Skip to main content
CVE-2025-53521 CRITICAL POC KEV THREAT Emergency

F5 BIG-IP APM (Access Policy Manager) contains a remote code execution vulnerability triggered by specific malicious traffic when an access policy is configured on a virtual server.

RCE Denial Of Service
NVD VulDB GitHub
CVSS 4.0
9.3
EPSS
0.1%
Threat
5.8
CVE-2025-9967 CRITICAL Act Now

Account takeover in WordPress Orion SMS OTP Verification plugin (versions ≤1.1.7) allows unauthenticated remote attackers to reset arbitrary user passwords without identity verification. Attackers knowing a target's phone number can change that user's password to an attacker-controlled OTP, gaining complete account access with full privileges. CVSS 9.8 (Critical) reflects network-accessible, no-authentication-required exploitation with high confidentiality, integrity, and availability impact. No public exploit identified at time of analysis.

WordPress Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-10041 CRITICAL Act Now

Arbitrary file upload in Flex QR Code Generator plugin (WordPress) versions ≤1.2.5 allows unanauthenticated remote attackers to upload malicious files without restriction, enabling remote code execution on vulnerable web servers. The flaw stems from absent file type validation in the save_qr_code_to_db() function, accessible over the network with no authentication barrier. With CVSS 9.8 (critical) and EPSS data unavailable, this represents a severe exposure for WordPress sites running the affected plugin. No public exploit identified at time of analysis, and not listed in CISA KEV, but the trivial attack complexity (AC:L, PR:N) makes this a high-priority remediation target.

WordPress File Upload RCE
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-10299 HIGH This Week

WPBifröst WordPress plugin through version 1.0.7 allows low-privileged authenticated users to escalate to full administrative access. Subscribers and higher roles can exploit a missing capability check in the ctl_create_link AJAX handler to create new administrator accounts and immediately log in with full site control. With CVSS 8.8 (High) and EPSS data unavailable, severity is driven by the low privilege requirement (PR:L) and complete system compromise (C:H/I:H/A:H). No public exploit identified at time of analysis, and not listed in CISA KEV, but the attack is trivially automatable once an attacker holds any authenticated role.

Authentication Bypass WordPress Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-10682 MEDIUM This Month

SQL injection in the TARIFFUXX WordPress plugin up to version 1.4 allows authenticated attackers with Contributor-level or higher privileges to inject malicious SQL commands via the 'id' attribute in the 'tariffuxx_configurator' shortcode, enabling unauthorized extraction of sensitive database information. The vulnerability exploits insufficient input sanitization in SQL query construction and requires authenticated access, resulting in a CVSS 6.5 (medium-high) rating with confirmed confidentiality impact but no availability or integrity compromise.

WordPress SQLi
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-10038 MEDIUM This Month

Binary MLM Plan plugin for WordPress versions up to 3.0 grants the manage_bmp capability to all users upon registration, allowing unauthenticated attackers to register via the plugin's form and immediately escalate privileges to manage plugin settings. This privilege escalation affects all installations with the vulnerable plugin active, with a CVSS score of 6.5 reflecting moderate confidentiality and integrity impact. No public exploit code or active exploitation has been confirmed at the time of analysis.

Privilege Escalation WordPress
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-10141 MEDIUM This Month

Stored Cross-Site Scripting (XSS) in the Digiseller WordPress plugin up to version 1.3 allows authenticated contributors and above to inject arbitrary JavaScript via the 'ds' shortcode attributes due to insufficient input sanitization and output escaping. The injected scripts execute in the context of all users viewing the affected page, enabling session hijacking, credential theft, or malware distribution. CVSS 6.4 reflects network accessibility and lower-privileged attacker requirements; no public exploit code or active exploitation has been identified at time of analysis.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-10139 MEDIUM This Month

Stored Cross-Site Scripting in WP BookWidgets plugin for WordPress allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts via the 'bw_link' shortcode due to insufficient input sanitization and output escaping. When a user visits a page containing the injected shortcode, the malicious script executes in their browser context. This vulnerability affects all versions up to and including 0.9. No public exploit code or active exploitation in the wild has been confirmed at the time of analysis.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-43282 MEDIUM This Month

Double free memory management vulnerability in Apple operating systems (iOS, iPadOS, macOS, tvOS, visionOS, watchOS) allows local apps to trigger unexpected system termination through memory corruption. Affecting iOS 18.5 and earlier, iPadOS 18.5 and earlier, macOS Sequoia 15.5 and earlier, macOS Sonoma 14.7.6 and earlier, macOS Ventura 13.7.6 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. No public exploit code or active exploitation confirmed; EPSS score of 0.01% indicates minimal real-world exploitation probability despite moderate CVSS rating.

