Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-4590
Daisycon prijsvergelijkers <= 4.8.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description: The Daisycon prijsvergelijkers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'daisycon_uitvaart' shortcode in all versions up to, and including, 4.8.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS: MEDIUM (6.4)

EPSS Score: 0.03%

Source: CVE
May 31st, 2025 (11 days ago)

CVE-2025-5370
PHPGurukul News Portal forgot-password.php sql injection
Description: A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. Affected by this vulnerability is an unknown functionality of the file /admin/forgot-password.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. In PHPGurukul News Portal 4.1 wurde eine kritische Schwachstelle entdeckt. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /admin/forgot-password.php. Dank Manipulation des Arguments Username mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (6.9)

EPSS Score: 0.04%

Source: CVE
May 31st, 2025 (11 days ago)

CVE-2025-5368
PHPGurukul Daily Expense Tracker System expense-yearwise-reports-detailed.php sql injection
Description: A vulnerability was found in PHPGurukul Daily Expense Tracker System 1.1. It has been rated as critical. This issue affects some unknown processing of the file /expense-yearwise-reports-detailed.php. The manipulation of the argument todate leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Eine Schwachstelle wurde in PHPGurukul Daily Expense Tracker System 1.1 ausgemacht. Sie wurde als kritisch eingestuft. Es geht hierbei um eine nicht näher spezifizierte Funktion der Datei /expense-yearwise-reports-detailed.php. Durch Beeinflussen des Arguments todate mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE
May 31st, 2025 (11 days ago)

CVE-2025-5016
Relevanssi <= 4.24.5 (Free) and <= 2.27.6 (Premium) - Unauthenticated Stored Cross-Site Scripting via Excerpt Highlights
Description: The Relevanssi – A Better Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Excerpt Highlights in all versions up to, and including, 4.24.5 (Free) and 2.27.6 (Premium) due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS: MEDIUM (4.7)

EPSS Score: 0.06%

Source: CVE
May 31st, 2025 (11 days ago)

CVE-2025-5367
PHPGurukul Online Shopping Portal Project category.php sql injection
Description: A vulnerability was found in PHPGurukul Online Shopping Portal Project 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /category.php. The manipulation of the argument Product leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. In PHPGurukul Online Shopping Portal Project 1.0 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Es geht um eine nicht näher bekannte Funktion der Datei /category.php. Durch das Beeinflussen des Arguments Product mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (6.9)

EPSS Score: 0.04%

Source: CVE
May 31st, 2025 (11 days ago)

CVE-2025-5361
Campcodes Online Hospital Management System contact.php sql injection
Description: A vulnerability, which was classified as critical, has been found in Campcodes Online Hospital Management System 1.0. This issue affects some unknown processing of the file /contact.php. The manipulation of the argument fullname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Eine Schwachstelle wurde in Campcodes Online Hospital Management System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Davon betroffen ist unbekannter Code der Datei /contact.php. Durch Manipulation des Arguments fullname mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (6.9)

EPSS Score: 0.04%

Source: CVE
May 30th, 2025 (11 days ago)

CVE-2025-2503
An improper permission handling vulnerability was reported in Lenovo PC Manager that could allow a local attacker to perform arbitrary file...
Description: An improper permission handling vulnerability was reported in Lenovo PC Manager that could allow a local attacker to perform arbitrary file deletions as an elevated user.

CVSS: MEDIUM (6.9)

EPSS Score: 0.01%

Source: CVE
May 30th, 2025 (11 days ago)

CVE-2025-1479
An open debug interface was reported in the Legion Space software included on certain Legion devices that could allow a local attacker to execute...
Description: An open debug interface was reported in the Legion Space software included on certain Legion devices that could allow a local attacker to execute arbitrary code.

CVSS: MEDIUM (4.8)

EPSS Score: 0.02%

Source: CVE
May 30th, 2025 (11 days ago)

CVE-2024-1027
SourceCodester Facebook News Feed Like Post unrestricted upload
Description: A vulnerability, which was classified as critical, was found in SourceCodester Facebook News Feed Like 1.0. Affected is an unknown function of the component Post Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-252300. Es wurde eine Schwachstelle in SourceCodester Facebook News Feed Like 1.0 gefunden. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion der Komponente Post Handler. Durch Manipulation mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen.

CVSS: MEDIUM (6.3)

EPSS Score: 0.04%

SSVC Exploitation: none

Source: CVE
May 30th, 2025 (11 days ago)

CVE-2024-0564
Kernel: max page sharing of kernel samepage merging (ksm) may cause memory deduplication
Description: A flaw was found in the Linux kernel's memory deduplication mechanism. The max page sharing of Kernel Samepage Merging (KSM), added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is "max page sharing=256", it is possible for the attacker to time the unmap to merge with the victim's page. The unmapping time depends on whether it merges with the victim's page and additional physical pages are created beyond the KSM's "max page share". Through these operations, the attacker can leak the victim's page.

CVSS: MEDIUM (5.3)

EPSS Score: 0.02%

SSVC Exploitation: none

Source: CVE
May 30th, 2025 (11 days ago)