Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-31069 |
Description: Deserialization of Untrusted Data vulnerability in themeton HotStar – Multi-Purpose Business Theme allows Object Injection. This issue affects HotStar – Multi-Purpose Business Theme: from n/a through 1.4.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
May 23rd, 2025 (15 days ago)
|
|
CVE-2025-31056 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Techspawn WhatsCart - Whatsapp Abandoned Cart Recovery, Order Notifications, Chat Box, OTP for WooCommerce allows SQL Injection. This issue affects WhatsCart - Whatsapp Abandoned Cart Recovery, Order Notifications, Chat Box, OTP for WooCommerce: from n/a through 1.1.0.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
May 23rd, 2025 (15 days ago)
|
|
CVE-2025-31049 |
Description: Deserialization of Untrusted Data vulnerability in themeton Dash allows Object Injection. This issue affects Dash: from n/a through 1.3.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
May 23rd, 2025 (15 days ago)
|
|
🚨 Marked as known exploited on May 23rd, 2025 (15 days ago).
Description: Learn about CVE-2025-3248 affecting Langflow. Patch now to prevent remote code execution.
CVSS: CRITICAL (9.8)
May 23rd, 2025 (15 days ago)
|
|
CVE-2025-3895 |
Description: Token used for resetting passwords in MegaBIP software are generated using a small space of random values combined with a queryable value.
It allows an unauthenticated attacker who know user login names to brute force these tokens and change account passwords (including these belonging to administrators).
Version 5.20 of MegaBIP fixes this issue.
CVSS: CRITICAL (9.1) EPSS Score: 0.08%
May 23rd, 2025 (15 days ago)
|
|
Description: CVE-2025-31324 impacts SAP NetWeaver's Visual Composer Framework. We share our observations on this vulnerability using incident response cases and telemetry.
The post Threat Brief: CVE-2025-31324 (Updated May 23) appeared first on Unit 42.
CVSS: CRITICAL (10.0) EPSS Score: 78.65%
May 23rd, 2025 (15 days ago)
|
|
CVE-2025-5099 |
Description: An Out of Bounds Write occurs when the native library attempts PDF rendering, which can be exploited to achieve memory corruption and potentially arbitrary code execution.
CVSS: CRITICAL (9.8) EPSS Score: 0.09%
May 23rd, 2025 (16 days ago)
|
|
CVE-2025-5098 |
Description: PrinterShare Android application allows the capture of Gmail authentication tokens that can be reused to access a user's Gmail account without proper authorization.
CVSS: CRITICAL (9.1) EPSS Score: 0.02%
May 23rd, 2025 (16 days ago)
|
|
CVE-2024-41198 |
Description: An issue in Ocuco Innovation - REPORTS.EXE v2.10.24.13 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet.
CVSS: CRITICAL (9.8) EPSS Score: 0.02%
May 22nd, 2025 (16 days ago)
|
|
CVE-2024-41196 |
Description: An issue in Ocuco Innovation - REPORTSERVER.EXE v2.10.24.13 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
May 22nd, 2025 (16 days ago)
|