The Simple File List plugin for WordPress through version 4.2.2 contains an unauthenticated remote code execution vulnerability. Attackers can upload PHP files disguised with image extensions and then rename them back to .php using the plugin's built-in rename functionality, bypassing all upload restrictions.
The AIT CSV Import/Export WordPress plugin through version 3.0.3 allows unauthorized arbitrary file uploads without file type validation. The upload handler in upload-handler.php is accessible without authentication, enabling remote attackers to deploy PHP webshells and achieve code execution on the WordPress server.
The Total Upkeep WordPress backup plugin through version 1.14.9 exposes backup file locations via env-info.php and restore-info.json. Unauthenticated attackers can discover and download complete site backups containing the database, wp-config.php with credentials, and all uploaded files.
The WPBookit WordPress plugin (versions ≤1.0.4) contains a critical arbitrary file upload vulnerability in the image_upload_handle() function due to missing file type validation, allowing unauthenticated attackers to upload malicious files and potentially achieve remote code execution. With a CVSS score of 9.8, network-accessible attack vector, and no authentication requirement, this vulnerability poses an immediate and severe threat to any WordPress installation using the affected plugin.
A buffer overflow vulnerability in A vulnerability (CVSS 8.8). Risk factors: public PoC available.
CVE-2025-7465 is a critical remote buffer overflow vulnerability in Tenda FH1201 firmware version 1.2.0.14 affecting the HTTP POST request handler's fromRouteStatic function. An authenticated attacker can exploit improper input validation on the 'page' parameter to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impact). A public proof-of-concept exploit exists and the vulnerability may be actively exploited in the wild.
A critical buffer overflow vulnerability exists in Tenda FH1201 wireless router firmware version 1.2.0.14, located in the HTTP POST handler for wireless safety settings. An authenticated attacker can remotely exploit this vulnerability by sending a crafted request with an oversized 'mit_ssid' parameter to the /goform/AdvSetWrlsafeset endpoint, achieving remote code execution with complete system compromise (confidentiality, integrity, and availability). A public proof-of-concept exploit is available, and this vulnerability meets CISA KEV criteria for active exploitation in the wild.
CVE-2025-7506 is a critical stack-based buffer overflow vulnerability in Tenda FH451 router firmware version 1.0.0.9, exploitable via the HTTP POST parameter 'page' in the /goform/Natlimit endpoint. An authenticated remote attacker can achieve complete system compromise (code execution, data exfiltration, denial of service) without user interaction. Public exploit code is available, indicating active disclosure and likely exploitation in the wild.
CVE-2025-7505 is a critical stack-based buffer overflow vulnerability in Tenda FH451 v1.0.0.9 affecting the HTTP POST request handler's L7 protocol filter functionality. An authenticated attacker can remotely exploit this vulnerability by manipulating the 'page' parameter to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code has been disclosed and the vulnerability meets CISA KEV criteria for active exploitation risk.
The Friends plugin for WordPress versions up to 3.5.1 contains a PHP Object Injection vulnerability in the query_vars parameter that allows authenticated subscribers and above to inject malicious serialized objects through unsafe deserialization. While the plugin itself lacks a known gadget chain (POP chain), successful exploitation depends on the presence of vulnerable code in other installed plugins or themes; if such a chain exists, attackers can achieve arbitrary file deletion, data exfiltration, or remote code execution, but exploitation requires knowledge of the site's SALT_NONCE and SALT_KEY values.
CVE-2025-5199 is a local privilege escalation vulnerability in Canonical Multipass up to version 1.15.1 on macOS, where incorrect default file permissions on a Launch Daemon allow an authenticated local attacker to modify files executed with administrative privileges during system startup. An attacker with local user access can escalate to root/administrator level through file manipulation, presenting a high-impact privilege escalation risk on affected macOS systems.
CVE-2023-38036 is a critical unauthenticated buffer overflow vulnerability in Ivanti Avalanche Manager prior to version 6.4.1 that allows remote attackers to cause denial of service or achieve arbitrary code execution without authentication. With a CVSS score of 9.8 and network-based attack vector, this vulnerability has significant real-world exploitability risk and affects all organizations deploying vulnerable Avalanche Manager instances.
A security vulnerability in A vulnerability (CVSS 7.3). Risk factors: public PoC available.
A critical SQL injection vulnerability exists in 1000projects ABC Courier Management version 1.0 affecting the /add_dealerrequest.php endpoint, where the 'Name' parameter is not properly sanitized. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion. The vulnerability has been publicly disclosed with exploit code available, making it an active threat.
CVE-2025-7483 is a critical SQL injection vulnerability in PHPGurukul Vehicle Parking Management System version 1.13, specifically in the /users/forgot-password.php endpoint's email parameter. An unauthenticated remote attacker can exploit this to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion. The vulnerability has been publicly disclosed with proof-of-concept code available, making active exploitation a significant concern.
