Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-31380 |
Description: Weak Password Recovery Mechanism for Forgotten Password vulnerability in videowhisper Paid Videochat Turnkey Site allows Password Recovery Exploitation. This issue affects Paid Videochat Turnkey Site: from n/a through 7.3.11.
CVSS: CRITICAL (9.8)
April 17th, 2025 (about 4 hours ago)
|
|
CVE-2025-27302 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Claudio Adrian Marrero CHATLIVE allows SQL Injection. This issue affects CHATLIVE: from n/a through 2.0.1.
CVSS: CRITICAL (9.3)
April 17th, 2025 (about 4 hours ago)
|
|
CVE-2025-27287 |
Description: Deserialization of Untrusted Data vulnerability in ssvadim SS Quiz allows Object Injection. This issue affects SS Quiz: from n/a through 2.0.5.
CVSS: CRITICAL (9.8)
April 17th, 2025 (about 4 hours ago)
|
|
CVE-2025-27286 |
Description: Deserialization of Untrusted Data vulnerability in saoshyant1994 Saoshyant Slider allows Object Injection. This issue affects Saoshyant Slider: from n/a through 3.0.
CVSS: CRITICAL (9.8)
April 17th, 2025 (about 4 hours ago)
|
|
CVE-2025-27282 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in rockgod100 Theme File Duplicator allows Using Malicious Files. This issue affects Theme File Duplicator: from n/a through 1.3.
CVSS: CRITICAL (9.9)
April 17th, 2025 (about 4 hours ago)
|
|
CVE-2025-22655 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Caio Web Dev CWD – Stealth Links allows SQL Injection. This issue affects CWD – Stealth Links: from n/a through 1.3.
CVSS: CRITICAL (9.3) SSVC Exploitation: none
April 17th, 2025 (about 4 hours ago)
|
|
CVE-2025-3651 |
Description: Improper Verification of Source of a Communication Channel in Work Desktop for Mac versions below 10.8.2.33 allows attackers to execute arbitrary commands via unauthorized access to the Agent service.
CVSS: CRITICAL (9.3)
April 17th, 2025 (about 5 hours ago)
|
|
Description: A critical security vulnerability has been disclosed in the Erlang/Open Telecom Platform (OTP) SSH implementation that could permit an attacker to execute arbitrary code sans any authentication under certain conditions.
The vulnerability, tracked as CVE-2025-32433, has been given the maximum CVSS score of 10.0.
"The vulnerability allows an attacker with network access to an Erlang/OTP SSH
CVSS: CRITICAL (10.0)
April 17th, 2025 (about 11 hours ago)
|
|
CVE-2025-3113 |
Description: A valid, authenticated user with sufficient privileges and who is aware of Continuous Compliance’s internal database configurations can leverage the application’s built-in Connector functionality to access Continuous Compliance’s internal database. This allows the user to explore the internal database schema and export its data, including the properties of Connecters and Rule Sets.
CVSS: CRITICAL (9.0)
April 17th, 2025 (about 13 hours ago)
|
|
CVE-2025-31340 |
Description: A improper control of filename for include/require statement in PHP program vulnerability in the retrieve course Information function of Wisdom Master Pro versions 5.0 through 5.2 allows remote attackers to perform arbitrary system commands by running a malicious file.
CVSS: CRITICAL (9.9)
April 17th, 2025 (about 17 hours ago)
|