Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-32572 |
Description: Deserialization of Untrusted Data vulnerability in Climax Themes Kata Plus allows Object Injection. This issue affects Kata Plus: from n/a through 1.5.2.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
April 17th, 2025 (about 2 months ago)
|
|
CVE-2025-31380 |
Description: Weak Password Recovery Mechanism for Forgotten Password vulnerability in videowhisper Paid Videochat Turnkey Site allows Password Recovery Exploitation. This issue affects Paid Videochat Turnkey Site: from n/a through 7.3.11.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
April 17th, 2025 (about 2 months ago)
|
|
CVE-2025-27302 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Claudio Adrian Marrero CHATLIVE allows SQL Injection. This issue affects CHATLIVE: from n/a through 2.0.1.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
April 17th, 2025 (about 2 months ago)
|
|
CVE-2025-27287 |
Description: Deserialization of Untrusted Data vulnerability in ssvadim SS Quiz allows Object Injection. This issue affects SS Quiz: from n/a through 2.0.5.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
April 17th, 2025 (about 2 months ago)
|
|
CVE-2025-27286 |
Description: Deserialization of Untrusted Data vulnerability in saoshyant1994 Saoshyant Slider allows Object Injection. This issue affects Saoshyant Slider: from n/a through 3.0.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
April 17th, 2025 (about 2 months ago)
|
|
CVE-2025-27282 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in rockgod100 Theme File Duplicator allows Using Malicious Files. This issue affects Theme File Duplicator: from n/a through 1.3.
CVSS: CRITICAL (9.9) EPSS Score: 0.05%
April 17th, 2025 (about 2 months ago)
|
|
CVE-2025-22655 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Caio Web Dev CWD – Stealth Links allows SQL Injection. This issue affects CWD – Stealth Links: from n/a through 1.3.
CVSS: CRITICAL (9.3) EPSS Score: 0.04% SSVC Exploitation: none
April 17th, 2025 (about 2 months ago)
|
|
CVE-2025-3651 |
Description: Improper Verification of Source of a Communication Channel in Work Desktop for Mac versions below 10.8.2.33 allows attackers to execute arbitrary commands via unauthorized access to the Agent service.
CVSS: CRITICAL (9.3) EPSS Score: 0.03%
April 17th, 2025 (about 2 months ago)
|
|
Description: A critical security vulnerability has been disclosed in the Erlang/Open Telecom Platform (OTP) SSH implementation that could permit an attacker to execute arbitrary code sans any authentication under certain conditions.
The vulnerability, tracked as CVE-2025-32433, has been given the maximum CVSS score of 10.0.
"The vulnerability allows an attacker with network access to an Erlang/OTP SSH
CVSS: CRITICAL (10.0) EPSS Score: 37.73%
April 17th, 2025 (about 2 months ago)
|
|
CVE-2025-3113 |
Description: A valid, authenticated user with sufficient privileges and who is aware of Continuous Compliance’s internal database configurations can leverage the application’s built-in Connector functionality to access Continuous Compliance’s internal database. This allows the user to explore the internal database schema and export its data, including the properties of Connecters and Rule Sets.
CVSS: CRITICAL (9.0) EPSS Score: 0.04%
April 17th, 2025 (about 2 months ago)
|