Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-24917
Improper Access Control leads to Local Privilege Escalation
Description: In Tenable Network Monitor versions prior to 6.5.1 on a Windows host, it was found that a non-administrative user could stage files in a local directory to run arbitrary code with SYSTEM privileges, potentially leading to local privilege escalation.

CVSS: HIGH (7.8)

EPSS Score: 0.01%

Source: CVE
May 23rd, 2025 (18 days ago)

CVE-2025-24916
Improper Access Control leads to Local Priviledge Escalation
Description: When installing Tenable Network Monitor to a non-default location on a Windows host, Tenable Network Monitor versions prior to 6.5.1 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location.

CVSS: HIGH (7.0)

EPSS Score: 0.01%

Source: CVE
May 23rd, 2025 (18 days ago)

CVE-2025-5112
FreeFloat FTP Server MGET Command buffer overflow
Description: A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. This affects an unknown part of the component MGET Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine kritische Schwachstelle in FreeFloat FTP Server 1.0 gefunden. Betroffen hiervon ist ein unbekannter Ablauf der Komponente MGET Command Handler. Durch Beeinflussen mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.

CVSS: HIGH (7.3)

EPSS Score: 0.05%

SSVC Exploitation: poc

Source: CVE
May 23rd, 2025 (18 days ago)

CVE-2025-5111
FreeFloat FTP Server TYPE Command buffer overflow
Description: A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. Affected by this issue is some unknown functionality of the component TYPE Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Eine kritische Schwachstelle wurde in FreeFloat FTP Server 1.0 entdeckt. Betroffen davon ist ein unbekannter Prozess der Komponente TYPE Command Handler. Durch das Beeinflussen mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: HIGH (7.3)

EPSS Score: 0.05%

SSVC Exploitation: poc

Source: CVE
May 23rd, 2025 (18 days ago)

CVE-2025-48292
WordPress Tourmaster plugin <= 5.3.8 - Local File Inclusion vulnerability
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in GoodLayers Tourmaster allows PHP Local File Inclusion. This issue affects Tourmaster: from n/a through 5.3.8.

CVSS: HIGH (8.1)

EPSS Score: 0.15%

Source: CVE
May 23rd, 2025 (18 days ago)

CVE-2025-48286
WordPress ReDi Restaurant Reservation plugin <= 24.1209 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catkin ReDi Restaurant Reservation allows Reflected XSS. This issue affects ReDi Restaurant Reservation: from n/a through 24.1209.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
May 23rd, 2025 (18 days ago)

CVE-2025-48273
WordPress WP Job Portal <= 2.3.2 - Arbitrary File Download Vulnerability
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpjobportal WP Job Portal allows Path Traversal. This issue affects WP Job Portal: from n/a through 2.3.2.

CVSS: HIGH (7.5)

EPSS Score: 0.06%

Source: CVE
May 23rd, 2025 (18 days ago)

CVE-2025-48245
WordPress Quick Contact Form plugin <= 8.2.1 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fullworks Quick Contact Form allows Reflected XSS. This issue affects Quick Contact Form : from n/a through 8.2.1.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
May 23rd, 2025 (18 days ago)

CVE-2025-48241
WordPress Verge3D plugin <= 4.9.3 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Soft8Soft LLC Verge3D allows Reflected XSS. This issue affects Verge3D: from n/a through 4.9.3.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
May 23rd, 2025 (18 days ago)

CVE-2025-47690
WordPress Lead Form Data Collection to CRM plugin <= 3.1 - Arbitrary Option Update to Privilege Escalation vulnerability
Description: Missing Authorization vulnerability in smackcoders Lead Form Data Collection to CRM allows Privilege Escalation. This issue affects Lead Form Data Collection to CRM: from n/a through 3.1.

CVSS: HIGH (8.8)

EPSS Score: 0.04%

Source: CVE
May 23rd, 2025 (18 days ago)