Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-3115 |
Description: Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions.
Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code execution
CVSS: CRITICAL (9.4) EPSS Score: 0.08% SSVC Exploitation: none
April 9th, 2025 (2 months ago)
|
|
CVE-2025-3114 |
Description: Code Execution via Malicious Files: Attackers can create specially crafted files with embedded code that may execute without adequate security validation, potentially leading to system compromise.
Sandbox Bypass Vulnerability: A flaw in the TERR security mechanism allows attackers to bypass sandbox restrictions, enabling the execution of untrusted code without appropriate controls.
CVSS: CRITICAL (9.4) EPSS Score: 0.14%
April 9th, 2025 (2 months ago)
|
|
CVE-2025-32695 |
Description: Incorrect Privilege Assignment vulnerability in Mestres do WP Checkout Mestres WP allows Privilege Escalation. This issue affects Checkout Mestres WP: from n/a through 8.7.5.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
April 9th, 2025 (2 months ago)
|
|
CVE-2025-32642 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in appsbd Vite Coupon allows Remote Code Inclusion. This issue affects Vite Coupon: from n/a through 1.0.7.
CVSS: CRITICAL (10.0) EPSS Score: 0.03%
April 9th, 2025 (2 months ago)
|
|
CVE-2025-32641 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in anantaddons Anant Addons for Elementor allows Cross Site Request Forgery. This issue affects Anant Addons for Elementor: from n/a through 1.1.5.
CVSS: CRITICAL (9.6) EPSS Score: 0.02%
April 9th, 2025 (2 months ago)
|
|
CVE-2025-32576 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Agence web Eoxia - Montpellier WP shop allows Upload a Web Shell to a Web Server. This issue affects WP shop: from n/a through 2.6.0.
CVSS: CRITICAL (9.6) EPSS Score: 0.02%
April 9th, 2025 (2 months ago)
|
|
CVE-2025-32496 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Uncodethemes Ultra Demo Importer allows Upload a Web Shell to a Web Server. This issue affects Ultra Demo Importer: from n/a through 1.0.5.
CVSS: CRITICAL (9.6) EPSS Score: 0.02%
April 9th, 2025 (2 months ago)
|
|
CVE-2025-31033 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Adam Nowak Buddypress Humanity allows Cross Site Request Forgery. This issue affects Buddypress Humanity: from n/a through 1.2.
CVSS: CRITICAL (9.8) EPSS Score: 0.03%
April 9th, 2025 (2 months ago)
|
|
CVE-2025-31002 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Bogdan Bendziukov Squeeze allows Using Malicious Files. This issue affects Squeeze: from n/a through 1.6.
CVSS: CRITICAL (9.1) EPSS Score: 0.05%
April 9th, 2025 (2 months ago)
|
|
CVE-2025-32375 |
Description: BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.8, there was an insecure deserialization in BentoML's runner server. By setting specific headers and parameters in the POST request, it is possible to execute any unauthorized arbitrary code on the server, which will grant the attackers to have the initial access and information disclosure on the server. This vulnerability is fixed in 1.4.8.
CVSS: CRITICAL (9.8) EPSS Score: 36.96% SSVC Exploitation: poc
April 9th, 2025 (2 months ago)
|