CVE-2025-7480 is a critical SQL injection vulnerability in PHPGurukul Vehicle Parking Management System version 1.13, located in the /users/signup.php file where the email parameter is inadequately sanitized. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion. The vulnerability has been publicly disclosed with exploit code available, though no KEV or EPSS data is referenced in the provided intelligence.
CVE-2025-7478 is a critical SQL injection vulnerability in code-projects Modern Bag 1.0 affecting the /admin/category-list.php file, where the 'idCate' parameter is not properly sanitized, allowing unauthenticated remote attackers to execute arbitrary SQL queries. The vulnerability has been publicly disclosed with working exploits available, and while classified as critical in the original report, the CVSS 7.3 score indicates moderate-to-high real-world risk with potential for data exfiltration, modification, and denial of service. Active exploitation is likely given public POC availability and the ease of the attack vector.
CVE-2025-7474 is a critical SQL injection vulnerability in code-projects Job Diary 1.0 affecting the /search.php file's Search parameter, allowing unauthenticated remote attackers to execute arbitrary SQL commands with potential data exfiltration, modification, and application disruption. The exploit has been publicly disclosed with proof-of-concept code available, and the vulnerability meets the criteria for inclusion in CISA's Known Exploited Vulnerabilities (KEV) catalog due to active real-world exploitation.
CVE-2025-7461 is a critical SQL injection vulnerability in code-projects Modern Bag version 1.0, located in the /action.php file's proId parameter, allowing unauthenticated remote attackers to execute arbitrary SQL queries and potentially access, modify, or delete database contents. The vulnerability has been publicly disclosed with exploit code available, and the CVSS 7.3 score reflects moderate confidentiality, integrity, and availability impact; however, the attack requires no authentication or user interaction, making it immediately exploitable in network-accessible deployments.
CVE-2025-7476 is a critical SQL injection vulnerability in code-projects Simple Car Rental System 1.0 affecting the /admin/approve.php endpoint's ID parameter. An unauthenticated remote attacker can exploit this to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion. The vulnerability has been publicly disclosed with exploit code available, elevating real-world risk despite the CVSS 7.3 score suggesting moderate impact.
CVE-2025-7475 is a critical SQL injection vulnerability in code-projects Simple Car Rental System version 1.0, located in the /pay.php file where the 'mpesa' parameter is insufficiently sanitized. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion of database records. The vulnerability has been publicly disclosed with proof-of-concept availability, indicating active exploitation risk in real-world deployments.
CVE-2025-7471 is a critical SQL injection vulnerability in code-projects Modern Bag version 1.0 affecting the /admin/login-back.php endpoint. An unauthenticated remote attacker can inject malicious SQL code via the 'user-name' parameter to compromise confidentiality, integrity, and availability of the application and underlying database. The vulnerability has been publicly disclosed with proof-of-concept code available, increasing real-world exploitation risk.
CVE-2025-7469 is a critical SQL injection vulnerability in Campcodes Sales and Inventory System 1.0 affecting the product addition functionality (/pages/product_add.php). An unauthenticated remote attacker can manipulate the 'prod_name' parameter to execute arbitrary SQL commands, potentially leading to unauthorized data access, modification, or deletion. The vulnerability has been publicly disclosed with proof-of-concept code available, making active exploitation likely in the near term.
CVE-2025-7467 is a critical SQL injection vulnerability in code-projects Modern Bag version 1.0 affecting the /product-detail.php file's ID parameter, allowing unauthenticated remote attackers to execute arbitrary SQL queries and potentially exfiltrate, modify, or delete database contents. The vulnerability has been publicly disclosed with exploit code available, and the CVSS 7.3 score reflects moderate-to-high real-world impact with low attack complexity and no authentication requirements.
WPBookit WordPress plugin versions up to 1.0.4 contain an arbitrary file upload vulnerability in the handle_image_upload() function due to missing file type validation, allowing authenticated attackers with Subscriber-level privileges to upload malicious files and potentially achieve remote code execution. This is a high-severity vulnerability (CVSS 8.8) affecting a plugin likely used by booking/appointment management websites, with low attack complexity and no user interaction required once authenticated.
A remote code execution vulnerability in all (CVSS 8.8). High severity vulnerability requiring prompt remediation.
The Nokri - Job Board WordPress Theme contains a critical privilege escalation vulnerability (CVE-2025-1313) affecting all versions up to 1.6.3, where authenticated Subscriber-level users can change arbitrary user email addresses without proper identity validation. This allows attackers to reset administrator passwords and achieve complete account takeover, resulting in full WordPress site compromise. With a CVSS score of 8.8 and low attack complexity requiring only valid subscriber credentials, this vulnerability poses significant real-world risk to WordPress installations using this theme.
