Skip to main content
CVE-2025-49844 CRITICAL POC PATCH THREAT CISA Act Now

UAF in Redis 8.2.1 via crafted Lua scripts by authenticated users. EPSS 12.4%. Patch available.

RCE Redis Memory Corruption Use After Free Red Hat +1
NVD GitHub
CVSS 3.1
9.9
EPSS
12.4%
Threat
5.9
CVE-2025-9209 CRITICAL POC Act Now

Auth bypass in RestroPress WordPress ordering plugin 3.0.0-3.1.9.2.

Authentication Bypass Information Disclosure WordPress PHP
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-7721 CRITICAL Act Now

LFI in JoomSport WordPress plugin.

LFI WordPress Information Disclosure PHP RCE
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-6388 CRITICAL Act Now

Auth bypass in Spirit Framework WordPress plugin <= 1.2.14. EPSS 0.46%.

Authentication Bypass WordPress PHP
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-9286 CRITICAL Act Now

Privilege escalation in Appy Pie Connect for WooCommerce via password reset.

Privilege Escalation WordPress
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-10547 CRITICAL PATCH Act Now

Uninitialized variable in Vigor Routers DrayOS HTTP CGI. EPSS 0.06%.

Buffer Overflow
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-10729 CRITICAL PATCH Act Now

Use-after-free in SVG pattern parsing — pattern node deleted but accessed later.

Denial Of Service Memory Corruption Use After Free Ubuntu Debian +2
NVD
CVSS 4.0
9.4
EPSS
0.0%
CVE-2025-10728 CRITICAL PATCH Act Now

Stack overflow DoS in SVG rendering via recursive pattern elements.

Buffer Overflow Ubuntu Debian Red Hat Suse
NVD
CVSS 4.0
9.4
EPSS
0.0%
CVE-2025-40636 CRITICAL Act Now

SQL injection in Joomla mod_vvisit_counter v2.0.4j3.

SQLi Joomla
NVD
CVSS 4.0
9.3
EPSS
0.0%
CVE-2025-10726 CRITICAL Act Now

SQL injection in WPRecovery WordPress plugin.

SQLi WordPress PHP
NVD
CVSS 3.1
9.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy