Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-51818 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Fancy Product Designer. This issue affects Fancy Product Designer: from n/a through 6.4.3.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
January 22nd, 2025 (3 months ago)
|
|
CVE-2024-49688 |
Description: Deserialization of Untrusted Data vulnerability in NotFound ARPrice allows Object Injection. This issue affects ARPrice: from n/a through 4.0.3.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
January 22nd, 2025 (3 months ago)
|
|
CVE-2024-49655 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound ARPrice allows SQL Injection. This issue affects ARPrice: from n/a through 4.0.3.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
January 22nd, 2025 (3 months ago)
|
|
CVE-2024-32555 |
Description: Incorrect Privilege Assignment vulnerability in NotFound Easy Real Estate allows Privilege Escalation. This issue affects Easy Real Estate: from n/a through 2.2.6.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
January 22nd, 2025 (3 months ago)
|
|
CVE-2024-13091 |
Description: The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'qcld_wpcfb_file_upload' function in all versions up to, and including, 13.5.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. Note: The exploit requires thee ChatBot Conversational Forms plugin and the Conversational Form Builder Pro addon plugin.
CVSS: CRITICAL (9.8) EPSS Score: 0.09%
January 22nd, 2025 (3 months ago)
|
|
CVE-2024-13375 |
Description: The Adifier System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.1.7. This is due to the plugin not properly validating a user's identity prior to updating their details like password through the adifier_recover() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
CVSS: CRITICAL (9.8) EPSS Score: 0.09%
January 19th, 2025 (3 months ago)
|
|
CVE-2025-23922 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Harsh iSpring Embedder allows Upload a Web Shell to a Web Server.This issue affects iSpring Embedder: from n/a through 1.0.
CVSS: CRITICAL (10.0) EPSS Score: 0.04%
January 17th, 2025 (3 months ago)
|
|
CVE-2025-23797 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Mike Selander WP Options Editor allows Privilege Escalation.This issue affects WP Options Editor: from n/a through 1.1.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
January 17th, 2025 (3 months ago)
|
|
CVE-2025-22785 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ComMotion Course Booking System allows SQL Injection.This issue affects Course Booking System: from n/a through 6.0.5.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
January 16th, 2025 (3 months ago)
|
|
CVE-2025-22782 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Web Ready Now WR Price List Manager For Woocommerce allows Upload a Web Shell to a Web Server.This issue affects WR Price List Manager For Woocommerce: from n/a through 1.0.8.
CVSS: CRITICAL (9.9) EPSS Score: 0.04%
January 16th, 2025 (3 months ago)
|