CVE-2025-31630 |
Description: Missing Authorization vulnerability in themeton The Business allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects The Business: from n/a through 1.6.1.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
May 16th, 2025 (about 2 months ago)
|
CVE-2025-31071 |
Description: Missing Authorization vulnerability in themeton HotStar – Multi-Purpose Business Theme allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HotStar – Multi-Purpose Business Theme: from n/a through 1.4.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
May 16th, 2025 (about 2 months ago)
|
CVE-2025-31068 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in themeton Seven Stars allows Cross Site Request Forgery. This issue affects Seven Stars: from n/a through 1.4.4.
CVSS: MEDIUM (4.3) EPSS Score: 0.02%
May 16th, 2025 (about 2 months ago)
|
CVE-2025-31066 |
Description: Missing Authorization vulnerability in themeton Acerola allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Acerola: from n/a through 1.6.5.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
May 16th, 2025 (about 2 months ago)
|
CVE-2025-31065 |
Description: Missing Authorization vulnerability in themeton Rozario allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Rozario: from n/a through 1.4.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
May 16th, 2025 (about 2 months ago)
|
CVE-2025-31063 |
Description: Missing Authorization vulnerability in redqteam Wishlist allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Wishlist: from n/a through 2.1.0.
CVSS: MEDIUM (4.3) EPSS Score: 0.03%
May 16th, 2025 (about 2 months ago)
|
CVE-2025-31062 |
Description: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in redqteam Wishlist allows Retrieve Embedded Sensitive Data. This issue affects Wishlist: from n/a through 2.1.0.
CVSS: MEDIUM (4.3) EPSS Score: 0.03%
May 16th, 2025 (about 2 months ago)
|
CVE-2024-0291 |
Description: A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. It has been rated as critical. This issue affects the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249857 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Eine Schwachstelle wurde in Totolink LR1200GB 9.1.0u.6619_B20230130 ausgemacht. Sie wurde als kritisch eingestuft. Dies betrifft die Funktion UploadFirmwareFile der Datei /cgi-bin/cstecgi.cgi. Durch die Manipulation des Arguments FileName mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (6.3) EPSS Score: 2.02% SSVC Exploitation: poc
May 16th, 2025 (about 2 months ago)
|
CVE-2024-0272 |
Description: A vulnerability was found in Kashipara Food Management System up to 1.0 and classified as critical. This issue affects some unknown processing of the file addmaterialsubmit.php. The manipulation of the argument material_name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249827. Eine kritische Schwachstelle wurde in Kashipara Food Management System bis 1.0 gefunden. Dies betrifft einen unbekannten Teil der Datei addmaterialsubmit.php. Mittels Manipulieren des Arguments material_name mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (6.3) EPSS Score: 0.05% SSVC Exploitation: poc
May 16th, 2025 (about 2 months ago)
|
![]() |
🚨 Marked as known exploited on May 16th, 2025 (about 2 months ago).
Description: Two critical Ivanti zero-days (CVE-2025-4427 and CVE-2025-4428) are now being actively exploited after a surge in scanning activity last month. When chained together, these vulnerabilities enable unauthenticated remote code execution on Ivanti Endpoint Manager Mobile systems.
CVSS: MEDIUM (5.3) EPSS Score: 82.26%
May 16th, 2025 (about 2 months ago)
|