Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-48902 |
Description: Vulnerability of uncontrolled system resource applications in the setting module
Impact: Successful exploitation of this vulnerability may affect availability.
CVSS: MEDIUM (6.6) EPSS Score: 0.01%
June 6th, 2025 (1 day ago)
|
|
CVE-2025-2935 |
Description: The Anti-Spam: Spam Protection | Block Spam Users, Comments, Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2024.7. This is due to missing or incorrect nonce validation in the 'ss_option_maint.php' and 'ss_user_filter_list' files. This makes it possible for unauthenticated attackers to delete pending comments, and re-enable a previously blocked user via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVSS: MEDIUM (5.4) EPSS Score: 0.01%
June 6th, 2025 (1 day ago)
|
|
CVE-2024-58114 |
Description: Resource allocation control failure vulnerability in the ArkUI framework
Impact: Successful exploitation of this vulnerability may affect availability.
CVSS: MEDIUM (4.0) EPSS Score: 0.01%
June 6th, 2025 (1 day ago)
|
|
CVE-2025-5726 |
Description: A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /script/academic/division-system of the component Division System Page. The manipulation of the argument Division leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Eine problematische Schwachstelle wurde in SourceCodester Student Result Management System 1.0 ausgemacht. Es geht hierbei um eine nicht näher spezifizierte Funktion der Datei /script/academic/division-system der Komponente Division System Page. Dank Manipulation des Arguments Division mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (4.8) EPSS Score: 0.03%
June 6th, 2025 (2 days ago)
|
|
CVE-2025-5725 |
Description: A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /script/academic/grading-system of the component Grading System Page. The manipulation of the argument Remark leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. In SourceCodester Student Result Management System 1.0 wurde eine problematische Schwachstelle ausgemacht. Es geht um eine nicht näher bekannte Funktion der Datei /script/academic/grading-system der Komponente Grading System Page. Dank der Manipulation des Arguments Remark mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (4.8) EPSS Score: 0.03%
June 6th, 2025 (2 days ago)
|
|
CVE-2025-5724 |
Description: A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /script/academic/subjects of the component Subjects Page. The manipulation of the argument Subject leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine problematische Schwachstelle in SourceCodester Student Result Management System 1.0 ausgemacht. Betroffen hiervon ist ein unbekannter Ablauf der Datei /script/academic/subjects der Komponente Subjects Page. Durch Beeinflussen des Arguments Subject mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (4.8) EPSS Score: 0.03%
June 6th, 2025 (2 days ago)
|
|
CVE-2025-5723 |
Description: A vulnerability was found in SourceCodester Student Result Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /script/academic/classes of the component Classes Page. The manipulation of the argument Class Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Eine problematische Schwachstelle wurde in SourceCodester Student Result Management System 1.0 gefunden. Betroffen davon ist ein unbekannter Prozess der Datei /script/academic/classes der Komponente Classes Page. Durch das Beeinflussen des Arguments Class Name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (4.8) EPSS Score: 0.03%
June 6th, 2025 (2 days ago)
|
|
CVE-2025-1778 |
Description: The Art Theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'arttheme_theme_option_restore' AJAX function in all versions up to, and including, 3.12.2.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete the theme option.
CVSS: MEDIUM (4.3) EPSS Score: 0.03%
June 6th, 2025 (2 days ago)
|
|
CVE-2025-1777 |
Description: The BM Content Builder plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'ux_cb_page_options_save' function in all versions up to, and including, 3.16.2.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.03%
June 6th, 2025 (2 days ago)
|
|
CVE-2025-5722 |
Description: A vulnerability has been found in SourceCodester Student Result Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /script/academic/terms of the component Add Academic Term. The manipulation of the argument Academic Term leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. In SourceCodester Student Result Management System 1.0 wurde eine problematische Schwachstelle gefunden. Betroffen ist eine unbekannte Verarbeitung der Datei /script/academic/terms der Komponente Add Academic Term. Durch Manipulieren des Arguments Academic Term mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (4.8) EPSS Score: 0.03%
June 6th, 2025 (2 days ago)
|