2025-03-26
2025-03-26 15:16Z
CRIT

CVE-2025-30524 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-30524

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in origincode Product Catalog displayproduct allows SQL Injection.This issue affects Product Catalog: from n/a through <= 1.0.4. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2025-03-26
2025-03-26 15:16Z
CRIT

CVE-2025-28942 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-28942

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Trust Payments Trust Payments Gateway for WooCommerce trust-payments-hosted-payment-pages-integration allows SQL Injection.This issue affects Trust Payments Gateway for WooCommerce: from n/a through <= 1.1.4. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2025-03-26
2025-03-26 15:16Z
HIGH

CVE-2025-28939 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-28939

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in EuroCizia WP Google Calendar Manager wp-gcalendar allows Blind SQL Injection.This issue affects WP Google Calendar Manager: from n/a through <= 2.1. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2025-03-26
2025-03-26 15:16Z
CRIT

CVE-2025-28916 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-28916

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Rashid Docpro docpro allows PHP Local File Inclusion.This issue affects Docpro: from n/a through <= 2.0.1. CVSSv3.1 9.8 (CRITICAL)

CWECWE 98TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-03-26
2025-03-26 15:16Z
CRIT

CVE-2025-28898 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-28898

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPExperts.io WP Multistore Locator wp-multi-store-locator allows SQL Injection.This issue affects WP Multistore Locator: from n/a through <= 2.5.2. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2025-03-26
2025-03-26 15:16Z
CRIT

CVE-2025-28893 — Control: Improper Control of Generation of Code ('Code Injection') vulnerability in Govind Visual Text Editor

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-28893

Improper Control of Generation of Code ('Code Injection') vulnerability in Govind Visual Text Editor visual-text-editor allows Remote Code Inclusion.This issue affects Visual Text Editor: from n/a through <= 1.2.1. CVSSv3.1 9.9 (CRITICAL)

CWECWE 94TYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2025-03-26
2025-03-26 15:16Z
HIGH

CVE-2025-28873 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-28873

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Scott Taylor Shuffle shuffle allows Blind SQL Injection.This issue affects Shuffle: from n/a through <= 0.5. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
728 × 90 / responsive · programmatic ad slot
2025-03-26
2025-03-26 15:16Z
HIGH

CVE-2025-26986 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-26986

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Pearl - Corporate Business pearl allows PHP Local File Inclusion.This issue affects Pearl - Corporate Business: from n/a through < 3.4.8. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-03-26
2025-03-26 15:16Z
CRIT

CVE-2025-26941 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-26941

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in andy_moyle Church Admin church-admin allows SQL Injection.This issue affects Church Admin: from n/a through <= 5.0.18. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2025-03-26
2025-03-26 15:16Z
HIGH

CVE-2025-24690 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-24690

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Michele Giorgi Formality formality allows PHP Local File Inclusion.This issue affects Formality: from n/a through <= 1.5.7. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-03-26
2025-03-26 15:16Z
HIGH

CVE-2025-23952 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-23952

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ntm custom-field-list-widget custom-field-list-widget allows PHP Local File Inclusion.This issue affects custom-field-list-widget: from n/a through <= 1.5.1. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-03-26
2025-03-26 15:16Z
HIGH

CVE-2025-23937 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-23937

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Alex Furr LinkedIn Lite linkedin-lite allows PHP Local File Inclusion.This issue affects LinkedIn Lite: from n/a through <= 1.0. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-03-25
2025-03-25 21:15Z
CRIT

CVE-2025-25373 — Nasa Core_flight_system: The Memory Management Module of NASA cFS (Core Flight System) Aquila has insecure permissions

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-25373

The Memory Management Module of NASA cFS (Core Flight System) Aquila has insecure permissions, which can be exploited to gain an RCE on the platform. CVSSv3.1 9.8 (CRITICAL) · EPSS 64th percentile

CWECWE 732VNDNasaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-03-25
2025-03-25 19:15Z
CRIT

CVE-2025-28904 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-28904

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shamalli Web Directory Free web-directory-free allows Blind SQL Injection.This issue affects Web Directory Free: from n/a through <= 1.7.6. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2025-03-25
2025-03-25 13:00Z
CRIT

CVE-2024-55963: Unauthenticated RCE in Default-Install of Appsmith

Rhino Security Labs·rhinosecuritylabs.comCVE-2024-55963CVE-2024-55964CVE-2024-55965

Rhino Security Labs disclosed three critical vulnerabilities in Appsmith (versions 1.20–1.51): CVE-2024-55963 allows unauthenticated RCE via a misconfigured default PostgreSQL database with trust authentication combined with default signup; CVE-2024-55964 is an IDOR enabling App Viewer users to enumerate and query arbitrary datasources through predictable ID patterns; CVE-2024-55965 permits DoS via a broken access control flaw in the restart endpoint. All three have been patched in v1.52 and later.

