Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-3606 |
Description: Vestel AC Charger
version
3.75.0 contains a vulnerability that
could enable an attacker to access files containing sensitive
information, such as credentials which could be used to further
compromise the device.
CVSS: HIGH (7.5) EPSS Score: 0.04%
April 25th, 2025 (22 days ago)
|
|
CVE-2025-2185 |
Description: ALBEDO Telecom Net.Time - PTP/NTP clock (Serial No. NBC0081P) software release 1.4.4 is vulnerable to an insufficient session expiration vulnerability, which
could permit an attacker to transmit passwords over unencrypted
connections, resulting in the product becoming vulnerable to
interception.
CVSS: HIGH (8.0) EPSS Score: 0.04%
April 25th, 2025 (22 days ago)
|
|
CVE-2025-1294 |
Description: The eForm - WordPress Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.18.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: HIGH (7.2) EPSS Score: 0.11%
April 24th, 2025 (22 days ago)
|
|
CVE-2024-8926 |
Description: In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3 may still be bypassed and the same command injection related to Windows "Best Fit" codepage behavior can be achieved. This may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
CVSS: HIGH (8.1) EPSS Score: 0.37% SSVC Exploitation: none
April 24th, 2025 (22 days ago)
|
|
CVE-2024-6387 |
Description: A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
CVSS: HIGH (8.1) EPSS Score: 54.04% SSVC Exploitation: poc
April 24th, 2025 (22 days ago)
|
|
CVE-2025-46530 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in HuangYe WuDeng Hacklog Remote Attachment allows Stored XSS. This issue affects Hacklog Remote Attachment: from n/a through 1.3.2.
CVSS: HIGH (7.1) EPSS Score: 0.02%
April 24th, 2025 (22 days ago)
|
|
CVE-2025-46528 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Steve Availability Calendar allows Stored XSS. This issue affects Availability Calendar: from n/a through 0.2.4.
CVSS: HIGH (7.1) EPSS Score: 0.02%
April 24th, 2025 (22 days ago)
|
|
CVE-2025-46524 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in stesvis WP Filter Post Category allows Stored XSS. This issue affects WP Filter Post Category: from n/a through 2.1.4.
CVSS: HIGH (7.1) EPSS Score: 0.02%
April 24th, 2025 (22 days ago)
|
|
CVE-2025-46522 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Billy Bryant Tabs allows Stored XSS. This issue affects Tabs: from n/a through 4.0.3.
CVSS: HIGH (7.1) EPSS Score: 0.02%
April 24th, 2025 (22 days ago)
|
|
CVE-2025-46520 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in alphasis Related Posts via Taxonomies allows Stored XSS. This issue affects Related Posts via Taxonomies: from n/a through 1.0.1.
CVSS: HIGH (7.1) EPSS Score: 0.02%
April 24th, 2025 (22 days ago)
|