Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-27302 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Claudio Adrian Marrero CHATLIVE allows SQL Injection. This issue affects CHATLIVE: from n/a through 2.0.1.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
April 17th, 2025 (about 2 months ago)
|
|
CVE-2025-27287 |
Description: Deserialization of Untrusted Data vulnerability in ssvadim SS Quiz allows Object Injection. This issue affects SS Quiz: from n/a through 2.0.5.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
April 17th, 2025 (about 2 months ago)
|
|
CVE-2025-27286 |
Description: Deserialization of Untrusted Data vulnerability in saoshyant1994 Saoshyant Slider allows Object Injection. This issue affects Saoshyant Slider: from n/a through 3.0.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
April 17th, 2025 (about 2 months ago)
|
|
CVE-2025-27282 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in rockgod100 Theme File Duplicator allows Using Malicious Files. This issue affects Theme File Duplicator: from n/a through 1.3.
CVSS: CRITICAL (9.9) EPSS Score: 0.05%
April 17th, 2025 (about 2 months ago)
|
|
CVE-2025-22655 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Caio Web Dev CWD – Stealth Links allows SQL Injection. This issue affects CWD – Stealth Links: from n/a through 1.3.
CVSS: CRITICAL (9.3) EPSS Score: 0.04% SSVC Exploitation: none
April 17th, 2025 (about 2 months ago)
|
|
CVE-2025-39601 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in WPFactory Custom CSS, JS & PHP allows Remote Code Inclusion. This issue affects Custom CSS, JS & PHP: from n/a through 2.4.1.
CVSS: CRITICAL (9.6) EPSS Score: 0.02%
April 16th, 2025 (about 2 months ago)
|
|
CVE-2025-39557 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Ben Ritner - Kadence WP Kadence WooCommerce Email Designer allows Upload a Web Shell to a Web Server. This issue affects Kadence WooCommerce Email Designer: from n/a through 1.5.14.
CVSS: CRITICAL (9.1) EPSS Score: 0.05%
April 16th, 2025 (about 2 months ago)
|
|
CVE-2025-30967 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in NotFound WPJobBoard allows Upload a Web Shell to a Web Server. This issue affects WPJobBoard: from n/a through n/a.
CVSS: CRITICAL (9.6) EPSS Score: 0.02%
April 15th, 2025 (about 2 months ago)
|
|
CVE-2025-26927 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in EPC AI Hub allows Upload a Web Shell to a Web Server. This issue affects AI Hub: from n/a through 1.3.3.
CVSS: CRITICAL (10.0) EPSS Score: 0.06%
April 15th, 2025 (about 2 months ago)
|
|
CVE-2024-1071 |
Description: The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'sorting' parameter in versions 2.1.3 to 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVSS: CRITICAL (9.8) EPSS Score: 92.48% SSVC Exploitation: none
April 15th, 2025 (about 2 months ago)
|