Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-31916 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in joy2012bd JP Students Result Management System Premium allows Upload a Web Shell to a Web Server. This issue affects JP Students Result Management System Premium: from 1.1.7 through n/a.
CVSS: CRITICAL (9.0) EPSS Score: 0.06%
May 23rd, 2025 (12 days ago)
|
|
CVE-2025-31914 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav Pixel WordPress Form BuilderPlugin & Autoresponder allows Blind SQL Injection. This issue affects Pixel WordPress Form BuilderPlugin & Autoresponder: from n/a through 1.0.2.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
May 23rd, 2025 (12 days ago)
|
|
CVE-2025-31631 |
Description: Deserialization of Untrusted Data vulnerability in AncoraThemes Fish House allows Object Injection. This issue affects Fish House: from n/a through 1.2.7.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
May 23rd, 2025 (12 days ago)
|
|
CVE-2025-31430 |
Description: Deserialization of Untrusted Data vulnerability in themeton The Business allows Object Injection. This issue affects The Business: from n/a through 1.6.1.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
May 23rd, 2025 (12 days ago)
|
|
CVE-2025-31423 |
Description: Deserialization of Untrusted Data vulnerability in AncoraThemes Umberto allows Object Injection. This issue affects Umberto: from n/a through 1.2.8.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
May 23rd, 2025 (12 days ago)
|
|
CVE-2025-31397 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in smartcms Bus Ticket Booking with Seat Reservation for WooCommerce allows SQL Injection. This issue affects Bus Ticket Booking with Seat Reservation for WooCommerce: from n/a through 1.7.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
May 23rd, 2025 (12 days ago)
|
|
CVE-2025-31069 |
Description: Deserialization of Untrusted Data vulnerability in themeton HotStar – Multi-Purpose Business Theme allows Object Injection. This issue affects HotStar – Multi-Purpose Business Theme: from n/a through 1.4.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
May 23rd, 2025 (12 days ago)
|
|
CVE-2025-31056 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Techspawn WhatsCart - Whatsapp Abandoned Cart Recovery, Order Notifications, Chat Box, OTP for WooCommerce allows SQL Injection. This issue affects WhatsCart - Whatsapp Abandoned Cart Recovery, Order Notifications, Chat Box, OTP for WooCommerce: from n/a through 1.1.0.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
May 23rd, 2025 (12 days ago)
|
|
CVE-2025-31049 |
Description: Deserialization of Untrusted Data vulnerability in themeton Dash allows Object Injection. This issue affects Dash: from n/a through 1.3.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
May 23rd, 2025 (12 days ago)
|
|
CVE-2025-4524 |
Description: The Madara – Responsive and modern WordPress theme for manga sites theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.2 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
CVSS: CRITICAL (9.8) EPSS Score: 0.26%
May 21st, 2025 (14 days ago)
|