Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-32496 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Uncodethemes Ultra Demo Importer allows Upload a Web Shell to a Web Server. This issue affects Ultra Demo Importer: from n/a through 1.0.5.
CVSS: CRITICAL (9.6) EPSS Score: 0.02%
April 9th, 2025 (about 2 months ago)
|
|
CVE-2025-31033 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Adam Nowak Buddypress Humanity allows Cross Site Request Forgery. This issue affects Buddypress Humanity: from n/a through 1.2.
CVSS: CRITICAL (9.8) EPSS Score: 0.03%
April 9th, 2025 (about 2 months ago)
|
|
CVE-2025-31002 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Bogdan Bendziukov Squeeze allows Using Malicious Files. This issue affects Squeeze: from n/a through 1.6.
CVSS: CRITICAL (9.1) EPSS Score: 0.05%
April 9th, 2025 (about 2 months ago)
|
|
CVE-2024-30224 |
Description: Deserialization of Untrusted Data vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.2.
CVSS: CRITICAL (10.0) EPSS Score: 0.77% SSVC Exploitation: none
April 8th, 2025 (about 2 months ago)
|
|
CVE-2024-29100 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.1.4.
CVSS: CRITICAL (9.1) EPSS Score: 0.08% SSVC Exploitation: none
April 8th, 2025 (about 2 months ago)
|
|
CVE-2024-2890 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Tumult Inc. Tumult Hype Animations.This issue affects Tumult Hype Animations: from n/a through 1.9.12.
CVSS: CRITICAL (9.1) EPSS Score: 0.34% SSVC Exploitation: poc
April 8th, 2025 (about 2 months ago)
|
|
CVE-2025-2004 |
Description: The Simple WP Events plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wpe_delete_file AJAX action in all versions up to, and including, 1.8.17. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
CVSS: CRITICAL (9.1) EPSS Score: 0.34%
April 8th, 2025 (2 months ago)
|
|
CVE-2025-2941 |
Description: The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation via the wc-upload-file[] parameter in all versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to move arbitrary files on the server, which can easily lead to remote code execution when the right file is moved (such as wp-config.php).
CVSS: CRITICAL (9.8) EPSS Score: 0.25%
April 5th, 2025 (2 months ago)
|
|
CVE-2025-32118 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in NiteoThemes CMP – Coming Soon & Maintenance allows Using Malicious Files. This issue affects CMP – Coming Soon & Maintenance: from n/a through 4.1.13.
CVSS: CRITICAL (9.1) EPSS Score: 0.05%
April 4th, 2025 (2 months ago)
|
|
CVE-2025-31403 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shiptrack Booking Calendar and Notification allows Blind SQL Injection.This issue affects Booking Calendar and Notification: from n/a through 4.0.3.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
April 4th, 2025 (2 months ago)
|