Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-5601 |
Description: Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12 allows denial of service via packet injection or crafted capture file
CVSS: HIGH (7.8) EPSS Score: 0.01%
June 4th, 2025 (3 days ago)
|
|
CVE-2025-47728 |
Description: Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.
CVSS: HIGH (7.3) EPSS Score: 0.02%
June 4th, 2025 (3 days ago)
|
|
CVE-2025-5578 |
Description: A vulnerability has been found in PHPGurukul Dairy Farm Shop Management System 1.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /sales-report-details.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. In PHPGurukul Dairy Farm Shop Management System 1.3 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Es geht um eine nicht näher bekannte Funktion der Datei /sales-report-details.php. Durch Beeinflussen des Arguments fromdate/todate mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (7.3) EPSS Score: 0.03%
June 4th, 2025 (3 days ago)
|
|
CVE-2025-5576 |
Description: A vulnerability, which was classified as critical, has been found in PHPGurukul Dairy Farm Shop Management System 1.3. This issue affects some unknown processing of the file /bwdate-report-details.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Eine Schwachstelle wurde in PHPGurukul Dairy Farm Shop Management System 1.3 entdeckt. Sie wurde als kritisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei /bwdate-report-details.php. Durch Manipulieren des Arguments fromdate/todate mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (7.3) EPSS Score: 0.03%
June 4th, 2025 (3 days ago)
|
|
CVE-2025-5482 |
Description: The Sunshine Photo Cart: Free Client Photo Galleries for Photographers plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.11. This is due to the plugin not properly validating a user-supplied key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary user's passwords through the password reset functionality, including administrators, and leverage that to reset the user's password and gain access to their account.
CVSS: HIGH (8.8) EPSS Score: 0.04%
June 4th, 2025 (3 days ago)
|
|
CVE-2025-47727 |
Description: Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.
CVSS: HIGH (7.3) EPSS Score: 0.02%
June 4th, 2025 (3 days ago)
|
|
CVE-2025-47726 |
Description: Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.
CVSS: HIGH (7.3) EPSS Score: 0.02%
June 4th, 2025 (3 days ago)
|
|
CVE-2025-47725 |
Description: Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.
CVSS: HIGH (7.3) EPSS Score: 0.02%
June 4th, 2025 (3 days ago)
|
|
CVE-2025-47724 |
Description: Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.
CVSS: HIGH (7.3) EPSS Score: 0.02%
June 4th, 2025 (3 days ago)
|
|
CVE-2025-5572 |
Description: A vulnerability was found in D-Link DCS-932L 2.18.01. It has been declared as critical. Affected by this vulnerability is the function setSystemEmail of the file /setSystemEmail. The manipulation of the argument EmailSMTPPortNumber leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. In D-Link DCS-932L 2.18.01 wurde eine kritische Schwachstelle ausgemacht. Hierbei betrifft es die Funktion setSystemEmail der Datei /setSystemEmail. Durch Manipulation des Arguments EmailSMTPPortNumber mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (8.7) EPSS Score: 0.05%
June 4th, 2025 (3 days ago)
|