Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2025-39349 — Potenzaglobalsolutions Ciyashop: Deserialization of Untrusted Data vulnerability in Potenzaglobalsolutions CiyaShop ciyashop allows Object Injection.This issue affects
Deserialization of Untrusted Data vulnerability in Potenzaglobalsolutions CiyaShop ciyashop allows Object Injection.This issue affects CiyaShop: from n/a through <= 4.18.0. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-39348 — Themegoods Grand_restaurant: Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Object Injection.This issue
Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Object Injection.This issue affects Grand Restaurant: from n/a through <= 7.0. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-32928 — Themegoods Altair: Deserialization of Untrusted Data vulnerability in ThemeGoods Altair altair allows Object Injection.This issue affects
Deserialization of Untrusted Data vulnerability in ThemeGoods Altair altair allows Object Injection.This issue affects Altair: from n/a through <= 5.2.2. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-32927 — Chimpgroup Foodbakery: Deserialization of Untrusted Data vulnerability in Chimpstudio FoodBakery wp-foodbakery allows Object Injection.This issue affects
Deserialization of Untrusted Data vulnerability in Chimpstudio FoodBakery wp-foodbakery allows Object Injection.This issue affects FoodBakery: from n/a through <= 3.3. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-32926 — Themegoods Grand_restaurant: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeGoods
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Path Traversal.This issue affects Grand Restaurant: from n/a through <= 7.0. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-32925 — Fantasticplugins Sumo_reward_points: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in FantasticPlugins SUMO Reward Points rewardsystem allows PHP Local File Inclusion.This issue affects SUMO Reward Points: from n/a through <= 30.7.0. CVSSv3.1 8.3 (HIGH)
CVE-2025-32924 — Roninwp Revy: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in roninwp Revy revy allows SQL Injection.This issue affects Revy: from n/a through <= 2.1. CVSSv3.1 8.5 (HIGH)
CVE-2025-47581 — Deserialization: of Untrusted Data vulnerability in elbisnero WordPress Events Calendar Registration & Tickets wpeventplus
Deserialization of Untrusted Data vulnerability in elbisnero WordPress Events Calendar Registration & Tickets wpeventplus allows Object Injection.This issue affects WordPress Events Calendar Registration & Tickets: from n/a through <= 2.6.0. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-47577 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in templateinvaders TI WooCommerce Wishlist ti-woocommerce-wishlist
Unrestricted Upload of File with Dangerous Type vulnerability in templateinvaders TI WooCommerce Wishlist ti-woocommerce-wishlist allows Upload a Web Shell to a Web Server.This issue affects TI WooCommerce Wishlist: from n/a through <= 2.9.2. CVSSv3.1 10.0 (CRITICAL)
CVE-2025-39458 — Qodeinteractive Foton: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Foton foton allows PHP Local File Inclusion.This issue affects Foton: from n/a through <= 2.5.2. CVSSv3.1 8.1 (HIGH)
CVE-2025-39445 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder superstorefinder-wp allows SQL Injection.This issue affects Super Store Finder: from n/a through <= 7.2. CVSSv3.1 9.3 (CRITICAL)
CVE-2025-39410 — Deserialization: of Untrusted Data vulnerability in themegusta Smart Sections Theme Builder - WPBakery Page
Deserialization of Untrusted Data vulnerability in themegusta Smart Sections Theme Builder - WPBakery Page Builder Addon visucom-smart-sections.This issue affects Smart Sections Theme Builder - WPBakery Page Builder Addon: from n/a through <= 1.7.8. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-39406 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in mojoomla WPAMS apartment-management allows PHP Local File Inclusion.This issue affects WPAMS: from n/a through <= 44.0. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-39405 — Incorrect: Privilege Assignment vulnerability in mojoomla WPAMS apartment-management allows Privilege Escalation.This issue affects WPAMS
Incorrect Privilege Assignment vulnerability in mojoomla WPAMS apartment-management allows Privilege Escalation.This issue affects WPAMS: from n/a through <= 44.0 (17-08-2023). CVSSv3.1 8.8 (HIGH)
CVE-2025-39403 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla WPAMS apartment-management allows SQL Injection.This issue affects WPAMS: from n/a through <= 44.0 (17-08-2023). CVSSv3.1 8.5 (HIGH)
CVE-2025-47582 — Deserialization: of Untrusted Data vulnerability in QuantumCloud WPBot Pro Wordpress Chatbot wpbot-pro allows Object
Deserialization of Untrusted Data vulnerability in QuantumCloud WPBot Pro Wordpress Chatbot wpbot-pro allows Object Injection.This issue affects WPBot Pro Wordpress Chatbot: from n/a through <= 12.7.0. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-27010 — Path: Traversal: '.../...//' vulnerability in bslthemes Tastyc tastyc allows PHP Local File Inclusion.This issue
Path Traversal: '.../...//' vulnerability in bslthemes Tastyc tastyc allows PHP Local File Inclusion.This issue affects Tastyc: from n/a through < 2.5.2. CVSSv3.1 8.1 (HIGH)
CVE-2025-26892 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in dkszone Celestial Aura celestial-aura allows
Unrestricted Upload of File with Dangerous Type vulnerability in dkszone Celestial Aura celestial-aura allows Using Malicious Files.This issue affects Celestial Aura: from n/a through <= 2.2. CVSSv3.1 9.9 (CRITICAL)
CVE-2025-26872 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in dkszone Eximius eximius allows Using
Unrestricted Upload of File with Dangerous Type vulnerability in dkszone Eximius eximius allows Using Malicious Files.This issue affects Eximius: from n/a through <= 2.2. CVSSv3.1 9.9 (CRITICAL)
CVE-2025-47576 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Bringthepixel Bimber - Viral Magazine WordPress Theme bimber.This issue affects Bimber - Viral Magazine WordPress Theme: from n/a through <= 9.2.5. CVSSv3.1 8.8 (HIGH)
CVE-2025-48278 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in davidfcarr RSVPMarker rsvpmaker allows SQL Injection.This issue affects RSVPMarker : from n/a through <= 11.5.6. CVSSv3.1 8.5 (HIGH)
CVE-2025-48236 — Neutralization: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bunny.net bunny.net
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bunny.net bunny.net bunnycdn allows Stored XSS.This issue affects bunny.net: from n/a through <= 2.3.0. CVSSv3.1 8.5 (HIGH)
CVE-2025-4919 — Mozilla Firefox: An attacker was able to perform an out-of-bounds read or write on a JavaScript
An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2. CVSSv3.1 8.8 (HIGH)
CVE-2025-4918 — Mozilla Firefox: An attacker was able to perform an out-of-bounds read or write on a JavaScript
An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-48137 — Proxymis Interview: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in proxymis Interview interview allows SQL Injection.This issue affects Interview: from n/a through <= 1.01. CVSSv3.1 8.5 (HIGH)