Skip to main content
CVE-2025-33108 HIGH This Week

Privilege escalation vulnerability in IBM Backup, Recovery and Media Services (BRMS) for i versions 7.4 and 7.5 that exploits unqualified library calls in compiled or restored programs. An authenticated user with compile or restore capabilities can inject malicious code that executes with elevated component access to the IBM i operating system, achieving full system compromise. This is a high-severity issue affecting enterprise backup infrastructure, though it requires valid credentials and medium attack complexity to exploit.

Privilege Escalation IBM RCE
NVD
CVSS 3.1
8.5
EPSS
0.1%
CVE-2025-4200 HIGH This Week

A remote code execution vulnerability in all (CVSS 8.1). High severity vulnerability requiring prompt remediation.

WordPress PHP RCE Information Disclosure LFI
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2025-3234 HIGH This Week

A remote code execution vulnerability in File Manager Pro - Filester (CVSS 7.2). High severity vulnerability requiring prompt remediation.

WordPress RCE PHP
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2025-5487 HIGH This Week

AutomatorWP plugin for WordPress versions up to 5.2.3 contains a time-based SQL injection vulnerability in the field_conditions parameter that allows authenticated administrators and higher-privileged users to extract sensitive database information through insufficient input escaping and lack of prepared statements. While the CVSS score of 7.2 is moderately high, exploitation requires administrator-level access, significantly limiting real-world attack surface; no active exploitation in the wild has been confirmed at this time.

WordPress SQLi PHP Information Disclosure
NVD
CVSS 3.1
7.2
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy