Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-24665 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eniture Technology Small Package Quotes – Unishippers Edition allows SQL Injection. This issue affects Small Package Quotes – Unishippers Edition: from n/a through 2.4.8.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
January 28th, 2025 (3 months ago)
|
|
CVE-2025-24664 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eniture Technology LTL Freight Quotes – Worldwide Express Edition allows SQL Injection. This issue affects LTL Freight Quotes – Worldwide Express Edition: from n/a through 5.0.20.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
January 28th, 2025 (3 months ago)
|
|
CVE-2025-24612 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MORKVA Shipping for Nova Poshta allows SQL Injection. This issue affects Shipping for Nova Poshta: from n/a through 1.19.6.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
January 28th, 2025 (3 months ago)
|
|
CVE-2025-24601 |
Description: Deserialization of Untrusted Data vulnerability in ThimPress FundPress allows Object Injection. This issue affects FundPress: from n/a through 2.0.6.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
January 28th, 2025 (3 months ago)
|
|
CVE-2025-0357 |
Description: The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'WPB_Profile_controller::handle_image_upload' function in versions up to, and including, 1.6.9. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS: CRITICAL (9.8) EPSS Score: 0.09%
January 28th, 2025 (3 months ago)
|
|
CVE-2024-56012 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Pearlbells Flash News / Post (Responsive), Pearlbells Post Title (TypeWriter) allows Privilege Escalation.This issue affects Flash News / Post (Responsive): from n/a through 4.1; Post Title (TypeWriter): from n/a through 4.1.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
January 28th, 2025 (3 months ago)
|
|
CVE-2025-24650 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Tourfic allows Upload a Web Shell to a Web Server. This issue affects Tourfic: from n/a through 2.15.3.
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
January 25th, 2025 (3 months ago)
|
|
CVE-2024-13545 |
Description: The Bootstrap Ultimate theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.9 via the path parameter. This makes it possible for unauthenticated attackers to include PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files can be uploaded and included. If php://filter is enabled on the server, this issue may directly lead to Remote Code Execution.
CVSS: CRITICAL (9.8) EPSS Score: 0.09%
January 25th, 2025 (3 months ago)
|
|
CVE-2025-23953 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Innovative Solutions user files allows Upload a Web Shell to a Web Server. This issue affects user files: from n/a through 2.4.2.
CVSS: CRITICAL (10.0) EPSS Score: 0.04%
January 23rd, 2025 (3 months ago)
|
|
CVE-2025-23942 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in NgocCode WP Load Gallery allows Upload a Web Shell to a Web Server. This issue affects WP Load Gallery: from n/a through 2.1.6.
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
January 23rd, 2025 (3 months ago)
|