Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-31375 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in bhoogterp Scheduled allows Stored XSS. This issue affects Scheduled: from n/a through 1.0.
CVSS: HIGH (7.1) EPSS Score: 0.02%
April 9th, 2025 (13 days ago)
|
|
CVE-2025-31038 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Essential Marketer Essential Breadcrumbs allows Privilege Escalation. This issue affects Essential Breadcrumbs: from n/a through 1.1.1.
CVSS: HIGH (8.8) EPSS Score: 0.02%
April 9th, 2025 (13 days ago)
|
|
CVE-2025-31036 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in WPSolr free WPSolr allows Privilege Escalation. This issue affects WPSolr: from n/a through 24.0.
CVSS: HIGH (8.8) EPSS Score: 0.02%
April 9th, 2025 (13 days ago)
|
|
CVE-2025-31032 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Pagopar - Grupo M S.A. Pagopar – WooCommerce Gateway allows Stored XSS. This issue affects Pagopar – WooCommerce Gateway: from n/a through 2.7.1.
CVSS: HIGH (7.1) EPSS Score: 0.02%
April 9th, 2025 (13 days ago)
|
|
CVE-2025-31026 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Austin Comment Validation Reloaded allows Stored XSS. This issue affects Comment Validation Reloaded: from n/a through 0.5.
CVSS: HIGH (7.1) EPSS Score: 0.02%
April 9th, 2025 (13 days ago)
|
|
CVE-2025-31023 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Purab Seo Meta Tags allows Cross Site Request Forgery. This issue affects Seo Meta Tags: from n/a through 1.4.
CVSS: HIGH (8.8) EPSS Score: 0.02%
April 9th, 2025 (13 days ago)
|
|
CVE-2025-1968 |
Description: Insufficient Session Expiration vulnerability in Progress Software Corporation Sitefinity under some specific and uncommon circumstances allows reusing Session IDs (Session Replay Attacks).This issue affects Sitefinity: from 14.0 through 14.3, from 14.4 before 14.4.8145, from 15.0 before 15.0.8231, from 15.1 before 15.1.8332, from 15.2 before 15.2.8429.
CVSS: HIGH (7.7) EPSS Score: 0.05%
April 9th, 2025 (13 days ago)
|
|
Description: A bypass has been identified for the previously known vulnerability CVE-2017-0929, allowing unauthenticated attackers to execute arbitrary GET requests against target systems, including internal or adjacent networks.
Impact
This vulnerability facilitates a semi-blind SSRF attack, allowing attackers to make the target server send requests to internal or external URLs without viewing the full responses. Potential impacts include internal network reconnaissance, bypassing firewalls.
References
https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-3f7v-qx94-666m
https://github.com/advisories/GHSA-3f7v-qx94-666m
CVSS: HIGH (7.5)
April 9th, 2025 (13 days ago)
|
|
CVE-2025-2223 |
Description: CWE-20: Improper Input Validation vulnerability exists that could cause a loss of Confidentiality, Integrity and
Availability of engineering workstation when a malicious project file is loaded by a user from the local system.
CVSS: HIGH (8.4) EPSS Score: 0.02%
April 9th, 2025 (13 days ago)
|
|
CVE-2025-2222 |
Description: CWE-552: Files or Directories Accessible to External Parties vulnerability over https exists that could leak
information and potential privilege escalation following man in the middle attack.
CVSS: HIGH (8.2) EPSS Score: 0.03%
April 9th, 2025 (13 days ago)
|