Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-27565
Growatt Cloud portal Authorization Bypass Through User-Controlled Key
Description: An unauthenticated attacker can delete any user's "rooms" by knowing the user's and room IDs.

CVSS: MEDIUM (6.9)

EPSS Score: 0.05%

Source: CVE
April 15th, 2025 (4 days ago)

CVE-2025-27561
Growatt Cloud portal Authorization Bypass Through User-Controlled Key
Description: Unauthenticated attackers can rename "rooms" of arbitrary users.

CVSS: MEDIUM (6.9)

EPSS Score: 0.04%

Source: CVE
April 15th, 2025 (4 days ago)

CVE-2025-26998
WordPress SKT Blocks – Gutenberg based Page Builder plugin <= 1.8 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Blocks – Gutenberg based Page Builder allows Stored XSS. This issue affects SKT Blocks – Gutenberg based Page Builder: from n/a through 1.8.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
April 15th, 2025 (4 days ago)

CVE-2025-26996
WordPress Sign-up Sheets plugin <= 2.3.0.1 - Shortcode Injection vulnerability
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Fetch Designs Sign-up Sheets allows Code Injection. This issue affects Sign-up Sheets: from n/a through 2.3.0.1.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
April 15th, 2025 (4 days ago)

CVE-2025-26951
WordPress C9 Blocks plugin <= 1.7.7 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in covertnine C9 Blocks allows DOM-Based XSS. This issue affects C9 Blocks: from n/a through 1.7.7.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
April 15th, 2025 (4 days ago)

CVE-2025-26950
WordPress Nepali Date Converter plugin <= 2.0.8 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AddonsPress Nepali Date Converter allows Stored XSS. This issue affects Nepali Date Converter: from n/a through 2.0.8.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
April 15th, 2025 (4 days ago)

CVE-2025-26934
WordPress Glossy Blog theme <= 1.0.3 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in graphthemes Glossy Blog allows Stored XSS. This issue affects Glossy Blog: from n/a through 1.0.3.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
April 15th, 2025 (4 days ago)

CVE-2025-26930
WordPress Home Services plugin <= 1.2.6 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in alleythemes Home Services allows DOM-Based XSS. This issue affects Home Services: from n/a through 1.2.6.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
April 15th, 2025 (4 days ago)

CVE-2025-26919
WordPress Tainá plugin <= 0.2.2 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tainacan Tainá allows Stored XSS. This issue affects Tainá: from n/a through 0.2.2.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
April 15th, 2025 (4 days ago)

CVE-2025-26906
WordPress WP Delete User Accounts plugin <= 1.2.3 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ren Ventura WP Delete User Accounts allows DOM-Based XSS. This issue affects WP Delete User Accounts: from n/a through 1.2.3.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
April 15th, 2025 (4 days ago)