Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-23508 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins PDF Poster – PDF Embedder Plugin for WordPress allows Reflected XSS.This issue affects PDF Poster – PDF Embedder Plugin for WordPress: from n/a through 2.1.17.
CVSS: HIGH (7.1) EPSS Score: 0.06% SSVC Exploitation: none
May 30th, 2025 (9 days ago)
|
|
CVE-2024-23507 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in InstaWP Team InstaWP Connect – 1-click WP Staging & Migration.This issue affects InstaWP Connect – 1-click WP Staging & Migration: from n/a through 0.1.0.9.
CVSS: HIGH (8.5) EPSS Score: 0.12% SSVC Exploitation: none
May 30th, 2025 (9 days ago)
|
|
CVE-2025-5356 |
Description: A vulnerability was found in FreeFloat FTP Server 1.0. It has been classified as critical. Affected is an unknown function of the component BYE Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine kritische Schwachstelle in FreeFloat FTP Server 1.0 ausgemacht. Es betrifft eine unbekannte Funktion der Komponente BYE Command Handler. Durch Beeinflussen mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (7.3) EPSS Score: 0.05% SSVC Exploitation: poc
May 30th, 2025 (9 days ago)
|
|
CVE-2024-13917 |
Description: An application "com.pri.applock", which is pre-loaded on Kruger&Matz smartphones, allows a user to encrypt any application using user-provided PIN code or by using biometric data.
Exposed ”com.pri.applock.LockUI“ activity allows any other malicious application, with no granted Android system permissions, to inject an arbitrary intent with system-level privileges to a protected application. One must know the protecting PIN number (it might be revealed by exploiting CVE-2024-13916) or ask the user to provide it.
Vendor did not provide information about vulnerable versions.
Only version (version name: 13, version code: 33) was tested and confirmed to have this vulnerability
CVSS: HIGH (8.3) EPSS Score: 0.02% SSVC Exploitation: none
May 30th, 2025 (9 days ago)
|
|
Description: An authenticated malicious actor using specially crafted requests could bypass row level security configuration by injecting SQL into 'sqlExpression' fields. This allowed the execution of sub-queries to evade parsing defenses ultimately granting unauthorized access to data.
This issue affects Apache Superset: before 4.1.2.
Users are recommended to upgrade to version 4.1.2, which fixes the issue.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-48912
https://lists.apache.org/thread/ms2t2oq218hb7l628trsogo4fj7h1135
https://github.com/advisories/GHSA-8w7f-8pr9-xgwj
CVSS: HIGH (7.1) EPSS Score: 0.08%
May 30th, 2025 (9 days ago)
|
|
|
Description: Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-41235
https://spring.io/security/cve-2025-41235
https://github.com/advisories/GHSA-6j2q-c73v-97c5
CVSS: HIGH (8.6) EPSS Score: 0.05%
May 30th, 2025 (9 days ago)
|
|
CVE-2025-4992 |
Description: A stored Cross-site Scripting (XSS) vulnerability affecting Service Items Management in Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.
CVSS: HIGH (8.7) EPSS Score: 0.03%
May 30th, 2025 (9 days ago)
|
|
CVE-2025-4991 |
Description: A stored Cross-site Scripting (XSS) vulnerability affecting 3D Markup in Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.
CVSS: HIGH (8.7) EPSS Score: 0.03%
May 30th, 2025 (9 days ago)
|
|
CVE-2025-4990 |
Description: A stored Cross-site Scripting (XSS) vulnerability affecting Change Governance in Product Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.
CVSS: HIGH (8.7) EPSS Score: 0.03%
May 30th, 2025 (9 days ago)
|
|
CVE-2025-4989 |
Description: A stored Cross-site Scripting (XSS) vulnerability affecting Requirements in Product Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.
CVSS: HIGH (8.7) EPSS Score: 0.03%
May 30th, 2025 (9 days ago)
|