Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-39507 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NasaTheme Nasa Core allows PHP Local File Inclusion. This issue affects Nasa Core: from n/a through 6.3.2.
CVSS: HIGH (7.5) EPSS Score: 0.13%
May 16th, 2025 (22 days ago)
|
|
CVE-2025-39492 |
Description: Path Traversal vulnerability in WHMPress WHMpress allows Relative Path Traversal. This issue affects WHMpress: from 6.2 through revision.
CVSS: HIGH (7.5) EPSS Score: 0.05%
May 16th, 2025 (22 days ago)
|
|
CVE-2025-39491 |
Description: Path Traversal vulnerability in WHMPress WHMpress allows Path Traversal. This issue affects WHMpress: from 6.2 through revision.
CVSS: HIGH (8.1) EPSS Score: 0.06%
May 16th, 2025 (22 days ago)
|
|
CVE-2025-32310 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in ThemeMove QuickCal allows Privilege Escalation. This issue affects QuickCal: from n/a through 1.0.13.
CVSS: HIGH (8.8) EPSS Score: 0.02%
May 16th, 2025 (22 days ago)
|
|
CVE-2025-32307 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Chameleon HTML5 Audio Player With/Without Playlist allows SQL Injection. This issue affects Chameleon HTML5 Audio Player With/Without Playlist: from n/a through 3.5.6.
CVSS: HIGH (8.5) EPSS Score: 0.03%
May 16th, 2025 (22 days ago)
|
|
CVE-2025-32306 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Radio Player Shoutcast & Icecast WordPress Plugin allows Blind SQL Injection. This issue affects Radio Player Shoutcast & Icecast WordPress Plugin: from n/a through 4.4.6.
CVSS: HIGH (8.5) EPSS Score: 0.03%
May 16th, 2025 (22 days ago)
|
|
CVE-2025-32301 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup CountDown Pro WP Plugin allows SQL Injection. This issue affects CountDown Pro WP Plugin: from n/a through 2.7.
CVSS: HIGH (8.5) EPSS Score: 0.03%
May 16th, 2025 (22 days ago)
|
|
CVE-2025-32290 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Sticky HTML5 Music Player allows SQL Injection. This issue affects Sticky HTML5 Music Player: from n/a through 3.1.6.
CVSS: HIGH (8.5) EPSS Score: 0.03%
May 16th, 2025 (22 days ago)
|
|
CVE-2025-32287 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Responsive HTML5 Audio Player PRO With Playlist allows SQL Injection. This issue affects Responsive HTML5 Audio Player PRO With Playlist: from n/a through 3.5.7.
CVSS: HIGH (8.5) EPSS Score: 0.03%
May 16th, 2025 (22 days ago)
|
|
CVE-2025-32245 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Apollo allows SQL Injection. This issue affects Apollo: from n/a through 3.6.3.
CVSS: HIGH (8.5) EPSS Score: 0.03%
May 16th, 2025 (22 days ago)
|