UAF in Redis 8.2.1 via crafted Lua scripts by authenticated users. EPSS 12.4%. Patch available.
Auth bypass in RestroPress WordPress ordering plugin 3.0.0-3.1.9.2.
LFI in JoomSport WordPress plugin.
Auth bypass in Spirit Framework WordPress plugin <= 1.2.14. EPSS 0.46%.
Privilege escalation in Appy Pie Connect for WooCommerce via password reset.
Uninitialized variable in Vigor Routers DrayOS HTTP CGI. EPSS 0.06%.
Use-after-free in SVG pattern parsing — pattern node deleted but accessed later.
Stack overflow DoS in SVG rendering via recursive pattern elements.
SQL injection in Joomla mod_vvisit_counter v2.0.4j3.
SQL injection in WPRecovery WordPress plugin.