2025-06-30
2025-06-30 17:15Z
HIGH

CVE-2025-6916 — Totolink T6_firmware: The manipulation of the argument authCode/goURL leads to missing authentication.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-6916

A vulnerability, which was classified as critical, was found in TOTOLINK T6 4.1.5cu.748_B20211015. This affects the function Form_Login of the file /formLoginAuth.htm. The manipulation of the argument authCode/goURL leads to missing authentication. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. CVSSv3.1 8.8 (HIGH) · EPSS 44th percentile

CWECWE 306CWECWE 287VNDTotolinkTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-06-30
2025-06-30 17:15Z
CRIT

CVE-2025-45931 — Dlink Dir-816_firmware: An issue D-Link DIR-816-A2 DIR-816A2_FWv1.10CNB05_R1B011D88210 allows a remote attacker to execute arbitrary code via

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-45931

An issue D-Link DIR-816-A2 DIR-816A2_FWv1.10CNB05_R1B011D88210 allows a remote attacker to execute arbitrary code via system() function in the bin/goahead file CVSSv3.1 9.8 (CRITICAL) · EPSS 67th percentile

CWECWE 77VNDDlinkVNDLinkTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-06-27
2025-06-27 17:15Z
CRIT

CVE-2024-12364 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-12364

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mavi Yeşil Software Guest Tracking Software allows SQL Injection. This issue affects Guest Tracking Software.  NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available. CVSSv3.1 9.8 (CRITICAL) · EPSS 47th percentile

CWECWE 89TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-06-27
2025-06-27 17:15Z
CRIT

CVE-2024-12150 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-12150

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eron Software Wowwo CRM allows Blind SQL Injection. This issue affects Wowwo CRM.  NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available. CVSSv3.1 9.8 (CRITICAL) · EPSS 47th percentile

CWECWE 89TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-06-27
2025-06-27 17:15Z
CRIT

CVE-2024-12143 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-12143

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mobilteg Mobile Informatics Mikro Hand Terminal - MikroDB allows SQL Injection. This issue affects Mikro Hand Terminal - MikroDB.  NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available. CVSSv3.1 9.8 (CRITICAL) · EPSS 47th percentile

CWECWE 89TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-06-27
2025-06-27 16:15Z
CRIT

CVE-2024-11739 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-11739

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Case Informatics Case ERP allows SQL Injection. This issue affects Case ERP: before V2.0.1. CVSSv3.1 9.8 (CRITICAL) · EPSS 47th percentile

CWECWE 89TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-06-27
2025-06-27 14:15Z
CRIT

CVE-2025-53314 — Site: Cross-Site Request Forgery (CSRF) vulnerability in sh1zen WP Optimizer wp-optimizer allows SQL Injection.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-53314

Cross-Site Request Forgery (CSRF) vulnerability in sh1zen WP Optimizer wp-optimizer allows SQL Injection.This issue affects WP Optimizer: from n/a through <= 2.5.0. CVSSv3.1 9.6 (CRITICAL)

CWECWE 352TYPVulnerability
9.6
CVSS v3.1
98
Edit Score
728 × 90 / responsive · programmatic ad slot
2025-06-27
2025-06-27 14:15Z
HIGH

CVE-2025-53277 — Site: Cross-Site Request Forgery (CSRF) vulnerability in Infigo Software IS-theme-companion weblizar-companion allows Object Injection.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-53277

Cross-Site Request Forgery (CSRF) vulnerability in Infigo Software IS-theme-companion weblizar-companion allows Object Injection.This issue affects IS-theme-companion: from n/a through <= 1.59. CVSSv3.1 8.8 (HIGH)

CWECWE 352TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-06-27
2025-06-27 14:15Z
CRIT

CVE-2025-53260 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in getredhawkstudio File Manager Plugin For

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-53260

Unrestricted Upload of File with Dangerous Type vulnerability in getredhawkstudio File Manager Plugin For Wordpress file-manager-plugin-for-wordpress allows Upload a Web Shell to a Web Server.This issue affects File Manager Plugin For Wordpress: from n/a through <= 7.5. CVSSv3.1 9.1 (CRITICAL)

CWECWE 434TYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2025-06-27
2025-06-27 12:15Z
CRIT

CVE-2025-52834 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-52834

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in favethemes Homey homey allows SQL Injection.This issue affects Homey: from n/a through <= 2.4.7. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2025-06-27
2025-06-27 12:15Z
CRIT

CVE-2025-52829 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-52829

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in DirectIQ DirectIQ Email Marketing directiq-wp allows SQL Injection.This issue affects DirectIQ Email Marketing: from n/a through <= 2.0. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2025-06-27
2025-06-27 12:15Z
HIGH

CVE-2025-52827 — Deserialization: of Untrusted Data vulnerability in uxper Nuss nuss allows Object Injection.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-52827