Apple iOS macOS Memory Corruption Denial Of Service +5
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43313 MEDIUM This Month

Local applications on macOS can bypass access controls to read sensitive user data through a logic flaw in permission enforcement, fixed in macOS Sequoia 15.6, Sonoma 14.7.7, and Ventura 13.7.7. The vulnerability requires user interaction to trigger (such as launching a malicious app) and affects all three recent macOS versions. With an EPSS score of 0.01% and no confirmed active exploitation, this represents a low real-world exploitation probability despite moderate CVSS severity.

Apple macOS Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-10648 MEDIUM This Month

Unauthenticated attackers can read sensitive profile data from the latest SSO login in the YourMembership Single Sign On (YM SSO Login) WordPress plugin through versions 1.1.7 due to a missing capability check on the 'moym_display_test_attributes' function. The vulnerability allows remote, unauthenticated access to confidential user information without any user interaction, presenting a direct information disclosure risk. No active exploitation has been confirmed at the time of analysis, though the low attack complexity and CVSS score of 5.3 indicate moderate real-world risk.

Authentication Bypass WordPress
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-10486 MEDIUM This Month

Unauthenticated attackers can access sensitive information through publicly exposed log files in the Content Writer WordPress plugin versions up to 3.6.8. The plugin fails to properly restrict access to log files, allowing remote attackers without authentication or user interaction to view potentially sensitive data stored in these logs. This vulnerability carries a moderate CVSS score of 5.3 with confirmed public information disclosure impact.

Information Disclosure WordPress
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-10186 MEDIUM This Month

Unauthenticated attackers can delete rows from the wp_wdplugin_style database table in the WhyDonate WordPress plugin (versions up to 4.0.15) due to a missing capability check on the remove_row function. This allows unauthorized modification of site styling configuration without authentication, impacting data integrity for affected WordPress installations. No public exploit code or active exploitation has been confirmed at the time of analysis.

Authentication Bypass WordPress
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-10045 MEDIUM This Month

SQL Injection in onOffice for WP-Websites plugin (versions ≤6.5.1) allows authenticated attackers with Editor-level access or above to extract sensitive database information by injecting arbitrary SQL queries via the insufficiently escaped 'order' parameter. The vulnerability requires high privileges and user interaction is not needed, resulting in a CVSS score of 4.9 with confirmed confidentiality impact but no integrity or availability compromise.

WordPress SQLi
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-43280 MEDIUM This Month

Mail in Lockdown Mode on iOS and iPadOS allows information disclosure through remote image loading when forwarding emails, bypassing Lockdown Mode's protections designed to prevent such tracking. Apple released patches in iOS 18.6 and iPadOS 18.6 that prevent remote image loading in this scenario. The vulnerability requires user interaction (forwarding an email) and affects unauthenticated remote attackers, with an EPSS score of 0.03% indicating low real-world exploitation probability despite the network attack vector.

Apple iOS Information Disclosure Ipados Iphone Os
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-11568 MEDIUM PATCH This Month

A security vulnerability in A data corruption vulnerability (CVSS 4.4). Remediation should follow standard vulnerability management procedures.

Information Disclosure
NVD GitHub VulDB
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-10303 MEDIUM This Month

Library Management System plugin for WordPress versions up to 3.1 allows authenticated Subscriber-level users to modify plugin settings and features due to missing capability checks in the owt7_library_management_ajax_handler() AJAX function. An attacker with minimal WordPress account privileges can remotely manipulate plugin configuration without administrative authorization, leading to unauthorized changes to library data and system behavior. No active exploitation or public exploit code has been identified at this time.

