CVE-2025-6990
published 2025-11-01CVE-2025-6990: The kallyas theme for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.0 via the `TH_PhpCode` pagebuilder widget…
PriorityP259high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.53%
40.9th percentile
The kallyas theme for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.0 via the `TH_PhpCode` pagebuilder widget. This is due to the theme not restricting access to the code editor widget for non-administrators. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hogash | kallyas_creative_ecommerce_multi-purpose_wordpress_theme | <= 4.24.0 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2025-0622 grub2: command/gpg: Use-after-free due to hooks not being removed on module unload
bugzilla·2025-02-14·CVSS 6.4
CVE-2025-0622 [MEDIUM] CVE-2025-0622 grub2: command/gpg: Use-after-free due to hooks not being removed on module unload
CVE-2025-0622 grub2: command/gpg: Use-after-free due to hooks not being removed on module unload
In some scenarios hooks created by loaded modules are not being removed when the related module is being unloaded. An attacker may leverage this by forcing the grub2 to call the hooks once the module which registered it was unloaded, leading to a Use-after-free vulnerability. If correctly exploited this vulnerability may result in Arbitrary Code Execution eventually allowing the attacker to by-pass secure boot protections.
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9
Via RHSA-2025:6990 https://access.redhat.com/errata/RHSA-2025:6990
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 10
Via RHSA-2025:1
Bugzilla
CVE-2024-45781 grub2: fs/ufs: OOB write in the heap
bugzilla·2025-02-14·CVSS 6.7
CVE-2024-45781 [MEDIUM] CVE-2024-45781 grub2: fs/ufs: OOB write in the heap
CVE-2024-45781 grub2: fs/ufs: OOB write in the heap
When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap Out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure boot protections.
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9
Via RHSA-2025:6990 https://access.redhat.com/errata/RHSA-2025:6990
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 10
Via RHSA-2025:16154 https://access.redhat.com/errata/RHSA-2025:16154
Bugzilla
CVE-2024-45783 grub2: fs/hfs+: refcount can be decremented twice
bugzilla·2025-02-14·CVSS 4.4
CVE-2024-45783 [MEDIUM] CVE-2024-45783 grub2: fs/hfs+: refcount can be decremented twice
CVE-2024-45783 grub2: fs/hfs+: refcount can be decremented twice
When failing to mount a HFS+ grub hfsplus filesystem driver doesn't properly set a ERRNO value. This may lead to a NULL pointer access.
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9
Via RHSA-2025:6990 https://access.redhat.com/errata/RHSA-2025:6990
Bugzilla
CVE-2024-45776 grub2: grub-core/gettext: Integer overflow leads to Heap OOB Write and Read.
bugzilla·2025-01-21·CVSS 6.7
CVE-2024-45776 [MEDIUM] CVE-2024-45776 grub2: grub-core/gettext: Integer overflow leads to Heap OOB Write and Read.
CVE-2024-45776 grub2: grub-core/gettext: Integer overflow leads to Heap OOB Write and Read.
When reading language .mo file in grub_mofile_open(), grub2 fails to verify to a integer overflow when allocating its internal buffer. A crafted .mo file may lead to the buffer size calculation to overflow leading to Out-of-bound reads and writes. An attacker may leverage this flaw to leak sensitive data or overwrite critical data possibly leading to the circumvention of secure boot protections.
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9
Via RHSA-2025:6990 https://access.redhat.com/errata/RHSA-2025:6990
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 10
Via RHSA-2025:16154 https://access.redhat.com/er
Bugzilla
CVE-2024-45774 grub2: reader/jpeg: Heap OOB Write during JPEG parsing
bugzilla·2025-01-13·CVSS 6.7
CVE-2024-45774 [MEDIUM] CVE-2024-45774 grub2: reader/jpeg: Heap OOB Write during JPEG parsing
CVE-2024-45774 grub2: reader/jpeg: Heap OOB Write during JPEG parsing
Extra SOF0 marker in JPEG file may lead to a out-of-bounds write. An attacker may leverage this by crafting a malicious JPEG file, leading the grub's JPEG parser to fail the bounds checking in its internal buffer resulting in a out-of-bounds memory write. The possibility of overwriting sensitive information in order to bypass secure boot protections are not discarded.
Discussion:
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9
Via RHSA-2025:6990 https://access.redhat.com/errata/RHSA-2025:6990
2025-11-01
Published