CVE-2025-24294 is a Denial of Service vulnerability in DNS packet parsing libraries (specifically the resolv library) caused by insufficient validation of decompressed domain name lengths. An attacker can send a crafted DNS packet with a highly compressed domain name that, when decompressed, consumes excessive CPU resources without limit, causing the parsing thread to become unresponsive. The vulnerability affects any application using the vulnerable resolv library and has a CVSS score of 7.5 (high severity); real-world exploitation probability and active exploitation status cannot be confirmed without EPSS score and KEV data.
CVE-2024-41169 is an unauthenticated information disclosure vulnerability in Apache Zeppelin's raft server protocol that allows remote attackers to enumerate and view server resources, including sensitive directories and files, without authentication. Versions 0.10.1 through 0.12.0 are affected. The vulnerability has a CVSS score of 7.5 (High) with a network-accessible attack vector and no authentication requirements, making it trivially exploitable by unauthenticated remote actors.
A vulnerability classified as problematic was found in Open5GS up to 2.7.3. Affected by this vulnerability is the function ngap_recv_handler/s1ap_recv_handler/recv_handler of the component SCTP Partial Message Handler. The manipulation leads to reachable assertion. The attack needs to be approached locally. The patch is named cfa44575020f3fb045fd971358442053c8684d3d. It is recommended to apply a patch to fix this issue.
CVE-2023-39338 is a security vulnerability (CVSS 6.8) that allows the user. Remediation should follow standard vulnerability management procedures.
IBM Storage Scale 5.2.3.0 and 5.2.3.1 could allow an authenticated user to obtain sensitive information from files due to the insecure permissions inherited through the SMB protocol.
A vulnerability was found in PHPGurukul Vehicle Parking Management System 1.13. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/manage-incomingvehicle.php. The manipulation of the argument del leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in PHPGurukul Vehicle Parking Management System 1.13. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/manage-outgoingvehicle.php. The manipulation of the argument del leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in PHPGurukul Vehicle Parking Management System 1.13. It has been declared as critical. This vulnerability affects unknown code of the file /users/print.php. The manipulation of the argument vid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in PHPGurukul Vehicle Parking Management System 1.13. It has been classified as critical. Affected is an unknown function of the file /admin/reg-users.php. The manipulation of the argument del leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in PHPGurukul Vehicle Parking Management System 1.13 and classified as critical. This issue affects some unknown processing of the file /admin/search-vehicle.php. The manipulation of the argument searchdata leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
A vulnerability classified as critical has been found in PHPGurukul Vehicle Parking Management System 1.13. Affected is an unknown function of the file /admin/view-outgoingvehicle-detail.php. The manipulation of the argument viewid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in PHPGurukul Vehicle Parking Management System 1.13. It has been classified as critical. This affects an unknown part of the file /users/profile.php. The manipulation of the argument firstname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
A vulnerability has been found in PHPGurukul Vehicle Parking Management System 1.13 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /users/view--detail.php. The manipulation of the argument viewid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
A vulnerability, which was classified as critical, has been found in code-projects Simple Car Rental System 1.0. This issue affects some unknown processing of the file /admin/add_cars.php. The manipulation of the argument image leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
The Modern Events Calendar Lite plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'wp_ajax_mec_load_single_page' AJAX action in all versions up to, and including, 6.3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This is only exploitable on sites with addslashes disabled.
A hardcoded secret in Ivanti DSM before 2024.2 allows an authenticated attacker on an adjacent network to decrypt sensitive data including user credentials.
A vulnerability exists on all versions of Ivanti Policy Secure below 22.6R1 where an authenticated administrator can perform an arbitrary file read via a maliciously crafted web request.
The RSFirewall! plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.1.42 via the get_local_filename() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
A vulnerability was found in Artifex GhostPDL up to 3989415a5b8e99b9d1b87cc9902bde9b7cdea145. It has been classified as problematic. This affects the function pdf_ferror of the file devices/vector/gdevpdf.c of the component New Output File Open Error Handler. The manipulation leads to null pointer dereference. It is possible to initiate the attack remotely. The identifier of the patch is 619a106ba4c4abed95110f84d5efcd7aee38c7cb. It is recommended to apply a patch to fix this issue.
A vulnerability classified as problematic has been found in osrg GoBGP up to 3.37.0. Affected is the function SplitRTR of the file pkg/packet/rtr/rtr.go. The manipulation leads to out-of-bounds read. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The name of the patch is e748f43496d74946d14fed85c776452e47b99d64. It is recommended to apply a patch to fix this issue.
A vulnerability has been found in JoeyBling SpringBoot_MyBatisPlus up to a6a825513bd688f717dbae3a196bc9c9622fea26 and classified as critical. This vulnerability affects the function Download of the file /file/download. The manipulation of the argument Name leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
A vulnerability, which was classified as critical, was found in JoeyBling SpringBoot_MyBatisPlus up to a6a825513bd688f717dbae3a196bc9c9622fea26. This affects the function SysFileController of the file /file/upload. The manipulation of the argument portraitFile leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
Rejected reason: Not used. No vendor patch available.