Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2025-23948 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Webarea Background animation blocks background-animation-blocks allows PHP Local File Inclusion.This issue affects Background animation blocks: from n/a through <= 2.1.5. CVSSv3.1 8.1 (HIGH)
CVE-2025-23944 — Deserialization: of Untrusted Data vulnerability in bulktheme WOOEXIM wooexim allows Object Injection.This issue affects
Deserialization of Untrusted Data vulnerability in bulktheme WOOEXIM wooexim allows Object Injection.This issue affects WOOEXIM: from n/a through <= 5.0.0. CVSSv3.1 8.8 (HIGH)
CVE-2025-23942 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in ngocuct0912 WP Load Gallery wp-load-gallery
Unrestricted Upload of File with Dangerous Type vulnerability in ngocuct0912 WP Load Gallery wp-load-gallery allows Upload a Web Shell to a Web Server.This issue affects WP Load Gallery: from n/a through <= 2.1.6. CVSSv3.1 9.1 (CRITICAL)
CVE-2025-23932 — Deserialization: of Untrusted Data vulnerability in Marko-M Quick Count quick-count allows Object Injection.This issue
Deserialization of Untrusted Data vulnerability in Marko-M Quick Count quick-count allows Object Injection.This issue affects Quick Count: from n/a through <= 3.00. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-23931 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oliver Fuhrmann WordPress Local SEO dh-local-seo allows Blind SQL Injection.This issue affects WordPress Local SEO: from n/a through <= 2.3. CVSSv3.1 9.3 (CRITICAL)
CVE-2025-23921 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in sh1zen Multi Uploader for Gravity
Unrestricted Upload of File with Dangerous Type vulnerability in sh1zen Multi Uploader for Gravity Forms gf-multi-uploader allows Upload a Web Shell to a Web Server.This issue affects Multi Uploader for Gravity Forms: from n/a through <= 1.1.3. CVSSv3.1 9.0 (CRITICAL)
CVE-2025-23918 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Enrico Sandoli Smallerik File Browser
Unrestricted Upload of File with Dangerous Type vulnerability in Enrico Sandoli Smallerik File Browser smallerik-file-browser allows Upload a Web Shell to a Web Server.This issue affects Smallerik File Browser: from n/a through <= 1.1. CVSSv3.1 9.9 (CRITICAL)
CVE-2025-23910 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in keighl Menus Plus+ menus-plus allows SQL Injection.This issue affects Menus Plus+: from n/a through <= 1.9.6. CVSSv3.1 8.5 (HIGH)
CVE-2023-36998 — NextEPC: The NextEPC MME <= 1.0.1 (fixed in commit a8492c9c5bc0a66c6999cb5a263545b32a4109df) contains a stack-based buffer overflow
The NextEPC MME <= 1.0.1 (fixed in commit a8492c9c5bc0a66c6999cb5a263545b32a4109df) contains a stack-based buffer overflow vulnerability in the Emergency Number List decoding method. An attacker may send a NAS message containing an oversized Emergency Number List value to the MME to overwrite the stack with arbitrary bytes. An attacker with a cellphone connection to any base station managed by the MME may exploit this vulnerability without having to authenticate with the LTE CVSSv3.1 8.9 (HIGH) · EPSS 32th percentile
CVE-2024-11218 — A vulnerability was found in `podman build` and `buildah.` This issue occurs in a
A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the host. CVSSv3.1 8.6 (HIGH) · EPSS 28th percentile
CVE-2025-23477 — Authorization: Missing Authorization vulnerability in realtyworkstation Realty Workstation realty-workstation allows Accessing Functionality Not Properly Constrained
Missing Authorization vulnerability in realtyworkstation Realty Workstation realty-workstation allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Realty Workstation: from n/a through <= 1.0.45. CVSSv3.1 8.2 (HIGH)
CVE-2025-22723 — Upload: (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders allows Upload
