Latest Critical CVEs

• CVE-2025-12181 - ContentStudio +) Arbitrary File Upload

  CVE ID :CVE-2025-12181
  Published : Dec. 5, 2025, 6:16 a.m. | 40 minutes ago
  Description :The ContentStudio plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the cstu_update_post() function in all versions up to, and including, 1.3.7. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
  Severity: 8.8 | HIGH
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2025-12154 - Auto Thumbnailer +) Arbitrary File Upload

  CVE ID :CVE-2025-12154
  Published : Dec. 5, 2025, 6:16 a.m. | 40 minutes ago
  Description :The Auto Thumbnailer plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadThumb() function in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
  Severity: 8.8 | HIGH
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2025-12153 - Featured Image via URL itrary FIle Upload

  CVE ID :CVE-2025-12153
  Published : Dec. 5, 2025, 6:16 a.m. | 40 minutes ago
  Description :The Featured Image via URL plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation function in all versions up to, and including, 0.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
  Severity: 8.8 | HIGH
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2025-13313 - CRM Memberships Privilege Escalation via Unauthenticated Password Reset in 'ntzcrm_changepassword' AJAX Endpoint

  CVE ID :CVE-2025-13313
  Published : Dec. 5, 2025, 5:16 a.m. | 1 hour, 39 minutes ago
  Description :The CRM Memberships plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 2.5. This is due to missing authorization and authentication checks on the `ntzcrm_changepassword` AJAX action. This makes it possible for unauthenticated attackers to reset arbitrary user passwords and gain unauthorized access to user accounts via the `ntzcrm_changepassword` endpoint, granted they can obtain or enumerate a target user's email address. The plugin also exposes the `ntzcrm_get_users` endpoint without authentication, allowing attackers to enumerate subscriber email addresses, facilitating the exploitation of the password reset vulnerability.
  Severity: 9.8 | CRITICAL
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2025-13066 - Demo Importer Plus bitrary File Upload via WXR Upload Bypass

  CVE ID :CVE-2025-13066
  Published : Dec. 5, 2025, 4:15 a.m. | 2 hours, 40 minutes ago
  Description :The Demo Importer Plus plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 2.0.6. This is due to insufficient file type validation detecting WXR files, allowing double extension files to bypass sanitization while being accepted as a valid WXR file. This makes it possible for authenticated attackers, with author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
  Severity: 8.8 | HIGH
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2025-66559 - Taiko Alethia Pacaya inbox verification pointer corruption

  CVE ID :CVE-2025-66559
  Published : Dec. 4, 2025, 11:15 p.m. | 7 hours, 40 minutes ago
  Description :Taiko Alethia is an Ethereum-equivalent, permissionless, based rollup designed to scale Ethereum without compromising its fundamental properties. In 2.3.1 and earlier, TaikoInbox._verifyBatches (packages/protocol/contracts/layer1/based/TaikoInbox.sol:627-678) advanced the local tid to whatever transition matched the current blockHash before knowing whether that batch would actually be verified. When the loop later broke (e.g., cooldown window not yet passed or transition invalidated), the function still wrote that newer tid into batches[lastVerifiedBatchId].verifiedTransitionId after decrementing batchId. Result: the last verified batch could end up pointing at a transition index from the next batch (often zeroed), corrupting the verified chain pointer.
  Severity: 8.0 | HIGH
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2025-13373 - Advantech iView SQL Injection

  CVE ID :CVE-2025-13373
  Published : Dec. 4, 2025, 11:15 p.m. | 7 hours, 40 minutes ago
  Description :Advantech iView versions 5.7.05.7057 and prior do not properly sanitize SNMP v1 trap (Port 162) requests, which could allow an attacker to inject SQL commands.
  Severity: 8.7 | HIGH
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2025-66509 - LaraDashboard: 1-Click Pre-Auth RCE via Host Header + Module Installation Chain

  CVE ID :CVE-2025-66509
  Published : Dec. 4, 2025, 10:15 p.m. | 8 hours, 40 minutes ago
  Description :LaraDashboard is an all-In-one solution to start a Laravel Application. In 2.3.0 and earlier, the password reset flow trusts the Host header, allowing attackers to redirect the administrator’s reset token to an attacker-controlled server. This can be combined with the module installation process to automatically execute the ServiceProvider::boot() method, enabling arbitrary PHP code execution.
  Severity: 8.9 | HIGH
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2025-1545 - WatchGuard Firebox XPath Injection Vulnerability in Web CGI

  CVE ID :CVE-2025-1545
  Published : Dec. 4, 2025, 10:15 p.m. | 8 hours, 40 minutes ago
  Description :An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from the Firebox configuration through an exposed authentication or management web interface. This vulnerability only affects Firebox systems that have at least one authentication hotspot configured.This issue affects Fireware OS 11.11 up to and including 11.12.4+541730, 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2.
  Severity: 8.2 | HIGH
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2025-13932 - SolisCloud API Broken Access Control IDOR

  CVE ID :CVE-2025-13932
  Published : Dec. 4, 2025, 10:15 p.m. | 8 hours, 40 minutes ago
  Description :The SolisCloud API suffers from a Broken Access Control vulnerability, specifically an Insecure Direct Object Reference (IDOR), where any authenticated user can access detailed data of any plant by altering the plant_id in the request.
  Severity: 8.3 | HIGH
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2025-12196 - WatchGuard Firebox Authenticated Out of Bounds Write in Management CLI Ping Command

