Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2025-6916 — Totolink T6_firmware: The manipulation of the argument authCode/goURL leads to missing authentication.
A vulnerability, which was classified as critical, was found in TOTOLINK T6 4.1.5cu.748_B20211015. This affects the function Form_Login of the file /formLoginAuth.htm. The manipulation of the argument authCode/goURL leads to missing authentication. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. CVSSv3.1 8.8 (HIGH) · EPSS 44th percentile
CVE-2025-45931 — Dlink Dir-816_firmware: An issue D-Link DIR-816-A2 DIR-816A2_FWv1.10CNB05_R1B011D88210 allows a remote attacker to execute arbitrary code via
An issue D-Link DIR-816-A2 DIR-816A2_FWv1.10CNB05_R1B011D88210 allows a remote attacker to execute arbitrary code via system() function in the bin/goahead file CVSSv3.1 9.8 (CRITICAL) · EPSS 67th percentile
CVE-2024-12364 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mavi Yeşil Software Guest Tracking Software allows SQL Injection. This issue affects Guest Tracking Software. NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available. CVSSv3.1 9.8 (CRITICAL) · EPSS 47th percentile
CVE-2024-12150 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eron Software Wowwo CRM allows Blind SQL Injection. This issue affects Wowwo CRM. NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available. CVSSv3.1 9.8 (CRITICAL) · EPSS 47th percentile
CVE-2024-12143 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mobilteg Mobile Informatics Mikro Hand Terminal - MikroDB allows SQL Injection. This issue affects Mikro Hand Terminal - MikroDB. NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available. CVSSv3.1 9.8 (CRITICAL) · EPSS 47th percentile
CVE-2024-11739 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Case Informatics Case ERP allows SQL Injection. This issue affects Case ERP: before V2.0.1. CVSSv3.1 9.8 (CRITICAL) · EPSS 47th percentile
CVE-2025-53314 — Site: Cross-Site Request Forgery (CSRF) vulnerability in sh1zen WP Optimizer wp-optimizer allows SQL Injection.This issue
Cross-Site Request Forgery (CSRF) vulnerability in sh1zen WP Optimizer wp-optimizer allows SQL Injection.This issue affects WP Optimizer: from n/a through <= 2.5.0. CVSSv3.1 9.6 (CRITICAL)
CVE-2025-53277 — Site: Cross-Site Request Forgery (CSRF) vulnerability in Infigo Software IS-theme-companion weblizar-companion allows Object Injection.This issue
Cross-Site Request Forgery (CSRF) vulnerability in Infigo Software IS-theme-companion weblizar-companion allows Object Injection.This issue affects IS-theme-companion: from n/a through <= 1.59. CVSSv3.1 8.8 (HIGH)
CVE-2025-53260 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in getredhawkstudio File Manager Plugin For
Unrestricted Upload of File with Dangerous Type vulnerability in getredhawkstudio File Manager Plugin For Wordpress file-manager-plugin-for-wordpress allows Upload a Web Shell to a Web Server.This issue affects File Manager Plugin For Wordpress: from n/a through <= 7.5. CVSSv3.1 9.1 (CRITICAL)
CVE-2025-52834 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in favethemes Homey homey allows SQL Injection.This issue affects Homey: from n/a through <= 2.4.7. CVSSv3.1 9.3 (CRITICAL)
CVE-2025-52829 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in DirectIQ DirectIQ Email Marketing directiq-wp allows SQL Injection.This issue affects DirectIQ Email Marketing: from n/a through <= 2.0. CVSSv3.1 9.3 (CRITICAL)
CVE-2025-52827 — Deserialization: of Untrusted Data vulnerability in uxper Nuss nuss allows Object Injection.This issue affects
Deserialization of Untrusted Data vulnerability in uxper Nuss nuss allows Object Injection.This issue affects Nuss: from n/a through <= 1.3.3. CVSSv3.1 8.8 (HIGH)
