Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-31041 |
Description: Missing Authorization vulnerability in NotFound AnyTrack Affiliate Link Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AnyTrack Affiliate Link Manager: from n/a through 1.0.4.
CVSS: HIGH (7.5) EPSS Score: 0.04%
April 11th, 2025 (10 days ago)
|
|
CVE-2025-31040 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound WP Food ordering and Restaurant Menu allows PHP Local File Inclusion. This issue affects WP Food ordering and Restaurant Menu: from n/a through 1.1.
CVSS: HIGH (8.1) EPSS Score: 0.15%
April 11th, 2025 (10 days ago)
|
|
CVE-2025-31028 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WP Hide Categories allows Reflected XSS. This issue affects WP Hide Categories: from n/a through 1.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
April 11th, 2025 (10 days ago)
|
|
CVE-2025-31021 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dolby_uk Mobile Smart allows Reflected XSS. This issue affects Mobile Smart: from n/a through v1.3.16.
CVSS: HIGH (7.1) EPSS Score: 0.04%
April 11th, 2025 (10 days ago)
|
|
CVE-2025-31015 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Adrian Tobey WordPress SMTP Service, Email Delivery Solved! — MailHawk allows PHP Local File Inclusion. This issue affects WordPress SMTP Service, Email Delivery Solved! — MailHawk: from n/a through 1.3.1.
CVSS: HIGH (7.5) EPSS Score: 0.11%
April 11th, 2025 (10 days ago)
|
|
CVE-2025-31014 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ho3einie Material Dashboard allows PHP Local File Inclusion. This issue affects Material Dashboard: from n/a through 1.4.5.
CVSS: HIGH (7.5) EPSS Score: 0.13%
April 11th, 2025 (10 days ago)
|
|
🚨 Marked as known exploited on April 11th, 2025 (10 days ago).
Description: A newly disclosed high-severity security flaw impacting OttoKit (formerly SureTriggers) has come under active exploitation within a few hours of public disclosure.
The vulnerability, tracked as CVE-2025-3102 (CVSS score: 8.1), is an authorization bypass bug that could permit an attacker to create administrator accounts under certain conditions and take control of susceptible websites.
"The
CVSS: HIGH (8.1) EPSS Score: 0.15%
April 11th, 2025 (10 days ago)
|
|
CVE-2025-32808 |
Description: W. W. Norton InQuizitive through 2025-04-08 allows students to insert arbitrary records of their quiz performance into the backend, because only client-side access control exists.
CVSS: HIGH (7.7) EPSS Score: 0.04%
April 11th, 2025 (11 days ago)
|
|
CVE-2025-0128 |
Description: A denial-of-service (DoS) vulnerability in the Simple Certificate Enrollment Protocol (SCEP) authentication feature of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to initiate system reboots using a maliciously crafted packet. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode.
Cloud NGFW is not affected by this vulnerability. Prisma® Access software is proactively patched and protected from this issue.
CVSS: HIGH (8.7) EPSS Score: 0.03%
April 11th, 2025 (11 days ago)
|
|
CVE-2025-0127 |
Description: A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. This issue is only applicable to PAN-OS VM-Series. This issue does not affect firewalls that are already deployed.
Cloud NGFW and Prisma® Access are not affected by this vulnerability.
CVSS: HIGH (7.1) EPSS Score: 0.18%
April 11th, 2025 (11 days ago)
|