2025-06-11
2025-06-11 12:15Z
CRIT

CVE-2025-49710 — Mozilla Firefox: An integer overflow was present in `OrderedHashTable` used by the JavaScript engine.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-49710

An integer overflow was present in `OrderedHashTable` used by the JavaScript engine. This vulnerability was fixed in Firefox 139.0.4. CVSSv3.1 9.8 (CRITICAL)

CWECWE 190VNDMozillaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-06-11
2025-06-11 12:15Z
CRIT

CVE-2025-49709 — Mozilla Firefox: Certain canvas operations could have lead to memory corruption.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-49709

Certain canvas operations could have lead to memory corruption. This vulnerability was fixed in Firefox 139.0.4. CVSSv3.1 9.8 (CRITICAL)

CWECWE 787VNDMozillaVNDCertainTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-06-10
2025-06-10 17:24Z
HIGH

CVE-2025-47953 — Microsoft 365_apps: Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-47953

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. CVSSv3.1 8.4 (HIGH) · EPSS 78th percentile

CWECWE 641VNDMicrosoftTYPVulnerability
8.4
CVSS v3.1
92
Edit Score
2025-06-10
2025-06-10 17:23Z
HIGH

CVE-2025-47167 — Microsoft 365_apps: Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-47167

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. CVSSv3.1 8.4 (HIGH) · EPSS 80th percentile

CWECWE 843VNDMicrosoftVNDAccessTYPVulnerability
8.4
CVSS v3.1
92
Edit Score
2025-06-10
2025-06-10 17:23Z
HIGH

CVE-2025-47164 — Microsoft 365_apps: Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-47164

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. CVSSv3.1 8.4 (HIGH) · EPSS 76th percentile

CWECWE 416VNDMicrosoftTYPVulnerability
8.4
CVSS v3.1
92
Edit Score
2025-06-10
2025-06-10 17:23Z
HIGH

CVE-2025-47162 — Microsoft 365_apps: Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-47162

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. CVSSv3.1 8.4 (HIGH) · EPSS 76th percentile

CWECWE 122VNDMicrosoftVNDHeapTYPVulnerability
8.4
CVSS v3.1
92
Edit Score
2025-06-10
2025-06-10 13:15Z
CRIT

CVE-2025-49507 — Deserialization: of Untrusted Data vulnerability in LoftOcean CozyStay cozystay allows Object Injection.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-49507

Deserialization of Untrusted Data vulnerability in LoftOcean CozyStay cozystay allows Object Injection.This issue affects CozyStay: from n/a through < 1.7.1. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
728 × 90 / responsive · programmatic ad slot
2025-06-10
2025-06-10 13:15Z
CRIT

CVE-2025-49455 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-49455

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ClickandPledge WordPress-WPJobBoard click-pledge-wpjobboard allows Blind SQL Injection.This issue affects WordPress-WPJobBoard: from n/a through <= 25.07010000-WP6.8.1-JB5.11.5. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2025-06-10
2025-06-10 13:15Z
HIGH

CVE-2025-49454 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-49454

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LoftOcean TinySalt tinysalt allows PHP Local File Inclusion.This issue affects TinySalt: from n/a through < 3.10.0. CVSSv3.1 8.1 (HIGH) · EPSS 55th percentile

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-06-09
2025-06-09 16:15Z
HIGH

CVE-2025-49297 — Qodeinteractive Grill_and_chow: Path Traversal: '.../...//' vulnerability in Mikado-Themes Grill and Chow grillandchow allows PHP Local File

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-49297

Path Traversal: '.../...//' vulnerability in Mikado-Themes Grill and Chow grillandchow allows PHP Local File Inclusion.This issue affects Grill and Chow: from n/a through <= 1.6. CVSSv3.1 8.1 (HIGH)

CWECWE 35VNDQodeinteractiveTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-06-09
2025-06-09 16:15Z
HIGH

CVE-2025-49296 — Qodeinteractive Grandprix: Path Traversal: '.../...//' vulnerability in Mikado-Themes GrandPrix grandprix allows PHP Local File Inclusion.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-49296

Path Traversal: '.../...//' vulnerability in Mikado-Themes GrandPrix grandprix allows PHP Local File Inclusion.This issue affects GrandPrix: from n/a through <= 1.6. CVSSv3.1 8.1 (HIGH)