Authentication Bypass WordPress
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-39977 Monitor

In the Linux kernel, the following vulnerability has been resolved: futex: Prevent use-after-free during requeue-PI syzbot managed to trigger the following race: T1 T2 futex_wait_requeue_pi() futex_do_wait() schedule() futex_requeue() futex_proxy_trylock_atomic() futex_requeue_pi_prepare() requeue_pi_wake_futex() futex_requeue_pi_complete() /* preempt */ * timeout/ signal wakes T1 * futex_requeue_pi_wakeup_sync() // Q_REQUEUE_PI_LOCKED futex_hash_put() // back to userland, on stack futex_q is garbage /* back */ wake_up_state(q->task, TASK_NORMAL); In this scenario futex_wait_requeue_pi() is able to leave without using futex_q::lock_ptr for synchronization. This can be prevented by reading futex_q::task before updating the futex_q::requeue_state. A reference on the task_struct is not needed because requeue_pi_wake_futex() is invoked with a spinlock_t held which implies a RCU read section. Even if T1 terminates immediately after, the task_struct will remain valid during T2's wake_up_state(). A READ_ONCE on futex_q::task before futex_requeue_pi_complete() is enough because it ensures that the variable is read before the state is updated. Read futex_q::task before updating the requeue state, use it for the following wakeup.

Information Disclosure Linux
NVD
EPSS
0.0%
CVE-2025-39997 Monitor

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free The previous commit 0718a78f6a9f ("ALSA: usb-audio: Kill timer properly at removal") patched a UAF issue caused by the error timer. However, because the error timer kill added in this patch occurs after the endpoint delete, a race condition to UAF still occurs, albeit rarely. Additionally, since kill-cleanup for urb is also missing, freed memory can be accessed in interrupt context related to urb, which can cause UAF. Therefore, to prevent this, error timer and urb must be killed before freeing the heap memory.

Linux Information Disclosure
NVD
EPSS
0.0%
CVE-2025-39981 Awaiting Data

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible UAFs This attemps to fix possible UAFs caused by struct mgmt_pending being freed while still being processed like in the following trace, in order to fix mgmt_pending_valid is introduce and use to check if the mgmt_pending hasn't been removed from the pending list, on the complete callbacks it is used to check and in addtion remove the cmd from the list while holding mgmt_pending_lock to avoid TOCTOU problems since if the cmd is left on the list it can still be accessed and freed. BUG: KASAN: slab-use-after-free in mgmt_add_adv_patterns_monitor_sync+0x35/0x50 net/bluetooth/mgmt.c:5223 Read of size 8 at addr ffff8880709d4dc0 by task kworker/u11:0/55 CPU: 0 UID: 0 PID: 55 Comm: kworker/u11:0 Not tainted 6.16.4 #2 PREEMPT(full) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014 Workqueue: hci0 hci_cmd_sync_work Call Trace: <TASK> dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0xca/0x240 mm/kasan/report.c:482 kasan_report+0x118/0x150 mm/kasan/report.c:595 mgmt_add_adv_patterns_monitor_sync+0x35/0x50 net/bluetooth/mgmt.c:5223 hci_cmd_sync_work+0x210/0x3a0 net/bluetooth/hci_sync.c:332 process_one_work kernel/workqueue.c:3238 [inline] process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3321 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402 kthread+0x711/0x8a0 kernel/kthread.c:464 ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148 ret_from_fork_asm+0x1a/0x30 home/kwqcheii/source/fuzzing/kernel/kasan/linux-6.16.4/arch/x86/entry/entry_64.S:245 </TASK> Allocated by task 12210: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3e/0x80 mm/kasan/common.c:68 poison_kmalloc_redzone mm/kasan/common.c:377 [inline] __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394 kasan_kmalloc include/linux/kasan.h:260 [inline] __kmalloc_cache_noprof+0x230/0x3d0 mm/slub.c:4364 kmalloc_noprof include/linux/slab.h:905 [inline] kzalloc_noprof include/linux/slab.h:1039 [inline] mgmt_pending_new+0x65/0x1e0 net/bluetooth/mgmt_util.c:269 mgmt_pending_add+0x35/0x140 net/bluetooth/mgmt_util.c:296 __add_adv_patterns_monitor+0x130/0x200 net/bluetooth/mgmt.c:5247 add_adv_patterns_monitor+0x214/0x360 net/bluetooth/mgmt.c:5364 hci_mgmt_cmd+0x9c9/0xef0 net/bluetooth/hci_sock.c:1719 hci_sock_sendmsg+0x6ca/0xef0 net/bluetooth/hci_sock.c:1839 sock_sendmsg_nosec net/socket.c:714 [inline] __sock_sendmsg+0x219/0x270 net/socket.c:729 sock_write_iter+0x258/0x330 net/socket.c:1133 new_sync_write fs/read_write.c:593 [inline] vfs_write+0x5c9/0xb30 fs/read_write.c:686 ksys_write+0x145/0x250 fs/read_write.c:738 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f Freed by task 12221: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3e/0x80 mm/kasan/common.c:68 kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:576 poison_slab_object mm/kasan/common.c:247 [inline] __kasan_slab_free+0x62/0x70 mm/kasan/common.c:264 kasan_slab_free include/linux/kasan.h:233 [inline] slab_free_hook mm/slub.c:2381 [inline] slab_free mm/slub.c:4648 [inline] kfree+0x18e/0x440 mm/slub.c:4847 mgmt_pending_free net/bluetooth/mgmt_util.c:311 [inline] mgmt_pending_foreach+0x30d/0x380 net/bluetooth/mgmt_util.c:257 __mgmt_power_off+0x169/0x350 net/bluetooth/mgmt.c:9444 hci_dev_close_sync+0x754/0x1330 net/bluetooth/hci_sync.c:5290 hci_dev_do_close net/bluetooth/hci_core.c:501 [inline] hci_dev_close+0x108/0x200 net/bluetooth/hci_core.c:526 sock_do_ioctl+0xd9/0x300 net/socket.c:1192 sock_ioctl+0x576/0x790 net/socket.c:1313 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl+0xf9/0x170 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xf ---truncated---

