CVE Field Guide

Critical CVEs

CVE	Title	Updated	Score
CVE-2021-4455	Wordpress Plugin Smart Product Review <= 1.0.4 - Unauthenticated Arbitrary File Upload	19.04.2025	9.8
CVE-2025-1093	AIHub <= 1.3.7 - Unauthenticated Arbitrary File Upload in generate_image	19.04.2025	9.8
CVE-2025-3278	UrbanGo Membership <= 1.0.4 - Unauthenticated Privilege Escalation	19.04.2025	9.8
CVE-2025-32434	PyTorch: `torch.load` with `weights_only=True` leads to remote code execution	18.04.2025	9.3
CVE-2025-2492		18.04.2025	9.2
CVE-2025-1863	Insecure default settings for recorder products	18.04.2025	9.8
CVE-2025-39471	WordPress Modal Survey plugin <= 2.0.2.0.1 - SQL Injection vulnerability	18.04.2025	9.3
CVE-2025-42599		18.04.2025	9.8
CVE-2025-27282	WordPress Theme File Duplicator Plugin <= 1.3 - Arbitrary File Upload vulnerability	17.04.2025	9.9
CVE-2025-27286	WordPress Saoshyant Slider Plugin <= 3.0 - PHP Object Injection vulnerability	17.04.2025	9.8
CVE-2025-27287	WordPress SS Quiz Plugin <= 2.0.5 - PHP Object Injection vulnerability	17.04.2025	9.8
CVE-2025-27302	WordPress CHATLIVE plugin <= 2.0.1 - SQL Injection vulnerability	17.04.2025	9.3
CVE-2025-31380	WordPress Paid Videochat Turnkey Site plugin <= 7.3.11 - Broken Authentication Vulnerability	17.04.2025	9.8
CVE-2025-32572	WordPress Kata Plus Plugin <= 1.5.2 - PHP Object Injection vulnerability	17.04.2025	9.8
CVE-2025-32583	WordPress PDF 2 Post Plugin <= 2.4.0 - Remote Code Execution (RCE) vulnerability	17.04.2025	9.9
CVE-2025-32626	WordPress JS Job Manager plugin <= 2.0.2 - SQL Injection vulnerability	17.04.2025	9.3
CVE-2025-32636	WordPress Local Magic Plugin <= 2.6.0 - SQL Injection vulnerability	17.04.2025	9.3
CVE-2025-32648	WordPress Projectopia - Project Magement Plugin <= 5.1.16 - Privilege Escalation vulnerability	17.04.2025	9.8
CVE-2025-32652	WordPress Solace Extra plugin <= 1.3.1 - Arbitrary File Upload vulnerability	17.04.2025	9.9
CVE-2025-32658	WordPress HelpGent plugin <= 2.2.4 - PHP Object Injection vulnerability	17.04.2025	9.8
CVE-2025-32660	WordPress JS Job Manager plugin <= 2.0.2 - Arbitrary File Upload vulnerability	17.04.2025	10
CVE-2025-32665	WordPress Office Locator plugin <= 1.3.0 - SQL Injection vulnerability	17.04.2025	9.3
CVE-2025-32682	WordPress MapSVG Lite plugin <= 8.5.34 - Arbitrary File Upload Vulnerability	17.04.2025	9.9
CVE-2025-39550	WordPress FluentCommunity <= 1.2.15 - PHP Object Injection Vulnerability	17.04.2025	9.8
CVE-2025-39551	WordPress FluentBoards <= 1.47 - PHP Object Injection Vulnerability	17.04.2025	9.8
CVE-2025-39587	WordPress Cost Calculator Builder <= 3.2.65 - SQL Injection Vulnerability	17.04.2025	9.3
CVE-2025-39588	WordPress Ultimate Store Kit Elementor Addons <= 2.4.0 - Deserialization of untrusted data Vulnerability	17.04.2025	9.8
CVE-2025-39595	WordPress Quentn WP <= 1.2.8 - SQL Injection Vulnerability	17.04.2025	9.3
CVE-2025-39596	WordPress Quentn WP <= 1.2.8 - Privilege Escalation Vulnerability	17.04.2025	9.8
CVE-2025-22655	WordPress CWD - Stealth Links plugin <= 1.3 - SQL Injection vulnerability	17.04.2025	9.3
CVE-2025-39436	WordPress I Draw <= 1.0 - Arbitrary File Upload Vulnerability	17.04.2025	9.1
CVE-2025-3651	Command Injection in iManage Work Desktop for Mac's Agent Service	17.04.2025	9.3
CVE-2025-3113	Improper Access Control in Delphix Masking Engine	17.04.2025	9
CVE-2025-31340	Wisdom Master Pro - Improper Control of Filename for Include/Require Statement in PHP Program	17.04.2025	9.9
CVE-2025-0756	Hitachi Vantara Pentaho Data Integration & Analytics - Improper Control of Resource Identifiers ('Resource Injection')	17.04.2025	9.1
CVE-2025-32433	Erlang/OTP SSH Vulnerable to Pre-Authentication RCE	19.04.2025	10
CVE-2025-27495		17.04.2025	9.3
CVE-2025-27539		17.04.2025	9.3
CVE-2025-27540		17.04.2025	9.3
CVE-2025-39557	WordPress Kadence WooCommerce Email Designer plugin <= 1.5.14 - Arbitrary File Upload vulnerability	16.04.2025	9.1
CVE-2025-1980	Remote Code Execution via Unrestricted File Upload in Ready_	16.04.2025	9.4
CVE-2025-1981	SQL Injection in Ready_	16.04.2025	9.4
CVE-2025-39601	WordPress Custom CSS, JS & PHP plugin <= 2.4.1 - CSRF to RCE vulnerability	16.04.2025	9.6
CVE-2024-22036	Rancher Remote Code Execution via Cluster/Node Drivers	18.04.2025	9.1
CVE-2025-3495	COMMGR - Insufficient Randomization Authentication Bypass	16.04.2025	9.8
CVE-2025-30215	NATS-Server Fails to Authorize Certain Jetstream Admin APIs	17.04.2025	9.6
CVE-2025-26927	WordPress AI Hub plugin <= 1.3.3 - Arbitrary File Upload vulnerability	16.04.2025	10
CVE-2025-30967	WordPress WPJobBoard plugin < 5.11.1 - CSRF to Remote Code Execution (RCE) vulnerability	16.04.2025	9.6
CVE-2025-24297	Growatt Cloud portal Cross-site Scripting	16.04.2025	9.3
CVE-2025-30510	Growatt Cloud portal Insufficient Type Distinction	16.04.2025	9.3
CVE-2025-30727		17.04.2025	9.8
CVE-2025-32778	Web-Check allows command Injection via Unvalidated URL in Screenshot API	15.04.2025	9.3
CVE-2025-2567	Lantronix Xport Missing Authentication for Critical Function	15.04.2025	9.3
CVE-2025-30206	Dpanel's hard-coded JWT secret leads to remote code execution	15.04.2025	9.8
CVE-2025-32445	Users can gain privileged access to the host system and cluster with EventSource and Sensor CR	15.04.2025	10
CVE-2025-32911	Libsoup: double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" ghashtable value	15.04.2025	9
CVE-2025-30985	WordPress GNUCommerce plugin <= 1.5.4 - PHP Object Injection vulnerability	15.04.2025	9.8
CVE-2025-3579	Code Injection Vulnerability in AiDex	15.04.2025	9.3
CVE-2025-3578	Adversarial Input Handling Vulnerability in AiDex	15.04.2025	9.3
CVE-2025-24797	Meshtastic incorrectly hands malformed packets leads to controlled buffer overflow	15.04.2025	9.4
CVE-2025-32428	Jupyter Remote Desktop Proxy makes TigerVNC accessible via the network and not just via a UNIX socket as intended	15.04.2025	9
CVE-2025-1782	Unsanitized input in language form field	14.04.2025	9.9
CVE-2025-32931		14.04.2025	9.1
CVE-2025-22371	SQL-injection in admin_login_handler allows unauthenticated user to log in as an administrator in SicommNet BASEC	15.04.2025	9.3
CVE-2025-22372	Insecure password storage in SicommNet BASEC	15.04.2025	9.3

