Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-39518
WordPress BMA Lite <= 1.4.2 - SQL Injection Vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RedefiningTheWeb BMA Lite allows SQL Injection. This issue affects BMA Lite: from n/a through 1.4.2.

CVSS: HIGH (7.6)

EPSS Score: 0.03%

Source: CVE
April 16th, 2025 (4 days ago)

CVE-2025-1982
Local File Inclusion in Ready_
Description: Local File Inclusion vulnerability in Ready's attachment upload panel allows low privileged user to provide link to a local file using the file:// protocol thus allowing the attacker to read content of the file. This vulnerability can be use to read content of system files.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
April 16th, 2025 (4 days ago)

CVE-2025-1980
Remote Code Execution via Unrestricted File Upload in Ready_
Description: The Ready_ application's Profile section allows users to upload files of any type and extension without restriction. If the server is misconfigured, as it was by default when installed at the turn of 2021 and 2022, it can result in Remote Code Execution. Refer to the Required Configuration for Exposure section for more information.

CVSS: HIGH (7.1)

EPSS Score: 0.27%

Source: CVE
April 16th, 2025 (4 days ago)

CVE-2025-30960
WordPress FS Poster plugin <= 6.5.8 - Subscriber+ Site Wide Broken Access Control vulnerability
Description: Missing Authorization vulnerability in NotFound FS Poster. This issue affects FS Poster: from n/a through 6.5.8.

CVSS: HIGH (8.3)

EPSS Score: 0.03%

Source: CVE
April 16th, 2025 (4 days ago)

CVE-2024-52281
Stored Cross-site Scripting vulnerability in Rancher UI
Description: A: Improper Neutralization of Input During Web Page Generation vulnerability in SUSE rancher allows a malicious actor to perform a Stored XSS attack through the cluster description field. This issue affects rancher: from 2.9.0 before 2.9.4.

CVSS: HIGH (8.9)

EPSS Score: 0.04%

Source: CVE
April 16th, 2025 (4 days ago)

CVE-2025-21587
Amazon Corretto Java 11.x < 11.0.27.6.1 Multiple Vulnerabilities
Description: Nessus Plugin ID 234458 with High Severity Synopsis Amazon Corretto is affected by multiple vulnerabilities. Description The version of Amazon Corretto installed on the remote host is 11 prior to 11.0.27.6.1. It is, therefore, affected by multiple vulnerabilities as referenced in the corretto-11-2025-Apr-15 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE:8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK:17.0.14, 21.0.6, 24; Oracle GraalVM Enterprise Edition:20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also appl...

CVSS: HIGH (7.4)

EPSS Score: 0.03%

Source: Tenable Plugins
April 16th, 2025 (4 days ago)

CVE-2025-21587
OpenJDK 8 <= 8u442 / 11.0.0 <= 11.0.26 / 17.0.0 <= 17.0.14 / 21.0.0 <= 21.0.6 / 24.0.0 <= 24.0.0 Multiple Vulnerabilities (2025-04-15)
Description: Nessus Plugin ID 234472 with High Severity Synopsis OpenJDK is affected by multiple vulnerabilities. Description The version of OpenJDK installed on the remote host is 8 prior to 8u442 / 11.0.0 prior to 11.0.26 / 17.0.0 prior to 17.0.14 / 21.0.0 prior to 21.0.6 / 24.0.0 prior to 24.0.0. It is, therefore, affected by multiple vulnerabilities as referenced in the 2025-04-15 advisory.Please Note: Java CVEs do not always include OpenJDK versions, but are confirmed separately by Tenable using the patch versions from the referenced OpenJDK security advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE:8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK:17.0.14, 21.0.6, 24; Oracle GraalVM Enterprise Edition:20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM ...

CVSS: HIGH (7.4)

EPSS Score: 0.03%

Source: Tenable Plugins
April 16th, 2025 (4 days ago)

CVE-2025-21587
Amazon Corretto Java 17.x < 17.0.15.6.1 Multiple Vulnerabilities
Description: Nessus Plugin ID 234473 with High Severity Synopsis Amazon Corretto is affected by multiple vulnerabilities. Description The version of Amazon Corretto installed on the remote host is 17 prior to 17.0.15.6.1. It is, therefore, affected by multiple vulnerabilities as referenced in the corretto-17-2025-Apr-15 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE:8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK:17.0.14, 21.0.6, 24; Oracle GraalVM Enterprise Edition:20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also appl...

CVSS: HIGH (7.4)

EPSS Score: 0.03%

Source: Tenable Plugins
April 16th, 2025 (4 days ago)

CVE-2024-22851
Directory Traversal Vulnerability in LiveConfig before v.2.5.2 allows a remote attacker to obtain sensitive information via a crafted request to...
Description: Directory Traversal Vulnerability in LiveConfig before v.2.5.2 allows a remote attacker to obtain sensitive information via a crafted request to the /static/ endpoint.

CVSS: HIGH (7.5)

EPSS Score: 0.14%

SSVC Exploitation: none

Source: CVE
April 15th, 2025 (5 days ago)

CVE-2025-32923
WordPress Tourmaster plugin < 5.4.1 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Tourmaster allows Reflected XSS. This issue affects Tourmaster: from n/a through n/a.

CVSS: HIGH (7.1)

EPSS Score: 0.03%

Source: CVE
April 15th, 2025 (5 days ago)