CWECWE 35VNDQodeinteractiveTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-06-09
2025-06-09 16:15Z
HIGH

CVE-2025-49295 — Qodeinteractive Mediclinic: Path Traversal: '.../...//' vulnerability in Mikado-Themes MediClinic mediclinic allows PHP Local File Inclusion.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-49295

Path Traversal: '.../...//' vulnerability in Mikado-Themes MediClinic mediclinic allows PHP Local File Inclusion.This issue affects MediClinic: from n/a through <= 2.1. CVSSv3.1 8.1 (HIGH)

CWECWE 35VNDQodeinteractiveTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-06-09
2025-06-09 16:15Z
HIGH

CVE-2025-49282 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-49282

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Magze magze allows PHP Local File Inclusion.This issue affects Magze: from n/a through <= 1.0.9. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-06-09
2025-06-09 16:15Z
HIGH

CVE-2025-49281 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-49281

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Magways magways allows PHP Local File Inclusion.This issue affects Magways: from n/a through <= 1.2.1. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-06-09
2025-06-09 16:15Z
HIGH

CVE-2025-49280 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-49280

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Magty magty allows PHP Local File Inclusion.This issue affects Magty: from n/a through <= 1.0.6. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-06-09
2025-06-09 16:15Z
HIGH

CVE-2025-49279 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-49279

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Blogvy blogvy allows PHP Local File Inclusion.This issue affects Blogvy: from n/a through <= 1.0.7. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-06-09
2025-06-09 16:15Z
HIGH

CVE-2025-49278 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-49278

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Blogty blogty allows PHP Local File Inclusion.This issue affects Blogty: from n/a through <= 1.0.11. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-06-09
2025-06-09 16:15Z
HIGH

CVE-2025-49277 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-49277

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Blogprise blogprise allows PHP Local File Inclusion.This issue affects Blogprise: from n/a through <= 1.0.9. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-06-09
2025-06-09 16:15Z
HIGH

CVE-2025-49276 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-49276

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Blogmine blogmine allows PHP Local File Inclusion.This issue affects Blogmine: from n/a through <= 1.1.7. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-06-09
2025-06-09 16:15Z
HIGH

CVE-2025-49275 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-49275

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Blogbyte blogbyte allows PHP Local File Inclusion.This issue affects Blogbyte: from n/a through <= 1.1.1. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-06-09
2025-06-09 16:15Z
CRIT

CVE-2025-48281 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-48281

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mystyleplatform MyStyle Custom Product Designer mystyle-custom-product-designer allows Blind SQL Injection.This issue affects MyStyle Custom Product Designer: from n/a through <= 3.21.1. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2025-06-09
2025-06-09 16:15Z
HIGH

CVE-2025-48267 — Thimpress Wp_pipes: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThimPress

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-48267

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThimPress WP Pipes wp-pipes allows Path Traversal.This issue affects WP Pipes: from n/a through <= 1.4.2. CVSSv3.1 8.6 (HIGH)

CWECWE 22VNDThimpressTYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2025-06-09
2025-06-09 16:15Z
CRIT

CVE-2025-48141 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-48141

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alex Zaytseff Multi CryptoCurrency Payments multi-crypto-currency-payment allows SQL Injection.This issue affects Multi CryptoCurrency Payments: from n/a through <= 2.0.7. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2025-06-09
2025-06-09 16:15Z
CRIT

CVE-2025-48140 — Control: Improper Control of Generation of Code ('Code Injection') vulnerability in metalpriceapi MetalpriceAPI metalpriceapi allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-48140

Improper Control of Generation of Code ('Code Injection') vulnerability in metalpriceapi MetalpriceAPI metalpriceapi allows Code Injection.This issue affects MetalpriceAPI: from n/a through <= 1.1.4. CVSSv3.1 9.9 (CRITICAL)

CWECWE 94TYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2025-06-09
2025-06-09 16:15Z
CRIT

CVE-2025-48129 — Incorrect: Privilege Assignment vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-48129

Incorrect Privilege Assignment vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light excel-like-price-change-for-woocommerce-and-wp-e-commerce-light allows Privilege Escalation.This issue affects Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light: from n/a through <= 2.4.37. CVSSv3.1 9.8 (CRITICAL)

CWECWE 266TYPVulnerability
9.8
CVSS v3.1
99
Edit Score