Unrestricted Upload of File with Dangerous Type vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders allows Upload a Web Shell to a Web Server.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through <= 1.6.7. CVSSv3.1 9.1 (CRITICAL)
CVE-2025-22716 — Taskbuilder Taskbuilder: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in taskbuilder Taskbuilder taskbuilder allows SQL Injection.This issue affects Taskbuilder: from n/a through <= 3.0.6. CVSSv3.1 8.5 (HIGH)
CVE-2025-22553 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in dhananjaysingh Multiple Carousel multicarousel allows SQL Injection.This issue affects Multiple Carousel: from n/a through <= 2.0. CVSSv3.1 9.3 (CRITICAL)
CVE-2024-51919 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in radykal Fancy Product Designer fancy-product-designer.This
Unrestricted Upload of File with Dangerous Type vulnerability in radykal Fancy Product Designer fancy-product-designer.This issue affects Fancy Product Designer: from n/a through <= 6.4.3. CVSSv3.1 9.0 (CRITICAL)
CVE-2024-51888 — Incorrect: Privilege Assignment vulnerability in favethemes Homey Login Register homey-login-register allows Privilege Escalation.This issue
Incorrect Privilege Assignment vulnerability in favethemes Homey Login Register homey-login-register allows Privilege Escalation.This issue affects Homey Login Register: from n/a through <= 2.4.0. CVSSv3.1 9.8 (CRITICAL)
CVE-2024-51818 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in radykal Fancy Product Designer fancy-product-designer.This issue affects Fancy Product Designer: from n/a through <= 6.4.3. CVSSv3.1 9.3 (CRITICAL)
CVE-2024-49699 — Deserialization: of Untrusted Data vulnerability in reputeinfosystems ARPrice arprice allows Object Injection.This issue affects
Deserialization of Untrusted Data vulnerability in reputeinfosystems ARPrice arprice allows Object Injection.This issue affects ARPrice: from n/a through <= 4.1.3. CVSSv3.1 8.8 (HIGH)
CVE-2024-49688 — Deserialization: of Untrusted Data vulnerability in reputeinfosystems ARPrice arprice allows Object Injection.This issue affects
Deserialization of Untrusted Data vulnerability in reputeinfosystems ARPrice arprice allows Object Injection.This issue affects ARPrice: from n/a through <= 4.1.3. CVSSv3.1 9.8 (CRITICAL)
CVE-2024-49666 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in reputeinfosystems ARPrice arprice allows SQL Injection.This issue affects ARPrice: from n/a through <= 4.1.3. CVSSv3.1 8.5 (HIGH)
CVE-2024-49655 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in reputeinfosystems ARPrice arprice allows SQL Injection.This issue affects ARPrice: from n/a through <= 4.1.3. CVSSv3.1 9.3 (CRITICAL)
CVE-2024-49333 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin hmenu allows SQL Injection.This issue affects Hero Mega Menu - Responsive WordPress Menu Plugin: from n/a through <= 1.16.5. CVSSv3.1 8.5 (HIGH)
CVE-2024-49303 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin hmenu allows SQL Injection.This issue affects Hero Mega Menu - Responsive WordPress Menu Plugin: from n/a through <= 1.16.5. CVSSv3.1 8.5 (HIGH)
CVE-2024-32555 — Incorrect: Privilege Assignment vulnerability in InspiryThemes Easy Real Estate easy-real-estate allows Privilege Escalation.This issue
Incorrect Privilege Assignment vulnerability in InspiryThemes Easy Real Estate easy-real-estate allows Privilege Escalation.This issue affects Easy Real Estate: from n/a through <= 2.2.9. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-23922 — Site: Cross-Site Request Forgery (CSRF) vulnerability in Harsh iSpring Embedder embed-ispring allows Upload a Web
Cross-Site Request Forgery (CSRF) vulnerability in Harsh iSpring Embedder embed-ispring allows Upload a Web Shell to a Web Server.This issue affects iSpring Embedder: from n/a through <= 1.0. CVSSv3.1 10.0 (CRITICAL)