Linux Information Disclosure
NVD
EPSS
0.0%
CVE-2025-39980 Awaiting Data

In the Linux kernel, the following vulnerability has been resolved: nexthop: Forbid FDB status change while nexthop is in a group The kernel forbids the creation of non-FDB nexthop groups with FDB nexthops: Error: Non FDB nexthop group cannot have fdb nexthops. And vice versa: Error: FDB nexthop group can only have fdb nexthops. However, as long as no routes are pointing to a non-FDB nexthop group, the kernel allows changing the type of a nexthop from FDB to non-FDB and vice versa: 0 This configuration is invalid and can result in a NPD [1] since FDB nexthops are not associated with a nexthop device: Fix by preventing nexthop FDB status change while the nexthop is in a group: Error: Cannot change nexthop FDB status while in a group. [1] BUG: kernel NULL pointer dereference, address: 00000000000003c0 [...] Oops: Oops: 0000 [#1] SMP CPU: 6 UID: 0 PID: 367 Comm: ping Not tainted 6.17.0-rc6-virtme-gb65678cacc03 #1 PREEMPT(voluntary) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-4.fc41 04/01/2014 RIP: 0010:fib_lookup_good_nhc+0x1e/0x80 [...] Call Trace: <TASK> fib_table_lookup+0x541/0x650 ip_route_output_key_hash_rcu+0x2ea/0x970 ip_route_output_key_hash+0x55/0x80 __ip4_datagram_connect+0x250/0x330 udp_connect+0x2b/0x60 __sys_connect+0x9c/0xd0 __x64_sys_connect+0x18/0x20 do_syscall_64+0xa4/0x2a0 entry_SYSCALL_64_after_hwframe+0x4b/0x53

Denial Of Service Linux
NVD
EPSS
0.2%
CVE-2025-39978 Awaiting Data

In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() This code calls kfree_rcu(new_node, rcu) and then dereferences "new_node" and then dereferences it on the next line. Two lines later, we take a mutex so I don't think this is an RCU safe region. Re-order it to do the dereferences before queuing up the free.

Denial Of Service Linux
NVD
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy