Contact
Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Cybersecurity is about sharing. Recognize the risk,
combat it, share your experiences, and encourage others
to do better than you.
Banner Mobile
Redhotcyber Banner Sito 970x120px Uscita 101125

Most Critical CVE List from the Last 3 Days

Below are the critical vulnerabilities published in recent days by the National Vulnerability Database (NVD). Exercise maximum caution to prevent potential exploitation.
Single vulnerability search

24/12/2025

WordPress

CRITICAL (9.8)
CVE-2025-13773
The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to Remote Code Execution in all versions...
Vendor/s: WordPress

Full Description

The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.8.0 via the 'WooCommerce_Delivery_Notes::update' function. This is due to missing capability check in the 'WooCommerce_Delivery_Notes::update' function, PHP enabled in Dompdf, and missing escape in the 'template.php' file. This makes it possible for unauthenticated attackers to execute code on the server.

CVSS Metrics v3.1

  • Impact: Confid.: HIGH, Integ.: HIGH, Avail.: HIGH
  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Interaction/Privileges: NONE / NONE
  • Scope: UNCHANGED
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Exploitability/Impact Score: 3.9 / 5.9

Additional Information

Published on: 24/12/2025 05:16:05
Last Modified: 24/12/2025 05:16:05

Sources and References

23/12/2025

WordPress

CRITICAL (9.8)
CVE-2025-14388
The PhastPress plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read via null byte injection in all versions up...
Vendor/s: WordPress

Full Description

The PhastPress plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read via null byte injection in all versions up to, and including, 3.7. This is due to a discrepancy between the extension validation in `getExtensionForURL()` which operates on URL-decoded paths, and `appendNormalized()` which strips everything after a null byte before constructing the filesystem path. This makes it possible for unauthenticated attackers to read arbitrary files from the webroot, including wp-config.php, by appending a double URL-encoded null byte (%2500) followed by an allowed extension (.txt) to the file path.

CVSS Metrics v3.1

  • Impact: Confid.: HIGH, Integ.: HIGH, Avail.: HIGH
  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Interaction/Privileges: NONE / NONE
  • Scope: UNCHANGED
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Exploitability/Impact Score: 3.9 / 5.9

Additional Information

Published on: 23/12/2025 10:15:43
Last Modified: 23/12/2025 14:51:52

Sources and References

Nvidia

CRITICAL (9.8)
CVE-2025-33222
NVIDIA Isaac Launchable contains a vulnerability where an attacker could exploit a hard-coded credential issue. A successful exploit of this...
Vendor/s: Nvidia

Full Description

NVIDIA Isaac Launchable contains a vulnerability where an attacker could exploit a hard-coded credential issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, and data tampering.

CVSS Metrics v3.1

  • Impact: Confid.: HIGH, Integ.: HIGH, Avail.: HIGH
  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Interaction/Privileges: NONE / NONE
  • Scope: UNCHANGED
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Exploitability/Impact Score: 3.9 / 5.9

Additional Information

Published on: 23/12/2025 17:15:47
Last Modified: 23/12/2025 17:15:47

Sources and References

CRITICAL (9.8)
CVE-2025-33223
NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessary privileges. A successful exploit of...
Vendor/s: Nvidia

Full Description

NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessary privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, information disclosure and data tampering.

CVSS Metrics v3.1

  • Impact: Confid.: HIGH, Integ.: HIGH, Avail.: HIGH
  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Interaction/Privileges: NONE / NONE
  • Scope: UNCHANGED
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Exploitability/Impact Score: 3.9 / 5.9

Additional Information

Published on: 23/12/2025 17:15:47
Last Modified: 23/12/2025 17:15:47

Sources and References

CRITICAL (9.8)
CVE-2025-33224
NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessary privileges. A successful exploit of...
Vendor/s: Nvidia

Full Description

NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessary privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, information disclosure and data tampering.

CVSS Metrics v3.1

  • Impact: Confid.: HIGH, Integ.: HIGH, Avail.: HIGH
  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Interaction/Privileges: NONE / NONE
  • Scope: UNCHANGED
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Exploitability/Impact Score: 3.9 / 5.9

Additional Information

Published on: 23/12/2025 17:15:47
Last Modified: 23/12/2025 17:15:47

Sources and References