Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-22796
WordPress WP-Asambleas Plugin <= 2.85.0 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in platcom WP-Asambleas allows Reflected XSS. This issue affects WP-Asambleas: from n/a through 2.85.0.

CVSS: HIGH (7.1)

EPSS Score: 0.03%

SSVC Exploitation: none

Source: CVE
April 17th, 2025 (2 days ago)

CVE-2025-22774
WordPress CRUDLab Scroll to Top Plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRUDLab CRUDLab Scroll to Top allows Reflected XSS. This issue affects CRUDLab Scroll to Top: from n/a through 1.0.1.

CVSS: HIGH (7.1)

EPSS Score: 0.03%

SSVC Exploitation: none

Source: CVE
April 17th, 2025 (2 days ago)

CVE-2025-22692
WordPress Sponsered Link plugin <= 4.0 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rachanaS Sponsered Link allows Reflected XSS. This issue affects Sponsered Link: from n/a through 4.0.

CVSS: HIGH (7.1)

EPSS Score: 0.03%

SSVC Exploitation: none

Source: CVE
April 17th, 2025 (2 days ago)

CVE-2025-22651
WordPress Stylish Google Sheet Reader plugin <= 4.0 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wppluginboxdev Stylish Google Sheet Reader allows Reflected XSS. This issue affects Stylish Google Sheet Reader: from n/a through 4.0.

CVSS: HIGH (7.1)

EPSS Score: 0.03%

SSVC Exploitation: none

Source: CVE
April 17th, 2025 (2 days ago)

CVE-2025-22636
WordPress VR-Frases plugin <= 3.0.1 - Reflected XSS to SQL Injection vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vicente Ruiz Gálvez VR-Frases allows Reflected XSS. This issue affects VR-Frases: from n/a through 3.0.1.

CVSS: HIGH (8.2)

EPSS Score: 0.04%

SSVC Exploitation: none

Source: CVE
April 17th, 2025 (2 days ago)

CVE-2025-22565
WordPress vooPlayer v4 Plugin <= 4.0.4 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bill Zimmerman vooPlayer v4 allows Reflected XSS. This issue affects vooPlayer v4: from n/a through 4.0.4.

CVSS: HIGH (7.1)

EPSS Score: 0.03%

SSVC Exploitation: none

Source: CVE
April 17th, 2025 (2 days ago)

CVE-2024-21829
Improper input validation in UEFI firmware error handler for some Intel(R) Processors may allow a privileged user to potentially enable escalation...
Description: Improper input validation in UEFI firmware error handler for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS: HIGH (8.7)

EPSS Score: 0.03%

SSVC Exploitation: none

Source: CVE
April 17th, 2025 (2 days ago)

CVE-2024-12530
Insecure Dynamic-Link Library (DLL) Load vulnerability
Description: Uncontrolled Search Path Element vulnerability in OpenText Secure Content Manager on Windows allows DLL Side-Loading.This issue affects Secure Content Manager: 23.4. End-users can potentially exploit the vulnerability to execute malicious code in the trusted context of the thick-client application.

CVSS: HIGH (7.0)

EPSS Score: 0.01%

Source: CVE
April 17th, 2025 (2 days ago)

CVE-2025-25234
Omnissa UAG contains a Cross-Origin Resource Sharing (CORS) bypass vulnerability. A malicious actor with network access to UAG may be able to...
Description: Omnissa UAG contains a Cross-Origin Resource Sharing (CORS) bypass vulnerability. A malicious actor with network access to UAG may be able to bypass administrator-configured CORS restrictions to gain access to sensitive networks.

CVSS: HIGH (7.1)

EPSS Score: 0.03%

Source: CVE
April 17th, 2025 (2 days ago)

CVE-2025-27363
Amazon Linux 2023 : freetype, freetype-demos, freetype-devel (ALAS2023-2025-925)
🚨 Marked as known exploited on April 17th, 2025 (2 days ago).
Description: Nessus Plugin ID 234514 with High Severity Synopsis The remote Amazon Linux 2023 host is missing a security update. Description It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-925 advisory. An out of bounds write exists in FreeType versions 2.13.0 and below when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild. (CVE-2025-27363)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Run 'dnf update freetype --releasever 2023.7.20250331' to update your system. Read more at https://www.tenable.com/plugins/nessus/234514

CVSS: HIGH (8.1)

Source: Tenable Plugins
April 17th, 2025 (2 days ago)