2025-05-23
2025-05-23 13:15Z
CRIT

CVE-2025-31423 — Deserialization: of Untrusted Data vulnerability in AncoraThemes Umberto umberto allows Object Injection.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-31423

Deserialization of Untrusted Data vulnerability in AncoraThemes Umberto umberto allows Object Injection.This issue affects Umberto: from n/a through <= 1.2.8. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-05-23
2025-05-23 13:15Z
CRIT

CVE-2025-31397 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-31397

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in smartcms Bus Ticket Booking with Seat Reservation for WooCommerce scw-bus-seat-reservation allows SQL Injection.This issue affects Bus Ticket Booking with Seat Reservation for WooCommerce: from n/a through <= 1.7. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2025-05-23
2025-05-23 13:15Z
CRIT

CVE-2025-31069 — Deserialization: of Untrusted Data vulnerability in themeton HotStar – Multi-Purpose Business Theme hotstar allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-31069

Deserialization of Untrusted Data vulnerability in themeton HotStar – Multi-Purpose Business Theme hotstar allows Object Injection.This issue affects HotStar – Multi-Purpose Business Theme: from n/a through <= 1.4. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-05-23
2025-05-23 13:15Z
HIGH

CVE-2025-31064 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-31064

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Vizeon - Business Consulting vizeon allows PHP Local File Inclusion.This issue affects Vizeon - Business Consulting: from n/a through < 1.2.1. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-05-23
2025-05-23 13:15Z
HIGH

CVE-2025-31060 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-31060

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Capie capie allows PHP Local File Inclusion.This issue affects Capie: from n/a through <= 1.0.40. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-05-23
2025-05-23 13:15Z
CRIT

CVE-2025-31056 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-31056

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Techspawn WhatsCart - Whatsapp Abandoned Cart Recovery, Order Notifications, Chat Box, OTP for WooCommerce WhatsCart-for-WooCommerce allows SQL Injection.This issue affects WhatsCart - Whatsapp Abandoned Cart Recovery, Order Notifications, Chat Box, OTP for WooCommerce: from n/a through <= 1.1.0. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2025-05-23
2025-05-23 13:15Z
CRIT

CVE-2025-31049 — Deserialization: of Untrusted Data vulnerability in themeton Dash dash allows Object Injection.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-31049

Deserialization of Untrusted Data vulnerability in themeton Dash dash allows Object Injection.This issue affects Dash: from n/a through <= 1.3. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
728 × 90 / responsive · programmatic ad slot
2025-05-21
2025-05-21 17:16Z
HIGH

CVE-2025-26147: Authenticated RCE In Denodo Scheduler

Rhino Security Labs·rhinosecuritylabs.comCVE-2025-26147

CVE-2025-26147 is an authenticated path traversal vulnerability in Denodo Scheduler's Kerberos keytab file upload functionality that allows arbitrary file writes to the filesystem. By chaining this with JSP web shell upload to the Tomcat webroot, attackers achieve remote code execution. The vulnerability was patched in Denodo 8.0 update 20240307.

SRFApplicationTACTA0001TACTA0002SRFWebVNDDenodoTYPWriteupTYPVulnerabilitySTGExecution
72
Edit Score
2025-05-21
2025-05-21 07:16Z
CRIT

CVE-2025-4524 — Madara: The Madara – Responsive and modern WordPress theme for manga sites theme for WordPress

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-4524

The Madara – Responsive and modern WordPress theme for manga sites theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.2 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and CVSSv3.1 9.8 (CRITICAL) · EPSS 87th percentile

CWECWE 22VNDMadaraTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2025-05-19
2025-05-19 21:15Z
CRIT

CVE-2025-48340 — Site: Cross-Site Request Forgery (CSRF) vulnerability in Danny Vink User Profile Meta Manager user-profile-meta allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-48340

Cross-Site Request Forgery (CSRF) vulnerability in Danny Vink User Profile Meta Manager user-profile-meta allows Privilege Escalation.This issue affects User Profile Meta Manager: from n/a through <= 1.02. CVSSv3.1 9.8 (CRITICAL)

CWECWE 352TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-05-19
2025-05-19 20:15Z
CRIT

CVE-2025-39402 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla WPAMS apartment-management allows Upload

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-39402

Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla WPAMS apartment-management allows Upload a Web Shell to a Web Server.This issue affects WPAMS: from n/a through <= 44.0 (17-08-2023). CVSSv3.1 9.9 (CRITICAL)

CWECWE 434TYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2025-05-19
2025-05-19 20:15Z
CRIT

CVE-2025-39401 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla WPAMS apartment-management allows Upload

