CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32499 – WordPress Logo Showcase Ultimate plugin <= 1.4.4 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2025-32499
09 Apr 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpWax Logo Showcase Ultimate allows PHP Local File Inclusion. ... This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execu... • https://patchstack.com/database/wordpress/plugin/logo-showcase-ultimate/vulnerability/wordpress-logo-showcase-ultimate-plugin-1-4-4-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32668 – WordPress Real Estate Manager plugin <= 7.3 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2025-32668
09 Apr 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Rameez Iqbal Real Estate Manager allows PHP Local File Inclusion. ... This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other... • https://patchstack.com/database/wordpress/plugin/real-estate-manager/vulnerability/wordpress-real-estate-manager-plugin-7-3-local-file-inclusion-vulnerability-2?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32692 – WordPress WP Subscription Forms <= 1.2.4 - Local File Inclusion Vulnerability
https://notcve.org/view.php?id=CVE-2025-32692
09 Apr 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Shuffle WP Subscription Forms allows PHP Local File Inclusion. ... This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code e... • https://patchstack.com/database/wordpress/plugin/wp-subscription-forms/vulnerability/wordpress-wp-subscription-forms-1-2-4-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-29394
https://notcve.org/view.php?id=CVE-2025-29394
09 Apr 2025 — An insecure permissions vulnerability in verydows v2.0 allows a remote attacker to execute arbitrary code by uploading a file type. • https://gist.github.com/jaylan545/01e9653c0139638152927fe6f00cd82e •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32631 – WordPress Oxygen MyData for WooCommerce plugin <= 1.0.63 - Arbitrary File Deletion vulnerability
https://notcve.org/view.php?id=CVE-2025-32631
09 Apr 2025 — This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://patchstack.com/database/wordpress/plugin/oxygen-mydata/vulnerability/wordpress-oxygen-mydata-for-woocommerce-plugin-1-0-63-arbitrary-file-deletion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-29812 – DirectX Graphics Kernel Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-29812
08 Apr 2025 — An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the dxkrnl.sys driver. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29812 • CWE-822: Untrusted Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-27729 – Windows Shell Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-27729
08 Apr 2025 — Use after free in Windows Shell allows an unauthorized attacker to execute code locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27729 • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 17EXPL: 0CVE-2025-27491 – Windows Hyper-V Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-27491
08 Apr 2025 — Use after free in Windows Hyper-V allows an authorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27491 • CWE-416: Use After Free •
CVSS: 9.0EPSS: 0%CPEs: 25EXPL: 0CVE-2025-27487 – Remote Desktop Client Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-27487
08 Apr 2025 — Heap-based buffer overflow in Remote Desktop Client allows an authorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27487 • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-27482 – Windows Remote Desktop Services Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-27482
08 Apr 2025 — Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27482 • CWE-591: Sensitive Data Storage in Improperly Locked Memory •