Deserialization of Untrusted Data vulnerability in uxper Nuss nuss allows Object Injection.This issue affects Nuss: from n/a through <= 1.3.3. CVSSv3.1 8.8 (HIGH)

CWECWE 502TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-06-27
2025-06-27 12:15Z
HIGH

CVE-2025-52826 — Deserialization: of Untrusted Data vulnerability in uxper Sala sala allows Object Injection.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-52826

Deserialization of Untrusted Data vulnerability in uxper Sala sala allows Object Injection.This issue affects Sala: from n/a through <= 1.1.3. CVSSv3.1 8.8 (HIGH)

CWECWE 502TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-06-27
2025-06-27 12:15Z
HIGH

CVE-2025-52824 — Authorization: Missing Authorization vulnerability in MDJM Mobile DJ Manager mobile-dj-manager allows Exploiting Incorrectly Configured Access

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-52824

Missing Authorization vulnerability in MDJM Mobile DJ Manager mobile-dj-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mobile DJ Manager: from n/a through <= 1.7.8.3. CVSSv3.1 8.8 (HIGH)

CWECWE 862TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-06-27
2025-06-27 12:15Z
HIGH

CVE-2025-52818 — Authorization: Missing Authorization vulnerability in Dejan Jasnic Trusty Whistleblowing trusty-whistleblowing-solution allows Exploiting Incorrectly Configured Access

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-52818

Missing Authorization vulnerability in Dejan Jasnic Trusty Whistleblowing trusty-whistleblowing-solution allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trusty Whistleblowing: from n/a through <= 2.0.1. CVSSv3.1 8.2 (HIGH)

CWECWE 862TYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2025-06-27
2025-06-27 12:15Z
HIGH

CVE-2025-52817 — Authorization: Missing Authorization vulnerability in ZealousWeb Abandoned Contact Form 7 abandoned-contact-form-7 allows Exploiting Incorrectly Configured

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-52817

Missing Authorization vulnerability in ZealousWeb Abandoned Contact Form 7 abandoned-contact-form-7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Abandoned Contact Form 7: from n/a through <= 2.2. CVSSv3.1 8.2 (HIGH)

CWECWE 862TYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2025-06-27
2025-06-27 12:15Z
HIGH

CVE-2025-52816 — Themehunk Zita: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-52816

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themehunk Zita zita allows PHP Local File Inclusion.This issue affects Zita: from n/a through <= 1.6.5. CVSSv3.1 8.1 (HIGH)

CWECWE 98VNDThemehunkTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-06-27
2025-06-27 12:15Z
HIGH

CVE-2025-52815 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-52815

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes CityGov citygov allows PHP Local File Inclusion.This issue affects CityGov: from n/a through <= 1.9. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-06-27
2025-06-27 12:15Z
HIGH

CVE-2025-52814 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-52814

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme BRW ova-brw allows PHP Local File Inclusion.This issue affects BRW: from n/a through <= 1.8.7. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-06-27
2025-06-27 12:15Z
HIGH

CVE-2025-52812 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-52812

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusWP Domnoo domnoo allows PHP Local File Inclusion.This issue affects Domnoo: from n/a through <= 1.49. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-06-27
2025-06-27 12:15Z
HIGH

CVE-2025-52811 — Path: Traversal: '.../...//' vulnerability in Creanncy Davenport - Versatile Blog and Magazine WordPress Theme

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-52811

Path Traversal: '.../...//' vulnerability in Creanncy Davenport - Versatile Blog and Magazine WordPress Theme davenport allows PHP Local File Inclusion.This issue affects Davenport - Versatile Blog and Magazine WordPress Theme: from n/a through <= 1.3. CVSSv3.1 8.1 (HIGH)

CWECWE 35TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-06-27
2025-06-27 12:15Z
HIGH

CVE-2025-52810 — Path: Traversal: '.../...//' vulnerability in TMRW-studio Katerio - Magazine katerio allows PHP Local File

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-52810

Path Traversal: '.../...//' vulnerability in TMRW-studio Katerio - Magazine katerio allows PHP Local File Inclusion.This issue affects Katerio - Magazine: from n/a through <= 1.5.1. CVSSv3.1 8.1 (HIGH)

CWECWE 35TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-06-27
2025-06-27 12:15Z
HIGH

CVE-2025-52809 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-52809

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in John Russell National Weather Service Alerts national-weather-service-alerts allows PHP Local File Inclusion.This issue affects National Weather Service Alerts: from n/a through <= 1.3.5. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-06-27
2025-06-27 12:15Z
HIGH

CVE-2025-52808 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-52808

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in real-web RealtyElite realtyelite allows PHP Local File Inclusion.This issue affects RealtyElite: from n/a through <= 1.0.0. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-06-27
2025-06-27 12:15Z
HIGH

CVE-2025-52729 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-52729

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Diza diza allows PHP Local File Inclusion.This issue affects Diza: from n/a through <= 1.3.9. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score