Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-31084 |
Description: Deserialization of Untrusted Data vulnerability in sunshinephotocart Sunshine Photo Cart allows Object Injection. This issue affects Sunshine Photo Cart: from n/a through 3.4.10.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
April 1st, 2025 (2 months ago)
|
|
CVE-2025-30971 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xavi Ivars XV Random Quotes allows SQL Injection. This issue affects XV Random Quotes: from n/a through 1.40.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
April 1st, 2025 (2 months ago)
|
|
CVE-2025-30911 |
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Rometheme RomethemeKit For Elementor allows Command Injection. This issue affects RomethemeKit For Elementor: from n/a through 1.5.4.
CVSS: CRITICAL (9.9) EPSS Score: 0.22%
April 1st, 2025 (2 months ago)
|
|
CVE-2025-30886 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Help Desk allows SQL Injection. This issue affects JS Help Desk: from n/a through 2.9.2.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
April 1st, 2025 (2 months ago)
|
|
CVE-2025-30876 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ads by WPQuads Ads by WPQuads allows SQL Injection. This issue affects Ads by WPQuads: from n/a through 2.0.87.1.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
April 1st, 2025 (2 months ago)
|
|
CVE-2025-30622 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in torsteino PostMash allows SQL Injection. This issue affects PostMash: from n/a through 1.0.3.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
April 1st, 2025 (2 months ago)
|
|
CVE-2025-2266 |
Description: The Checkout Mestres do WP for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the cwmpUpdateOptions() function in versions 8.6.5 to 8.7.5. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
CVSS: CRITICAL (9.8) EPSS Score: 0.09%
March 29th, 2025 (2 months ago)
|
|
CVE-2025-22526 |
Description: Deserialization of Untrusted Data vulnerability in NotFound PHP/MySQL CPU performance statistics allows Object Injection. This issue affects PHP/MySQL CPU performance statistics: from n/a through 1.2.1.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
March 28th, 2025 (2 months ago)
|
|
CVE-2025-22523 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Schedule allows Blind SQL Injection. This issue affects Schedule: from n/a through 1.0.0.
CVSS: CRITICAL (9.3) EPSS Score: 0.04% SSVC Exploitation: none
March 28th, 2025 (2 months ago)
|
|
CVE-2025-2294 |
Description: The Kubio AI Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.1 via thekubio_hybrid_theme_load_template function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
CVSS: CRITICAL (9.8) EPSS Score: 25.34%
March 28th, 2025 (2 months ago)
|