Skip to main content
CVE-2025-8570 CRITICAL Act Now

The BeyondCart Connector plugin for WordPress is vulnerable to Privilege Escalation due to improper JWT secret management and authorization within the determine_current_user filter in versions 1.4.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-59053 CRITICAL Act Now

AIRI is a self-hosted, artificial intelligence based Grok Companion. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection XSS
NVD GitHub
CVSS 3.1
9.6
EPSS
0.0%
CVE-2025-58143 CRITICAL PATCH This Week

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are multiple issues related to the handling and accessing of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Xen Suse
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-58142 CRITICAL PATCH This Week

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are multiple issues related to the handling and accessing of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Xen Suse
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-27466 CRITICAL PATCH This Week

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are multiple issues related to the handling and accessing of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Xen Suse
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-40692 CRITICAL This Week

SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Online Fire Reporting System
NVD
CVSS 4.0
9.3
EPSS
0.0%
CVE-2025-40691 CRITICAL This Week

SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Online Fire Reporting System
NVD
CVSS 4.0
9.3
EPSS
0.0%
CVE-2025-40690 CRITICAL This Week

SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Online Fire Reporting System
NVD
CVSS 4.0
9.3
EPSS
0.0%
CVE-2025-40689 CRITICAL This Week

SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Online Fire Reporting System
NVD
CVSS 4.0
9.3
EPSS
0.0%
CVE-2025-40687 CRITICAL This Week

SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Online Fire Reporting System
NVD
CVSS 4.0
9.3
EPSS
0.0%
CVE-2025-58321 CRITICAL This Week

Delta Electronics DIALink has an Directory Traversal Authentication Bypass Vulnerability. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Path Traversal Dialink
NVD
CVSS 3.1
10.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy