Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-3811 |
Description: The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like email through the edit_newdata_customer_callback() function. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.
CVSS: CRITICAL (9.8) EPSS Score: 0.07%
May 9th, 2025 (about 1 month ago)
|
|
CVE-2025-3810 |
Description: The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like password and email through the edit_profile_data() function. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses and passwords, including administrators, and leverage that to gain access to their account.
CVSS: CRITICAL (9.8) EPSS Score: 0.07%
May 9th, 2025 (about 1 month ago)
|
|
CVE-2025-47733 |
Description: Server-Side Request Forgery (SSRF) in Microsoft Power Apps allows an unauthorized attacker to disclose information over a network
CVSS: CRITICAL (9.1) EPSS Score: 0.13%
May 8th, 2025 (about 1 month ago)
|
|
CVE-2025-29972 |
Description: Server-Side Request Forgery (SSRF) in Azure allows an authorized attacker to perform spoofing over a network.
CVSS: CRITICAL (9.9) EPSS Score: 0.42%
May 8th, 2025 (about 1 month ago)
|
|
CVE-2025-29827 |
Description: Improper Authorization in Azure Automation allows an authorized attacker to elevate privileges over a network.
CVSS: CRITICAL (9.9) EPSS Score: 0.1%
May 8th, 2025 (about 1 month ago)
|
|
CVE-2025-29813 |
Description: An elevation of privilege vulnerability exists when Visual Studio improperly handles pipeline job tokens. An attacker who successfully exploited this vulnerability could extend their access to a project.
To exploit this vulnerability, an attacker would first have to have access to the project and swap the short-term token for a long-term one.
The update addresses the vulnerability by correcting how the Visual Studio updater handles these tokens.
CVSS: CRITICAL (10.0) EPSS Score: 0.13%
May 8th, 2025 (about 1 month ago)
|
|
CVE-2025-45797 |
Description: TOTOlink A950RG V4.1.2cu.5204_B20210112 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the NoticeUrl parameter in the setNoticeCfg interface of /lib/cste_modules/system.so.
CVSS: CRITICAL (9.8) EPSS Score: 0.14%
May 8th, 2025 (about 1 month ago)
|
|
CVE-2025-45789 |
Description: TOTOLINK A3100R V5.9c.1527 is vulnerable to buffer overflow via the urlKeyword parameter in setParentalRules.
CVSS: CRITICAL (9.8) EPSS Score: 0.14%
May 8th, 2025 (about 1 month ago)
|
|
CVE-2025-45788 |
Description: TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow via the comment parameter in setMacFilterRules.
CVSS: CRITICAL (9.8) EPSS Score: 0.14%
May 8th, 2025 (about 1 month ago)
|
|
CVE-2025-45787 |
Description: TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow viathe comment parameter in setIpPortFilterRules.
CVSS: CRITICAL (9.8) EPSS Score: 0.14%
May 8th, 2025 (about 1 month ago)
|