Latest Updates

CVE	Title	Updated	Score
CVE-2025-3828	PHPGurukul Men Salon Management System view-appointment.php sql injection	20.04.2025
CVE-2025-3827	PHPGurukul Men Salon Management System forgot-password.php sql injection	20.04.2025
CVE-2025-3826	SourceCodester Web-based Pharmacy Product Management System add-supplier.php cross site scripting	20.04.2025
CVE-2025-3825	SourceCodester Web-based Pharmacy Product Management System add-category.php cross site scripting	20.04.2025
CVE-2025-3824	SourceCodester Web-based Pharmacy Product Management System add-product.php cross site scripting	20.04.2025
CVE-2025-3823	SourceCodester Web-based Pharmacy Product Management System add-stock.php cross site scripting	20.04.2025
CVE-2025-3822	SourceCodester Web-based Pharmacy Product Management System changepassword.php cross site scripting	20.04.2025
CVE-2025-3821	SourceCodester Web-based Pharmacy Product Management System add-admin.php cross site scripting	20.04.2025
CVE-2025-43928		20.04.2025	5.8
CVE-2025-43929		20.04.2025	4.1
CVE-2025-43919		20.04.2025	5.8
CVE-2025-43920		20.04.2025	5.4
CVE-2025-43921		20.04.2025	5.3
CVE-2025-43918		19.04.2025	6.4
CVE-2023-30421		19.04.2025	2.9
CVE-2023-26819		19.04.2025	2.9
CVE-2022-47111		19.04.2025	2.5
CVE-2022-47112		19.04.2025	2.5