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-39401

Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla WPAMS apartment-management allows Upload a Web Shell to a Web Server.This issue affects WPAMS: from n/a through <= 44.0 (17-08-2023). CVSSv3.1 10.0 (CRITICAL)

CWECWE 434TYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2025-05-19
2025-05-19 20:15Z
CRIT

CVE-2025-39395 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-39395

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla WPAMS apartment-management allows SQL Injection.This issue affects WPAMS: from n/a through <= 44.0 (17-08-2023). CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2025-05-19
2025-05-19 20:15Z
CRIT

CVE-2025-39389 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-39389

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solid Plugins AnalyticsWP analyticswp allows SQL Injection.This issue affects AnalyticsWP: from n/a through <= 2.1.2. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2025-05-19
2025-05-19 20:15Z
CRIT

CVE-2025-39386 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-39386

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla Hospital Management System hospital-management allows SQL Injection.This issue affects Hospital Management System: from n/a through <= 47.0(20-11-2023). CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2025-05-19
2025-05-19 20:15Z
CRIT

CVE-2025-39380 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla Hospital Management System hospital-management

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-39380

Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla Hospital Management System hospital-management allows Upload a Web Shell to a Web Server.This issue affects Hospital Management System: from n/a through <= 47.0(20-11-2023). CVSSv3.1 10.0 (CRITICAL)

CWECWE 434TYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2025-05-19
2025-05-19 20:15Z
HIGH

CVE-2025-39366 — Incorrect: Privilege Assignment vulnerability in Rocket Apps wProject wproject.This issue affects wProject: from n/a

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-39366

Incorrect Privilege Assignment vulnerability in Rocket Apps wProject wproject.This issue affects wProject: from n/a through < 5.8.0. CVSSv3.1 8.8 (HIGH)

CWECWE 266TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-05-19
2025-05-19 20:15Z
HIGH

CVE-2025-39357 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-39357

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla Hospital Management System hospital-management allows SQL Injection.This issue affects Hospital Management System: from n/a through <= 47.0(20-11-2023). CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2025-05-19
2025-05-19 20:15Z
CRIT

CVE-2025-39356 — Deserialization: of Untrusted Data vulnerability in Chimpstudio Foodbakery Sticky Cart foodbakery-sticky-cart allows Object Injection.This

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-39356

Deserialization of Untrusted Data vulnerability in Chimpstudio Foodbakery Sticky Cart foodbakery-sticky-cart allows Object Injection.This issue affects Foodbakery Sticky Cart: from n/a through <= 3.2. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-05-19
2025-05-19 20:15Z
HIGH

CVE-2025-39355 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-39355

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in roninwp FAT Services Booking fat-services-booking allows SQL Injection.This issue affects FAT Services Booking: from n/a through <= 5.6. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2025-05-19
2025-05-19 20:15Z
CRIT

CVE-2025-39354 — Themegoods Grand_conference: Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Conference grandconference allows Object Injection.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-39354

Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Conference grandconference allows Object Injection.This issue affects Grand Conference: from n/a through <= 5.3. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502VNDThemegoodsTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-05-19
2025-05-19 20:15Z
HIGH

CVE-2025-39352 — Themegoods Grand_restaurant: Missing Authorization vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Exploiting Incorrectly Configured Access Control

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-39352

Missing Authorization vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grand Restaurant: from n/a through <= 7.0. CVSSv3.1 8.2 (HIGH)

CWECWE 862VNDThemegoodsTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2025-05-19
2025-05-19 20:15Z
HIGH

CVE-2025-39350 — Authorization: Missing Authorization vulnerability in Rocket Apps wProject wproject.This issue affects wProject: from n/a through

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-39350

Missing Authorization vulnerability in Rocket Apps wProject wproject.This issue affects wProject: from n/a through < 5.8.0. CVSSv3.1 8.2 (HIGH)

CWECWE 862TYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2025-05-19
2025-05-19 20:15Z
CRIT

CVE-2025-39349 — Potenzaglobalsolutions Ciyashop: Deserialization of Untrusted Data vulnerability in Potenzaglobalsolutions CiyaShop ciyashop allows Object Injection.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-39349

Deserialization of Untrusted Data vulnerability in Potenzaglobalsolutions CiyaShop ciyashop allows Object Injection.This issue affects CiyaShop: from n/a through <= 4.18.0. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502VNDPotenzaglobalsolutionsTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-05-19
2025-05-19 20:15Z
CRIT

CVE-2025-39348 — Themegoods Grand_restaurant: Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Object Injection.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-39348

Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Object Injection.This issue affects Grand Restaurant: from n/a through <= 7.0. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502VNDThemegoodsTYPVulnerability
9.8
CVSS v3.1
99
Edit Score