Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-48138 |
Description: Missing Authorization vulnerability in berthaai BERTHA AI allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects BERTHA AI: from n/a through 1.12.11.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
May 16th, 2025 (23 days ago)
|
|
CVE-2025-48135 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aptivadadev Aptivada for WP allows DOM-Based XSS. This issue affects Aptivada for WP: from n/a through 2.0.0.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
May 16th, 2025 (23 days ago)
|
|
CVE-2025-48132 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pencilwp X Addons for Elementor allows Stored XSS. This issue affects X Addons for Elementor: from n/a through 1.0.14.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
May 16th, 2025 (23 days ago)
|
|
CVE-2025-48131 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saiful Islam UltraAddons Elementor Lite allows Stored XSS. This issue affects UltraAddons Elementor Lite: from n/a through 2.0.0.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
May 16th, 2025 (23 days ago)
|
|
CVE-2025-48128 |
Description: Missing Authorization vulnerability in Sharespine Sharespine Woocommerce Connector allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sharespine Woocommerce Connector: from n/a through 4.7.55.
CVSS: MEDIUM (4.3) EPSS Score: 0.03%
May 16th, 2025 (23 days ago)
|
|
CVE-2025-48127 |
Description: Missing Authorization vulnerability in App Cheap Push notification for Mobile and Web app allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Push notification for Mobile and Web app: from n/a through 2.0.3.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
May 16th, 2025 (23 days ago)
|
|
CVE-2025-48121 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Steve Puddick WP Notes Widget allows DOM-Based XSS. This issue affects WP Notes Widget: from n/a through 1.0.6.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
May 16th, 2025 (23 days ago)
|
|
CVE-2025-48120 |
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in RomanCode MapSVG Lite allows Code Injection. This issue affects MapSVG Lite: from n/a through 8.6.4.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
May 16th, 2025 (23 days ago)
|
|
CVE-2025-48119 |
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in RS WP THEMES RS WP Book Showcase allows Code Injection. This issue affects RS WP Book Showcase: from n/a through 6.7.41.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
May 16th, 2025 (23 days ago)
|
|
CVE-2025-48117 |
Description: Missing Authorization vulnerability in kilbot WooCommerce POS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce POS: from n/a through 1.7.8.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
May 16th, 2025 (23 days ago)
|