Incorrect Privilege Assignment vulnerability in aonetheme Service Finder Booking sf-booking allows Privilege Escalation.This issue affects Service Finder Booking: from n/a through <= 6.1. CVSSv3.1 9.8 (CRITICAL)

CWECWE 266TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-07-04
2025-07-04 09:15Z
HIGH

CVE-2025-30979 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-30979

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopiplus Pixelating image slideshow gallery pixelating-image-slideshow-gallery allows SQL Injection.This issue affects Pixelating image slideshow gallery: from n/a through <= 8.0. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2025-07-04
2025-07-04 09:15Z
HIGH

CVE-2025-30969 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-30969

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopiplus iFrame Images Gallery wp-iframe-images-gallery allows SQL Injection.This issue affects iFrame Images Gallery: from n/a through <= 9.0. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2025-07-04
2025-07-04 09:15Z
HIGH

CVE-2025-30947 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-30947

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopiplus Cool fade popup cool-fade-popup allows Blind SQL Injection.This issue affects Cool fade popup: from n/a through <= 10.1. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2025-07-04
2025-07-04 09:15Z
HIGH

CVE-2025-28969 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-28969

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in cybio Gallery Widget gallery-widget allows SQL Injection.This issue affects Gallery Widget: from n/a through <= 1.2.1. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2025-07-04
2025-07-04 09:15Z
HIGH

CVE-2025-28967 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-28967

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Steve Truman Contact Us page - Contact people LITE contact-us-page-contact-people allows SQL Injection.This issue affects Contact Us page - Contact people LITE: from n/a through <= 3.7.4. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2025-07-04
2025-07-04 09:15Z
CRIT

CVE-2025-28951 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in CreedAlly Bulk Featured Image bulk-featured-image

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-28951

Unrestricted Upload of File with Dangerous Type vulnerability in CreedAlly Bulk Featured Image bulk-featured-image allows Upload a Web Shell to a Web Server.This issue affects Bulk Featured Image: from n/a through <= 1.2.4. CVSSv3.1 9.1 (CRITICAL)

CWECWE 434TYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2025-07-03
2025-07-03 19:15Z
CRIT

CVE-2025-23968 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in WebFactory AiBud WP aibuddy-openai-chatgpt allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-23968

Unrestricted Upload of File with Dangerous Type vulnerability in WebFactory AiBud WP aibuddy-openai-chatgpt allows Upload a Web Shell to a Web Server.This issue affects AiBud WP: from n/a through <= 1.9. CVSSv3.1 9.1 (CRITICAL)

CWECWE 434TYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2025-07-02
2025-07-02 08:04Z
HIGH

CVE-2025-32463 — Local Privilege Escalation to Root via Sudo chroot in Linux

GitHub · recent CVE PoCs·github.comGITHUB POCCVE-2025-32463

CVE-2025-32463 is a local privilege escalation vulnerability in sudo versions 1.9.14–1.9.17 affecting the chroot functionality, allowing unprivileged users to escalate to root. A public PoC exploit is available on GitHub; patched versions 1.9.17p1 and later are available.

SRFOsTACTA0004VNDSudoTYPExploitTYPVulnerabilitySTGPrivescTECT1548EXPLpe
62
Edit Score
2025-07-02
2025-07-02 04:15Z
CRIT

CVE-2025-5746 — Drag: The Drag and Drop Multiple File Upload (Pro) - WooCommerce plugin for WordPress is

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-5746

The Drag and Drop Multiple File Upload (Pro) - WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the dnd_upload_cf7_upload_chunks() function in version 5.0 - 5.0.5 (when bundled with the PrintSpace theme) and all versions up to, and including, 1.7.1 (in the standalone version). This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code exe CVSSv3.1 9.8 (CRITICAL)

CWECWE 434VNDDragTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-07-01
2025-07-01 16:03Z
CRIT

NeacController — Exploit vulnerabilities in NeacSafe64.sys to achieve privilege escalation and kernel-mode shellcode execution

GitHub · LPE exploits·github.comGITHUB POCCVE-2025-45737

NeacController is a public exploit for CVE-2025-45737 affecting NetEase's NeacSafe64.sys anti-cheat driver (versions <1.0.0.8). The vulnerability exposes IOCTL handlers (Opcodes 14 and 70) that implement arbitrary kernel-space read/write primitives, enabling local privilege escalation to SYSTEM and arbitrary kernel-mode code execution via function pointer hijacking in NonPagedPool memory.

SRFApplicationSRFOsTACTA0004TACTA0008VNDNeteaseTYPWriteupTYPExploitSTGPrivesc
82
Edit Score
2025-07-01
2025-07-01 14:15Z
CRIT

CVE-2025-49029 — Control: Improper Control of Generation of Code ('Code Injection') vulnerability in bitto.kazi Custom Login And

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-49029

Improper Control of Generation of Code ('Code Injection') vulnerability in bitto.kazi Custom Login And Signup Widget custom-login-and-signup-widget allows Code Injection.This issue affects Custom Login And Signup Widget: from n/a through <= 1.0. CVSSv3.1 9.1 (CRITICAL)

CWECWE 94TYPVulnerability
9.1
CVSS v3.1
96
Edit Score