Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-22305 |
Description: Authorization Bypass Through User-Controlled Key vulnerability in ali Forms Contact Form builder with drag & drop for WordPress – Kali Forms.This issue affects Contact Form builder with drag & drop for WordPress – Kali Forms: from n/a through 2.3.36.
CVSS: HIGH (7.5) EPSS Score: 0.07% SSVC Exploitation: none
May 23rd, 2025 (17 days ago)
|
|
CVE-2024-22283 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Delhivery Delhivery Logistics Courier.This issue affects Delhivery Logistics Courier: from n/a through 1.0.107.
CVSS: HIGH (8.5) EPSS Score: 0.12% SSVC Exploitation: none
May 23rd, 2025 (17 days ago)
|
|
CVE-2024-22152 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.This issue affects Product Import Export for WooCommerce: from n/a through 2.3.7.
CVSS: HIGH (8.0) EPSS Score: 0.16% SSVC Exploitation: none
May 23rd, 2025 (17 days ago)
|
|
CVE-2025-43860 |
Description: OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting (XSS) vulnerability in versions prior to 7.0.3.4 allows any authenticated user with patient creation and editing privileges to inject arbitrary JavaScript code into the system by entering malicious payloads in the (1) Text Box fields of Address, Address Line 2, Postal Code and City fields and (2) Drop Down menu options of Address Use, State and Country of the Additional Addresses section of the Contact tab in Patient Demographics. The injected script can execute in two scenarios: (1) dynamically during form input, and (2) when the form data is later loaded for editing. Version 7.0.3.4 contains a patch for the issue.
CVSS: HIGH (7.6) EPSS Score: 0.03% SSVC Exploitation: poc
May 23rd, 2025 (17 days ago)
|
|
CVE-2025-32794 |
Description: OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting (XSS) vulnerability in versions prior to 7.0.3.4 allows any authenticated user with patient creation privileges to inject arbitrary JavaScript code into the system by entering malicious payloads in the First and Last Name fields during patient registration. This code is later executed when viewing the patient's encounter under Orders → Procedure Orders. Version 7.0.3.4 contains a patch for the issue.
CVSS: HIGH (7.6) EPSS Score: 0.03%
May 23rd, 2025 (17 days ago)
|
|
CVE-2025-24917 |
Description: In Tenable Network Monitor versions prior to 6.5.1 on a Windows host, it was found that a non-administrative user could stage files in a local directory to run arbitrary code with SYSTEM privileges, potentially leading to local privilege escalation.
CVSS: HIGH (7.8) EPSS Score: 0.01%
May 23rd, 2025 (17 days ago)
|
|
CVE-2025-24916 |
Description: When installing Tenable Network Monitor to a non-default location on a Windows host, Tenable Network Monitor versions prior to 6.5.1 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location.
CVSS: HIGH (7.0) EPSS Score: 0.01%
May 23rd, 2025 (17 days ago)
|
|
CVE-2025-5112 |
Description: A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. This affects an unknown part of the component MGET Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine kritische Schwachstelle in FreeFloat FTP Server 1.0 gefunden. Betroffen hiervon ist ein unbekannter Ablauf der Komponente MGET Command Handler. Durch Beeinflussen mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (7.3) EPSS Score: 0.05% SSVC Exploitation: poc
May 23rd, 2025 (17 days ago)
|
|
CVE-2025-5111 |
Description: A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. Affected by this issue is some unknown functionality of the component TYPE Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Eine kritische Schwachstelle wurde in FreeFloat FTP Server 1.0 entdeckt. Betroffen davon ist ein unbekannter Prozess der Komponente TYPE Command Handler. Durch das Beeinflussen mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (7.3) EPSS Score: 0.05% SSVC Exploitation: poc
May 23rd, 2025 (17 days ago)
|
|
CVE-2025-48292 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in GoodLayers Tourmaster allows PHP Local File Inclusion. This issue affects Tourmaster: from n/a through 5.3.8.
CVSS: HIGH (8.1) EPSS Score: 0.15%
May 23rd, 2025 (17 days ago)
|