CVE-2025-52826 — Deserialization: of Untrusted Data vulnerability in uxper Sala sala allows Object Injection.This issue affects
Deserialization of Untrusted Data vulnerability in uxper Sala sala allows Object Injection.This issue affects Sala: from n/a through <= 1.1.3. CVSSv3.1 8.8 (HIGH)
CVE-2025-52824 — Authorization: Missing Authorization vulnerability in MDJM Mobile DJ Manager mobile-dj-manager allows Exploiting Incorrectly Configured Access
Missing Authorization vulnerability in MDJM Mobile DJ Manager mobile-dj-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mobile DJ Manager: from n/a through <= 1.7.8.3. CVSSv3.1 8.8 (HIGH)
CVE-2025-52818 — Authorization: Missing Authorization vulnerability in Dejan Jasnic Trusty Whistleblowing trusty-whistleblowing-solution allows Exploiting Incorrectly Configured Access
Missing Authorization vulnerability in Dejan Jasnic Trusty Whistleblowing trusty-whistleblowing-solution allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trusty Whistleblowing: from n/a through <= 2.0.1. CVSSv3.1 8.2 (HIGH)
CVE-2025-52817 — Authorization: Missing Authorization vulnerability in ZealousWeb Abandoned Contact Form 7 abandoned-contact-form-7 allows Exploiting Incorrectly Configured
Missing Authorization vulnerability in ZealousWeb Abandoned Contact Form 7 abandoned-contact-form-7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Abandoned Contact Form 7: from n/a through <= 2.2. CVSSv3.1 8.2 (HIGH)
CVE-2025-52816 — Themehunk Zita: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themehunk Zita zita allows PHP Local File Inclusion.This issue affects Zita: from n/a through <= 1.6.5. CVSSv3.1 8.1 (HIGH)
CVE-2025-52815 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes CityGov citygov allows PHP Local File Inclusion.This issue affects CityGov: from n/a through <= 1.9. CVSSv3.1 8.1 (HIGH)
CVE-2025-52814 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme BRW ova-brw allows PHP Local File Inclusion.This issue affects BRW: from n/a through <= 1.8.7. CVSSv3.1 8.1 (HIGH)
CVE-2025-52812 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusWP Domnoo domnoo allows PHP Local File Inclusion.This issue affects Domnoo: from n/a through <= 1.49. CVSSv3.1 8.1 (HIGH)
CVE-2025-52811 — Path: Traversal: '.../...//' vulnerability in Creanncy Davenport - Versatile Blog and Magazine WordPress Theme
Path Traversal: '.../...//' vulnerability in Creanncy Davenport - Versatile Blog and Magazine WordPress Theme davenport allows PHP Local File Inclusion.This issue affects Davenport - Versatile Blog and Magazine WordPress Theme: from n/a through <= 1.3. CVSSv3.1 8.1 (HIGH)
CVE-2025-52810 — Path: Traversal: '.../...//' vulnerability in TMRW-studio Katerio - Magazine katerio allows PHP Local File
Path Traversal: '.../...//' vulnerability in TMRW-studio Katerio - Magazine katerio allows PHP Local File Inclusion.This issue affects Katerio - Magazine: from n/a through <= 1.5.1. CVSSv3.1 8.1 (HIGH)
CVE-2025-52809 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in John Russell National Weather Service Alerts national-weather-service-alerts allows PHP Local File Inclusion.This issue affects National Weather Service Alerts: from n/a through <= 1.3.5. CVSSv3.1 8.1 (HIGH)
CVE-2025-52808 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in real-web RealtyElite realtyelite allows PHP Local File Inclusion.This issue affects RealtyElite: from n/a through <= 1.0.0. CVSSv3.1 8.1 (HIGH)
CVE-2025-52729 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Diza diza allows PHP Local File Inclusion.This issue affects Diza: from n/a through <= 1.3.9. CVSSv3.1 8.1 (HIGH)