Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-22717 |
Description: Missing Authorization vulnerability in Joe Dolson My Tickets allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects My Tickets: from n/a through 2.0.9.
CVSS: HIGH (7.5) EPSS Score: 0.04%
January 22nd, 2025 (3 months ago)
|
|
CVE-2025-22716 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Taskbuilder Team Taskbuilder allows SQL Injection. This issue affects Taskbuilder: from n/a through 3.0.6.
CVSS: HIGH (8.5) EPSS Score: 0.04%
January 22nd, 2025 (3 months ago)
|
|
CVE-2025-22711 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Thomas Maier Image Source Control allows Reflected XSS. This issue affects Image Source Control: from n/a through 2.29.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 22nd, 2025 (3 months ago)
|
|
CVE-2025-22710 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StoreApps Smart Manager allows Blind SQL Injection. This issue affects Smart Manager: from n/a through 8.52.0.
CVSS: HIGH (7.6) EPSS Score: 0.04%
January 22nd, 2025 (3 months ago)
|
|
CVE-2025-22709 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Soft8Soft LLC Verge3D allows Reflected XSS. This issue affects Verge3D: from n/a through 4.8.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 22nd, 2025 (3 months ago)
|
|
CVE-2025-22706 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iova.mihai Social Pug: Author Box allows Reflected XSS. This issue affects Social Pug: Author Box: from n/a through 1.0.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 22nd, 2025 (3 months ago)
|
|
CVE-2025-22322 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Private Messages for UserPro allows Reflected XSS. This issue affects Private Messages for UserPro: from n/a through 4.10.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 22nd, 2025 (3 months ago)
|
|
CVE-2025-22318 |
Description: Missing Authorization vulnerability in Eniture Technology Standard Box Sizes – for WooCommerce. This issue affects Standard Box Sizes – for WooCommerce: from n/a through 1.6.13.
CVSS: HIGH (7.5) EPSS Score: 0.04%
January 22nd, 2025 (3 months ago)
|
|
CVE-2025-22311 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound Private Messages for UserPro. This issue affects Private Messages for UserPro: from n/a through 4.10.0.
CVSS: HIGH (7.5) EPSS Score: 0.04%
January 22nd, 2025 (3 months ago)
|
|
CVE-2024-49700 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound ARPrice allows Reflected XSS. This issue affects ARPrice: from n/a through 4.0.3.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 22nd, 2025 (3 months ago)
|