Skip to main content
CVE-2024-8425 CRITICAL POC THREAT Emergency

The WooCommerce Ultimate Gift Card plugin through version 2.6.0 contains unauthenticated arbitrary file uploads in the mail preview and cart functions. Insufficient file type validation allows attackers to upload PHP webshells through the gift card functionality, achieving remote code execution on e-commerce sites.

WordPress RCE File Upload
NVD
CVSS 3.1
9.8
EPSS
63.0%
Threat
5.4
CVE-2024-9193 CRITICAL POC THREAT Emergency

The WHMpress - WHMCS WordPress Integration Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 6.3-revision-0 via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 29.2% and no vendor patch available.

Information Disclosure PHP RCE LFI WordPress +1
NVD
CVSS 3.1
9.8
EPSS
29.2%
Threat
4.3
CVE-2025-1744 CRITICAL PATCH Act Now

Out-of-bounds Write vulnerability in radareorg radare2 allows heap-based buffer over-read or buffer overflow.9.9. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Radare2 Suse
NVD GitHub
CVSS 4.0
10.0
EPSS
0.3%
CVE-2024-8420 CRITICAL Act Now

The DHVC Form plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Privilege Escalation Dhvc Form
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2025-25379 CRITICAL Act Now

Cross Site Request Forgery vulnerability in 07FLYCMS v.1.3.9 allows a remote attacker to execute arbitrary code via the id parameter of the del.html component. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE CSRF 07flycms
NVD GitHub
CVSS 3.1
9.6
EPSS
0.1%
CVE-2025-22273 CRITICAL Act Now

Application does not limit the number or frequency of user interactions, such as the number of incoming requests. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 4.0
9.3
EPSS
0.2%
CVE-2025-0159 CRITICAL Act Now

IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1,. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Authentication Bypass Storage Virtualize
NVD
CVSS 3.1
9.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy