The HUSKY Products Filter Professional for WooCommerce plugin through version 1.3.6.5 contains a critical Local File Inclusion vulnerability via the template parameter of the woof_text_search AJAX action. Unauthenticated attackers can include and execute arbitrary PHP files, leading to remote code execution on any WordPress site with the plugin.
A critical authentication bypass in AMI SPx BMC firmware allows unauthenticated remote attackers to gain full control of server hardware through the Redfish Host Interface. This KEV-listed vulnerability (CVSS 9.8) threatens the entire server fleet of organizations using AMI-based BMC implementations, enabling attackers to persist below the OS layer where traditional security tools cannot detect them.
A critical out-of-bounds write in WebKit's rendering engine allows maliciously crafted web content to escape the Web Content sandbox, achieving native code execution on Apple devices. Rated CVSS 10.0 and KEV-listed, CVE-2025-24201 is a supplementary fix for a previously patched vulnerability that was being actively exploited in extremely sophisticated targeted attacks. Affects all Apple platforms: iOS, iPadOS, macOS, Safari, visionOS, and watchOS.
Keras Model.load_model can execute arbitrary code even with safe_mode=True by manipulating the config.json inside a .keras archive. An attacker can specify arbitrary Python modules and functions to be loaded during model deserialization. PoC available, patch available.
ThemeEgg ToolKit plugin for WordPress (through 1.2.9) allows authenticated administrators to upload web shells via unrestricted file upload. The scope change makes this critical despite requiring admin privileges, as it enables OS-level code execution beyond the WordPress application.
Percona PMM Server OVA images ship with default service account credentials that grant SSH access and sudo to root, exposing all monitoring data and managed database credentials. The scope change reflects that compromising the monitoring server gives access to all monitored infrastructure.
Siemens SINAMICS S200 drives with specific serial number prefixes contain an unlocked bootloader that allows attackers to inject malicious firmware. This bypasses the device's intrinsic security features, enabling persistent compromise of industrial drive systems.
Siemens SiPass integrated access control systems (AC5102 ACC-G2 and ACC-AP, before V6.4.9) allow authenticated administrators to escalate to root via command injection in the REST API's pubkey endpoint. While high privileges are required, the scope change enables full system compromise.