Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-31912
WordPress Enzio - Responsive Business WordPress Theme <= 1.1.8 - Local File Inclusion Vulnerability
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Enzio - Responsive Business WordPress Theme allows PHP Local File Inclusion. This issue affects Enzio - Responsive Business WordPress Theme: from n/a through 1.1.8.

CVSS: HIGH (8.1)

EPSS Score: 0.15%

Source: CVE
May 23rd, 2025 (18 days ago)

CVE-2025-31636
WordPress WP Post Modules for Elementor plugin <= 2.5.0 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SaurabhSharma WP Post Modules for Elementor allows Reflected XSS. This issue affects WP Post Modules for Elementor: from n/a through 2.5.0.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
May 23rd, 2025 (18 days ago)

CVE-2025-31633
WordPress Kiamo - Responsive Business Service WordPress Theme <= 1.3.3 - Local File Inclusion Vulnerability
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Kiamo - Responsive Business Service WordPress Theme allows PHP Local File Inclusion. This issue affects Kiamo - Responsive Business Service WordPress Theme: from n/a through 1.3.3.

CVSS: HIGH (8.1)

EPSS Score: 0.15%

Source: CVE
May 23rd, 2025 (18 days ago)

CVE-2025-31632
WordPress La Boom <= 2.7 - Local File Inclusion Vulnerability
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SpyroPress La Boom allows PHP Local File Inclusion. This issue affects La Boom: from n/a through 2.7.

CVSS: HIGH (8.1)

EPSS Score: 0.15%

Source: CVE
May 23rd, 2025 (18 days ago)

CVE-2025-31064
WordPress Vizeon - Business Consulting <= 1.1.7 - Local File Inclusion Vulnerability
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Vizeon - Business Consulting allows PHP Local File Inclusion. This issue affects Vizeon - Business Consulting: from n/a through 1.1.7.

CVSS: HIGH (8.1)

EPSS Score: 0.15%

Source: CVE
May 23rd, 2025 (18 days ago)

CVE-2025-31060
WordPress Capie <= 1.0.40 - Local File Inclusion Vulnerability
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Capie allows PHP Local File Inclusion. This issue affects Capie: from n/a through 1.0.40.

CVSS: HIGH (8.1)

EPSS Score: 0.15%

Source: CVE
May 23rd, 2025 (18 days ago)

CVE-2025-31053
WordPress KBx Pro Ultimate <= 7.9.8 - Arbitrary File Deletion Vulnerability
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in quantumcloud KBx Pro Ultimate allows Path Traversal. This issue affects KBx Pro Ultimate: from n/a through 7.9.8.

CVSS: HIGH (7.7)

EPSS Score: 0.05%

Source: CVE
May 23rd, 2025 (18 days ago)

CVE-2025-1123
Solid Mail – SMTP email and logging made by SolidWP <= 2.1.5 - Unauthenticated Stored Cross-Site Scripting via Email
Description: The Solid Mail – SMTP email and logging made by SolidWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email Name, Subject, and Body in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS: HIGH (7.2)

EPSS Score: 0.07%

SSVC Exploitation: none

Source: CVE
May 23rd, 2025 (18 days ago)

CVE-2025-5105
TOZED ZLT W51 Service Port 7777 heap inspection
Description: A vulnerability was found in TOZED ZLT W51 up to 1.4.2 and classified as critical. Affected by this issue is some unknown functionality of the component Service Port 7777. The manipulation leads to improper clearing of heap memory before release. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Eine Schwachstelle wurde in TOZED ZLT W51 bis 1.4.2 gefunden. Sie wurde als kritisch eingestuft. Dies betrifft einen unbekannten Teil der Komponente Service Port 7777. Durch die Manipulation mit unbekannten Daten kann eine improper clearing of heap memory before release-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.

CVSS: HIGH (7.3)

EPSS Score: 0.06%

Source: CVE
May 23rd, 2025 (18 days ago)

CVE-2025-41407
SQL Injection
Description: Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection in the OU History report.

CVSS: HIGH (8.3)

EPSS Score: 0.03%

Source: CVE
May 23rd, 2025 (18 days ago)