Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-31012 |
Description: Missing Authorization vulnerability in Phil Age Gate allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Age Gate: from n/a through 3.5.4.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
April 9th, 2025 (13 days ago)
|
|
CVE-2025-31009 |
Description: Server-Side Request Forgery (SSRF) vulnerability in Jan Boddez IndieBlocks allows Server Side Request Forgery. This issue affects IndieBlocks: from n/a through 0.13.1.
CVSS: MEDIUM (5.4) EPSS Score: 0.03%
April 9th, 2025 (13 days ago)
|
|
CVE-2025-31008 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YouTube Embed Plugin Support YouTube Embed allows Stored XSS. This issue affects YouTube Embed: from n/a through 5.3.1.
CVSS: MEDIUM (5.9) EPSS Score: 0.03%
April 9th, 2025 (13 days ago)
|
|
CVE-2025-31005 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Uzair Easyfonts allows Cross Site Request Forgery. This issue affects Easyfonts: from n/a through 1.1.2.
CVSS: MEDIUM (4.3) EPSS Score: 0.02%
April 9th, 2025 (13 days ago)
|
|
CVE-2025-31004 |
Description: Missing Authorization vulnerability in Croover.inc Rich Table of Contents allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Rich Table of Contents: from n/a through 1.4.0.
CVSS: MEDIUM (4.3) EPSS Score: 0.03%
April 9th, 2025 (13 days ago)
|
|
CVE-2025-32379 |
Description: Koa is expressive middleware for Node.js using ES2017 async functions. In koa < 2.16.1 and < 3.0.0-alpha.5, passing untrusted user input to ctx.redirect() even after sanitizing it, may execute javascript code on the user who use the app. This issue is patched in 2.16.1 and 3.0.0-alpha.5.
CVSS: MEDIUM (5.0) EPSS Score: 0.04%
April 9th, 2025 (13 days ago)
|
|
CVE-2025-32378 |
Description: Shopware is an open source e-commerce software platform. Prior to 6.6.10.3 or 6.5.8.17, the default settings for double-opt-in allow for mass unsolicited newsletter sign-ups without confirmation. Default settings are Newsletter: Double Opt-in set to active, Newsletter: Double opt-in for registered customers set to disabled, and Log-in & sign-up: Double opt-in on sign-up set to disabled. With these settings, anyone can register an account on the shop using any e-mail-address and then check the check-box in the account page to sign up for the newsletter. The recipient will receive two mails confirming registering and signing up for the newsletter, no confirmation link needed to be clicked for either. In the backend the recipient is set to “instantly active”. This vulnerability is fixed in 6.6.10.3 or 6.5.8.17.
CVSS: MEDIUM (6.9) EPSS Score: 0.06%
April 9th, 2025 (13 days ago)
|
|
CVE-2025-32374 |
Description: DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Possible denial of service with specially crafted information in the public registration form. This vulnerability is fixed in 9.13.8.
CVSS: MEDIUM (5.9) EPSS Score: 0.05% SSVC Exploitation: none
April 9th, 2025 (13 days ago)
|
|
CVE-2025-32373 |
Description: DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In limited configurations, registered users may be able to craft a request to enumerate/access some portal files they should not have access to. This vulnerability is fixed in 9.13.8.
CVSS: MEDIUM (6.5) EPSS Score: 0.03% SSVC Exploitation: none
April 9th, 2025 (13 days ago)
|
|
CVE-2025-32372 |
Description: DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. A bypass has been identified for the previously known vulnerability CVE-2017-0929, allowing unauthenticated attackers to execute arbitrary GET requests against target systems, including internal or adjacent networks. This vulnerability facilitates a semi-blind SSRF attack, allowing attackers to make the target server send requests to internal or external URLs without viewing the full responses. Potential impacts include internal network reconnaissance, bypassing firewalls. This vulnerability is fixed in 9.13.8.
CVSS: MEDIUM (6.5) EPSS Score: 0.08% SSVC Exploitation: none
April 9th, 2025 (13 days ago)
|