Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-1087 |
Description: Kong Insomnia Desktop Application before 11.0.2 contains a template injection vulnerability that allows attackers to execute arbitrary code. The vulnerability exists due to insufficient validation of user-supplied input when processing template strings, which can lead to arbitrary JavaScript execution in the context of the application.
CVSS: CRITICAL (9.3) EPSS Score: 0.19%
May 9th, 2025 (30 days ago)
|
|
CVE-2025-4403 |
Description: The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.1.6 due to accepting a user‐supplied supported_type string and the uploaded filename without enforcing real extension or MIME checks within the upload() function. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS: CRITICAL (9.8) EPSS Score: 0.25%
May 9th, 2025 (30 days ago)
|
|
CVE-2025-3605 |
Description: The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.7. This is due to the plugin not properly validating a user's identity prior to updating their details like email via the flr_blocks_user_settings_handle_ajax_callback() function. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.
CVSS: CRITICAL (9.8) EPSS Score: 2.72%
May 9th, 2025 (30 days ago)
|
|
CVE-2025-2253 |
Description: The IMITHEMES Listing plugin is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3. This is due to the plugin not properly validating a verification code value prior to updating their password through the imic_reset_password_init() function. This makes it possible for unauthenticated attackers to change any user's passwords, including administrators if the users email is known.
CVSS: CRITICAL (9.8) EPSS Score: 0.07%
May 9th, 2025 (30 days ago)
|
|
CVE-2024-11617 |
Description: The Envolve Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'zetra_languageUpload' and 'zetra_fontsUpload' functions in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS: CRITICAL (9.8) EPSS Score: 0.2%
May 9th, 2025 (30 days ago)
|
|
CVE-2025-3463 |
Description: "This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation vulnerability in ASUS DriverHub may allow untrusted sources to affect system behavior via crafted HTTP requests.
Refer to the 'Security Update for ASUS DriverHub' section on the ASUS Security Advisory for more information.
CVSS: CRITICAL (9.4) EPSS Score: 0.07%
May 9th, 2025 (30 days ago)
|
|
CVE-2025-3714 |
Description: The LCD KVM over IP Switch CL5708IM has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device.
CVSS: CRITICAL (9.8) EPSS Score: 0.21%
May 9th, 2025 (about 1 month ago)
|
|
Description: A China-linked unnamed threat actor dubbed Chaya_004 has been observed exploiting a recently disclosed security flaw in SAP NetWeaver.
Forescout Vedere Labs, in a report published today, said it uncovered a malicious infrastructure likely associated with the hacking group weaponizing CVE-2025-31324 (CVSS score: 10.0) since April 29, 2025.
CVE-2025-31324 refers to a critical SAP NetWeaver flaw
CVSS: CRITICAL (10.0) EPSS Score: 78.65%
May 9th, 2025 (about 1 month ago)
|
|
CVE-2025-3711 |
Description: The LCD KVM over IP Switch CL5708IM has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device.
CVSS: CRITICAL (9.8) EPSS Score: 0.21%
May 9th, 2025 (about 1 month ago)
|
|
CVE-2025-3710 |
Description: The LCD KVM over IP Switch CL5708IM has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device.
CVSS: CRITICAL (9.8) EPSS Score: 0.21%
May 9th, 2025 (about 1 month ago)
|