Skip to main content
CVE-2025-68055 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themefic Hydra Booking hydra-booking allows SQL Injection.This issue affects Hydra Booking: from n/a through <= 1.1.32.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.1%
CVE-2025-68054 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup CountDown With Image or Video Background countdown_with_background allows Blind SQL Injection.This issue affects CountDown With Image or Video Background: from n/a through <= 1.5.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.1%
CVE-2025-68053 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup xPromoter top_bar_promoter allows Blind SQL Injection.This issue affects xPromoter: from n/a through <= 1.3.4.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.1%
CVE-2025-67950 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Syed Balkhi All In One SEO Pack all-in-one-seo-pack allows Blind SQL Injection.This issue affects All In One SEO Pack: from n/a through <= 4.9.1.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.1%
CVE-2025-68056 HIGH This Week

SQL injection in LBG Zoominoutslider WordPress plugin versions through 5.4.4 allows authenticated attackers with low-level privileges to extract sensitive database information and potentially cause denial of service. The vulnerability enables cross-scope impact, meaning attackers can access resources beyond their authorized privilege level. EPSS probability is low (0.04%, 14th percentile), indicating limited observed exploitation activity, though Patchstack's disclosure suggests active security community awareness.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.0%
CVE-2025-10450 HIGH PATCH This Week

Network traffic sniffing in RTI Connext Professional 7.2.0-7.3.0 and 7.4.0-7.6.x exposes private personal information to unauthorized remote actors with low attack complexity. The vulnerability allows confidentiality breach (high impact) with limited integrity and availability impacts, affecting distributed data-sharing middleware used in critical infrastructure and industrial systems. EPSS exploitation probability is minimal (0.05%, 15th percentile) with no confirmed active exploitation or public exploit code identified at time of analysis.

Authentication Bypass Connext Professional
NVD VulDB
CVSS 4.0
8.3
EPSS
0.0%
CVE-2025-67962 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AIOSEO Plugin Team Broken Link Checker broken-link-checker-seo allows SQL Injection.This issue affects Broken Link Checker: from n/a through <= 1.2.6.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2025-67999 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stefano Lissa Newsletter newsletter allows Blind SQL Injection.This issue affects Newsletter: from n/a through <= 9.0.9.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.0%
CVE-2025-68067 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Stockholm Core stockholm-core allows PHP Local File Inclusion.This issue affects Stockholm Core: from n/a through <= 2.4.6.

PHP Information Disclosure LFI
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-68065 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LiquidThemes Hub Core hub-core allows PHP Local File Inclusion.This issue affects Hub Core: from n/a through <= 5.0.8.

PHP Information Disclosure LFI
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-68061 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove EduMall edumall allows PHP Local File Inclusion.This issue affects EduMall: from n/a through <= 4.4.7.

PHP Information Disclosure LFI
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-13474 HIGH This Week

Information disclosure in Menulux Mobile App versions prior to 9.5.8 allows remote unauthenticated attackers to access other users' data by manipulating trusted identifiers (IDOR-style flaw). The vulnerability falls under CWE-639 (Authorization Bypass Through User-Controlled Key) and was reported by Turkey's national CERT (USOM). There is no public exploit identified at time of analysis, and EPSS scoring places exploitation probability at just 0.04% (13th percentile).

Authentication Bypass
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-68066 HIGH This Week

Local file inclusion in PenciDesign Soledad WordPress theme versions through 8.7.0 allows authenticated attackers with low privileges to include and execute arbitrary PHP files via improper filename control in include/require statements. Attack complexity is high (AC:H), requiring specific server configuration or authenticated access to exploit. No active exploitation confirmed at time of analysis, but vulnerability class (CWE-98) is commonly targeted once POC becomes available. EPSS data not provided; exploitation status unknown beyond vendor disclosure.

PHP Information Disclosure LFI
NVD
CVSS 3.1
7.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy