Latest Critical CVEs
Updates on the latest high and critical severity vulnerabilities.
-
CVE-2025-3528 - OpenShift Mirror Registry Privilege Escalation Vulnerability
CVE ID :CVE-2025-3528
Published : May 9, 2025, 12:15 p.m. | 3 hours, 14 minutes ago
Description :A flaw was found in the Mirror Registry. The quay-app container shipped as part of the Mirror Registry for OpenShift has write access to the `/etc/passwd`. This flaw allows a malicious actor with access to the container to modify the passwd file and elevate their privileges to the root user within that pod.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-4403 - WooCommerce Drag and Drop Multiple File Upload Arbitrary File Upload Vulnerability
CVE ID :CVE-2025-4403
Published : May 9, 2025, 9:15 a.m. | 6 hours, 14 minutes ago
Description :The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.1.6 due to accepting a user‐supplied supported_type string and the uploaded filename without enforcing real extension or MIME checks within the upload() function. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-3605 - WordPress Frontend Login and Registration Blocks Privilege Escalation Vulnerability
CVE ID :CVE-2025-3605
Published : May 9, 2025, 7:16 a.m. | 8 hours, 13 minutes ago
Description :The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.7. This is due to the plugin not properly validating a user's identity prior to updating their details like email via the flr_blocks_user_settings_handle_ajax_callback() function. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-3455 - WordPress 1 Click Migration Plugin Remote File Upload Vulnerability
CVE ID :CVE-2025-3455
Published : May 9, 2025, 7:16 a.m. | 8 hours, 13 minutes ago
Description :The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'start_restore' function in all versions up to, and including, 2.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-2253 - IMITHEMES Listing Plugin Privilege Escalation Vulnerability
CVE ID :CVE-2025-2253
Published : May 9, 2025, 7:16 a.m. | 8 hours, 13 minutes ago
Description :The IMITHEMES Listing plugin is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3. This is due to the plugin not properly validating a verification code value prior to updating their password through the imic_reset_password_init() function. This makes it possible for unauthenticated attackers to change any user's passwords, including administrators if the users email is known.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2024-11617 - "Envolve Plugin WordPress File Upload Vulnerability"
CVE ID :CVE-2024-11617
Published : May 9, 2025, 7:16 a.m. | 8 hours, 13 minutes ago
Description :The Envolve Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'zetra_languageUpload' and 'zetra_fontsUpload' functions in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-4462 - TOTOLINK N150RT Buffer Overflow Vulnerability
CVE ID :CVE-2025-4462
Published : May 9, 2025, 5:15 a.m. | 10 hours, 14 minutes ago
Description :A vulnerability, which was classified as critical, has been found in TOTOLINK N150RT 3.4.0-B20190525. This issue affects some unknown processing of the file /boafrm/formWsc. The manipulation of the argument localPin leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-3714 - "LCD KVM over IP Switch CL5708IM Stack-based Buffer Overflow Vulnerability"
CVE ID :CVE-2025-3714
Published : May 9, 2025, 4:16 a.m. | 11 hours, 13 minutes ago
Description :The LCD KVM over IP Switch CL5708IM has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-3711 - "LCD KVM over IP Switch CL5708IM Stack-based Buffer Overflow Vulnerability"
CVE ID :CVE-2025-3711
Published : May 9, 2025, 4:16 a.m. | 11 hours, 13 minutes ago
Description :The LCD KVM over IP Switch CL5708IM has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-3710 - "KVM Over IP Switch CL5708IM Stack-based Buffer Overflow Vulnerability"
CVE ID :CVE-2025-3710
Published : May 9, 2025, 4:16 a.m. | 11 hours, 13 minutes ago
Description :The LCD KVM over IP Switch CL5708IM has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-3811 - WordPress WPBookit Privilege Escalation Account Takeover Vulnerability
CVE ID :CVE-2025-3811
Published : May 9, 2025, 3:15 a.m. | 12 hours, 14 minutes ago
Description :The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like email through the edit_newdata_customer_callback() function. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-3810 - WordPress WPBookit Privilege Escalation Vulnerability
CVE ID :CVE-2025-3810
Published : May 9, 2025, 3:15 a.m. | 12 hours, 14 minutes ago
Description :The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like password and email through the edit_profile_data() function. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses and passwords, including administrators, and leverage that to gain access to their account.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-4452 - D-Link DIR-619L Buffer Overflow Vulnerability
CVE ID :CVE-2025-4452
Published : May 9, 2025, 2:15 a.m. | 13 hours, 14 minutes ago
Description :A vulnerability was found in D-Link DIR-619L 2.04B04 and classified as critical. Affected by this issue is the function formSetWizard2. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-4451 - D-Link DIR-619L Remote Buffer Overflow Vulnerability
CVE ID :CVE-2025-4451
Published : May 9, 2025, 1:15 a.m. | 14 hours, 14 minutes ago
Description :A vulnerability has been found in D-Link DIR-619L 2.04B04 and classified as critical. Affected by this vulnerability is the function formSetWAN_Wizard52. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-4450 - D-Link DIR-619L Remote Buffer Overflow Vulnerability
CVE ID :CVE-2025-4450
Published : May 9, 2025, 1:15 a.m. | 14 hours, 14 minutes ago
Description :A vulnerability, which was classified as critical, was found in D-Link DIR-619L 2.04B04. Affected is the function formSetEasy_Wizard. The manipulation of the argument curTime leads to buffer overflow. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-4449 - D-Link DIR-619L Remote Buffer Overflow Vulnerability
CVE ID :CVE-2025-4449
Published : May 9, 2025, 1:15 a.m. | 14 hours, 14 minutes ago
Description :A vulnerability, which was classified as critical, has been found in D-Link DIR-619L 2.04B04. This issue affects the function formEasySetupWizard3. The manipulation of the argument wan_connected leads to buffer overflow. The attack may be initiated remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-4448 - D-Link DIR-619L Remote Buffer Overflow Vulnerability
CVE ID :CVE-2025-4448
Published : May 9, 2025, 1:15 a.m. | 14 hours, 14 minutes ago
Description :A vulnerability classified as critical was found in D-Link DIR-619L 2.04B04. This vulnerability affects the function formEasySetupWizard. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-4446 - H3C GR-5400AX Local Buffer Overflow Vulnerability
CVE ID :CVE-2025-4446
Published : May 9, 2025, 12:15 a.m. | 15 hours, 14 minutes ago
Description :A vulnerability has been found in H3C GR-5400AX up to 100R008 and classified as critical. This vulnerability affects the function Edit_List_SSID of the file /goform/aspForm. The manipulation of the argument param leads to buffer overflow. The attack needs to be approached within the local network.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-4442 - D-Link DIR-605L Remote Buffer Overflow Vulnerability
CVE ID :CVE-2025-4442
Published : May 9, 2025, 12:15 a.m. | 15 hours, 14 minutes ago
Description :A vulnerability was found in D-Link DIR-605L 2.13B01. It has been declared as critical. This vulnerability affects the function formSetWAN_Wizard55. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-4441 - D-Link DIR-605L Remote Buffer Overflow Vulnerability
CVE ID :CVE-2025-4441
Published : May 8, 2025, 11:15 p.m. | 16 hours, 14 minutes ago
Description :A vulnerability was found in D-Link DIR-605L 2.13B01. It has been classified as critical. This affects the function formSetWAN_Wizard534. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...