  CVE ID :CVE-2025-12196
  Published : Dec. 4, 2025, 10:15 p.m. | 8 hours, 40 minutes ago
  Description :An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to execute arbitrary code via a specially crafted CLI command.This vulnerability affects Fireware OS 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2.
  Severity: 8.6 | HIGH
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2025-12195 - WatchGuard Firebox Authenticated Out of Bounds Write in Management CLI IPSec Configuration

  CVE ID :CVE-2025-12195
  Published : Dec. 4, 2025, 10:15 p.m. | 8 hours, 40 minutes ago
  Description :An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to execute arbitrary code via specially crafted IPSec configuration CLI commands.This vulnerability affects Fireware OS 11.0 up to and including 11.12.4+541730, 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2.
  Severity: 8.6 | HIGH
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2025-12026 - WatchGuard Firebox Authenticated Out of Bounds Write in certd

  CVE ID :CVE-2025-12026
  Published : Dec. 4, 2025, 10:15 p.m. | 8 hours, 40 minutes ago
  Description :An Out-of-bounds Write vulnerability in WatchGuard Fireware OS’s certificate request command could allow an authenticated privileged user to execute arbitrary code via specially crafted CLI commands.This vulnerability affects Fireware OS 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2.
  Severity: 8.6 | HIGH
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2025-11838 - WatchGuard Firebox iked Memory Corruption Vulnerability

  CVE ID :CVE-2025-11838
  Published : Dec. 4, 2025, 10:15 p.m. | 8 hours, 40 minutes ago
  Description :A memory corruption vulnerability in WatchGuard Fireware OS may allow an unauthenticated attacker to trigger a Denial of Service (DoS) condition in the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer. This vulnerability affects Fireware OS 12.0 up to and including 12.11.4 and 2025.1 up to and including 2025.1.2.
  Severity: 8.7 | HIGH
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2025-66576 - Remote Keyboard Desktop 1.0.1 - Remote Code Execution (RCE)

  CVE ID :CVE-2025-66576
  Published : Dec. 4, 2025, 9:16 p.m. | 9 hours, 40 minutes ago
  Description :Remote Keyboard Desktop 1.0.1 enables remote attackers to execute system commands via the rundll32.exe exported function export, allowing unauthenticated code execution.
  Severity: 8.9 | HIGH
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2025-66575 - VeeVPN 1.6.1 - Unquoted Service Path Remote Code Execution

  CVE ID :CVE-2025-66575
  Published : Dec. 4, 2025, 9:16 p.m. | 9 hours, 40 minutes ago
  Description :VeeVPN 1.6.1 contains an unquoted service path vulnerability in the VeePNService that allows remote attackers to execute code during startup or reboot with escalated privileges. Attackers can exploit this by providing a malicious service name, allowing them to inject commands and run as LocalSystem.
  Severity: 8.5 | HIGH
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2025-66571 - UNA CMS 9.0.0-RC1 - 14.0.0-RC4 PHP Object Injection

  CVE ID :CVE-2025-66571
  Published : Dec. 4, 2025, 9:16 p.m. | 9 hours, 40 minutes ago
  Description :UNA CMS versions 9.0.0-RC1 - 14.0.0-RC4 contain a PHP object injection vulnerability in BxBaseMenuSetAclLevel.php where the profile_id POST parameter is passed to PHP unserialize() without proper handling, allowing remote, unauthenticated attackers to inject arbitrary PHP objects and potentially write and execute arbitrary PHP code.
  Severity: 9.3 | CRITICAL
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2025-66555 - AirKeyboard iOS App 1.0.5 - Remote Input Injection

  CVE ID :CVE-2025-66555
  Published : Dec. 4, 2025, 9:16 p.m. | 9 hours, 40 minutes ago
  Description :AirKeyboard iOS App 1.0.5 contains a missing authentication vulnerability that allows unauthenticated attackers to type arbitrary keystrokes directly into the victim's iOS device in real-time without user interaction, resulting in full remote input control.
  Severity: 8.8 | HIGH
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2025-66237 - Sunbird DCIM dcTrack and Power IQ Use of Hard-coded Credentials

  CVE ID :CVE-2025-66237
  Published : Dec. 4, 2025, 9:16 p.m. | 9 hours, 40 minutes ago
  Description :DCIM dcTrack platforms utilize default and hard-coded credentials for access. An attacker could use these credentials to administer the database, escalate privileges on the platform or execute system commands on the host.
  Severity: 8.4 | HIGH
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2025-65959 - Open WebUI vulnerable to Stored DOM XSS via Note 'Download PDF'

  CVE ID :CVE-2025-65959
  Published : Dec. 4, 2025, 9:16 p.m. | 9 hours, 40 minutes ago
  Description :Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.37, a Stored XSS vulnerability was discovered in Open-WebUI's Notes PDF download functionality. An attacker can import a Markdown file containing malicious SVG tags into Notes, allowing them to execute arbitrary JavaScript code and steal session tokens when a victim downloads the note as PDF. This vulnerability can be exploited by any authenticated user, and unauthenticated external attackers can steal session tokens from users (both admin and regular users) by sharing specially crafted markdown files. This vulnerability is fixed in 0.6.37.
  Severity: 8.7 | HIGH
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...