Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-32927 |
Description: Deserialization of Untrusted Data vulnerability in Chimpstudio FoodBakery allows Object Injection.This issue affects FoodBakery: from n/a through 3.3.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
May 19th, 2025 (19 days ago)
|
|
CVE-2025-32926 |
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeGoods Grand Restaurant WordPress allows Path Traversal.This issue affects Grand Restaurant WordPress: from n/a through 7.0.
CVSS: CRITICAL (9.8) EPSS Score: 0.06%
May 19th, 2025 (19 days ago)
|
|
Description: A security vulnerability was discovered in Gardener that could allow a user with administrative privileges for a Gardener project or a user with administrative privileges for a shoot cluster, including administrative privileges for a single namespace of the shoot cluster, to obtain control over the seed cluster where the shoot cluster is managed.
Am I Vulnerable?
This CVE affects all Gardener installations no matter of the public cloud provider(s) used for the seed clusters/shoot clusters.
Affected Components
gardener/external-dns-management
Affected Versions
< 0.23.6
Fixed Versions
>= 0.23.6
Important
The external-dns-management component may also be deployed on the seeds by the https://github.com/gardener/gardener-extension-shoot-dns-service extension when the extension is enabled. In this case, all versions of the shoot-dns-service extension <= v1.60.0 are affected by this vulnerability.
How do I mitigate this vulnerability?
Update to a fixed version.
References
https://github.com/gardener/external-dns-management/security/advisories/GHSA-xwgg-m7fx-83wx
https://nvd.nist.gov/vuln/detail/CVE-2025-47282
https://github.com/advisories/GHSA-xwgg-m7fx-83wx
CVSS: CRITICAL (9.9) EPSS Score: 0.1%
May 19th, 2025 (19 days ago)
|
|
|
Description: A security vulnerability was discovered in Gardener that could allow a user with administrative privileges for a Gardener project or a user with administrative privileges for a shoot cluster, including administrative privileges for a single namespace of the shoot cluster, to obtain control over the seed cluster where the shoot cluster is managed.
Am I Vulnerable?
This CVE affects all Gardener installations no matter of the public cloud provider(s) used for the seed clusters/shoot clusters.
Affected Components
gardener/external-dns-management
Affected Versions
< 0.23.6
Fixed Versions
>= 0.23.6
Important
The external-dns-management component may also be deployed on the seeds by the https://github.com/gardener/gardener-extension-shoot-dns-service extension when the extension is enabled. In this case, all versions of the shoot-dns-service extension <= v1.60.0 are affected by this vulnerability.
How do I mitigate this vulnerability?
Update to a fixed version.
References
https://github.com/gardener/external-dns-management/security/advisories/GHSA-xwgg-m7fx-83wx
https://nvd.nist.gov/vuln/detail/CVE-2025-47282
https://github.com/advisories/GHSA-xwgg-m7fx-83wx
CVSS: CRITICAL (9.9) EPSS Score: 0.1%
May 19th, 2025 (19 days ago)
|
|
CVE-2025-47582 |
Description: Deserialization of Untrusted Data vulnerability in QuantumCloud WPBot Pro Wordpress Chatbot allows Object Injection.This issue affects WPBot Pro Wordpress Chatbot: from n/a through 12.7.0.
CVSS: CRITICAL (9.8) EPSS Score: 0.05% SSVC Exploitation: none
May 19th, 2025 (19 days ago)
|
|
CVE-2025-47581 |
Description: Deserialization of Untrusted Data vulnerability in Elbisnero WordPress Events Calendar Registration & Tickets allows Object Injection.This issue affects WordPress Events Calendar Registration & Tickets: from n/a through 2.6.0.
CVSS: CRITICAL (9.8) EPSS Score: 0.05% SSVC Exploitation: none
May 19th, 2025 (19 days ago)
|
|
CVE-2025-47577 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in TemplateInvaders TI WooCommerce Wishlist allows Upload a Web Shell to a Web Server.This issue affects TI WooCommerce Wishlist: from n/a through 2.9.2.
CVSS: CRITICAL (10.0) EPSS Score: 0.06% SSVC Exploitation: none
May 19th, 2025 (19 days ago)
|
|
CVE-2025-47284 |
Gardener vulnerable to metadata injection for a project secret that can lead to privilege escalation
Description: Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in the `gardenlet` component of Gardener prior to versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0. It could allow a user with administrative privileges for a Gardener project to obtain control over the seed cluster(s) where their shoot clusters are managed. This CVE affects all Gardener installations where gardener/gardener-extension-provider-gcp is in use. Versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0 fix the issue.
CVSS: CRITICAL (9.9) EPSS Score: 0.05%
May 19th, 2025 (19 days ago)
|
|
CVE-2025-47283 |
Description: Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in Gardener prior to versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0 that could allow a user with administrative privileges for a Gardener project to obtain control over the seed cluster(s) where their shoot clusters are managed. This CVE affects all Gardener installations no matter of the public cloud provider(s) used for the seed clusters/shoot clusters. `gardener/gardener` (`gardenlet`) is the affected component. Versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0 fix the issue.
CVSS: CRITICAL (9.9) EPSS Score: 0.1%
May 19th, 2025 (19 days ago)
|
|
CVE-2025-39445 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection.This issue affects Super Store Finder: from n/a through 7.2.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
May 19th, 2025 (19 days ago)
|