SRFApplicationTACTA0001TACTA0002SRFWebTACTA0003VNDAppsmithTYPWriteupTYPVulnerability
82
Edit Score
2025-03-24
2025-03-24 14:15Z
CRIT

CVE-2025-30615 — Site: Cross-Site Request Forgery (CSRF) vulnerability in Jacob Schwartz WP e-Commerce Style Email wp-e-commerce-style-email allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-30615

Cross-Site Request Forgery (CSRF) vulnerability in Jacob Schwartz WP e-Commerce Style Email wp-e-commerce-style-email allows Code Injection.This issue affects WP e-Commerce Style Email: from n/a through <= 0.6.2. CVSSv3.1 9.6 (CRITICAL)

CWECWE 352TYPVulnerability
9.6
CVSS v3.1
98
Edit Score
2025-03-24
2025-03-24 14:15Z
HIGH

CVE-2025-30590 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-30590

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Dourou Flickr set slideshows flickr-set-slideshows allows SQL Injection.This issue affects Flickr set slideshows: from n/a through <= 0.9. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2025-03-24
2025-03-24 14:15Z
HIGH

CVE-2025-30569 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-30569

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jahertor WP Featured Entries wp-featured-entries allows SQL Injection.This issue affects WP Featured Entries: from n/a through <= 1.0. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2025-03-24
2025-03-24 14:15Z
CRIT

CVE-2025-30528 — Site: Cross-Site Request Forgery (CSRF) vulnerability in wpshopee Awesome Logos awesome-logos allows SQL Injection.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-30528

Cross-Site Request Forgery (CSRF) vulnerability in wpshopee Awesome Logos awesome-logos allows SQL Injection.This issue affects Awesome Logos: from n/a through <= 1.2. CVSSv3.1 9.3 (CRITICAL)

CWECWE 352TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2025-03-23
2025-03-23 15:15Z
HIGH

CVE-2025-2691 — Nossrf_project Nossrf: Versions of the package nossrf before 1.0.4 are vulnerable to Server-Side Request Forgery (SSRF)

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-2691

Versions of the package nossrf before 1.0.4 are vulnerable to Server-Side Request Forgery (SSRF) where an attacker can provide a hostname that resolves to a local or reserved IP address space and bypass the SSRF protection mechanism. CVSSv3.1 8.2 (HIGH) · EPSS 34th percentile

CWECWE 918VNDNossrf ProjectTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2025-03-22
2025-03-22 07:15Z
HIGH

CVE-2025-2303 — Block: The Block Logic – Full Gutenberg Block Display Control plugin for WordPress is vulnerable

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-2303

The Block Logic – Full Gutenberg Block Display Control plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.8 via the block_logic_check_logic function. This is due to the unsafe evaluation of user-controlled input. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server. CVSSv3.1 8.8 (HIGH)

CWECWE 94VNDBlockTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-03-20
2025-03-20 12:15Z
CRIT

CVE-2025-2311 — Incorrect: Use of Privileged APIs, Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-2311

Incorrect Use of Privileged APIs, Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in Sechard Information Technologies SecHard allows Authentication Bypass, Interface Manipulation, Authentication Abuse, Harvesting Information via API Event Monitoring. This issue affects SecHard: before 3.3.0.20220411. CVSSv3.1 9.0 (CRITICAL)

CWECWE 319CWECWE 522CWECWE 648TYPVulnerability
9.0
CVSS v3.1
95
Edit Score
2025-03-20
2025-03-20 08:15Z
CRIT

CVE-2024-12016 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-12016

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CM Informatics CM News allows SQL Injection. This issue affects CM News: through 6.0. NOTE: The vendor was contacted and it was learned that the product is not supported. CVSSv3.1 9.8 (CRITICAL) · EPSS 28th percentile

CWECWE 89TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-03-20
2025-03-20 05:41Z
HIGH

Be-a-Docker-Escaper — The container escape challenge of Be A RWCTFer competition (https://be-a-rwctfer.realworldctf.com/)

GitHub · container escape·github.comGITHUB POC

A GitHub repository documenting container escape challenges from the Real World CTF competition, spanning 2022–2024. The challenges progressively demonstrate escape techniques including Docker socket mapping, binfmt misconfigurations, kernel vulnerabilities, PID namespace sharing, and CAP_SYS_ADMIN abuse without mount permissions.

SRFOsTACTA0004TACTA0005TYPResearchTYPWriteupSTGDefense EvasionSTGPrivescSTGExecution
72
Edit Score
2025-03-19
2025-03-19 12:15Z
CRIT

CVE-2025-2512 — File_away_project File_away: The File Away plugin for WordPress is vulnerable to arbitrary file uploads due to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-2512

The File Away plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check and missing file type validation in the upload() function in all versions up to, and including, 3.9.9.0.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. CVSSv3.1 9.8 (CRITICAL)

CWECWE 434VNDFile Away ProjectTYPVulnerability
9.8
CVSS v3.1
99
Edit Score