Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-1524 |
Description: The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
EPSS Score: 0.03%
April 17th, 2025 (3 days ago)
|
|
CVE-2025-1523 |
Description: The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
EPSS Score: 0.03%
April 17th, 2025 (3 days ago)
|
|
CVE-2024-13925 |
Description: The Klarna Checkout for WooCommerce WordPress plugin before 2.13.5 exposes an unauthenticated WooCommerce Ajax endpoint that allows an attacker to flood the log files with data at the maximum size allowed for a POST parameter per request. This can result in rapid consumption of disk space, potentially filling the entire disk.
EPSS Score: 0.02%
April 17th, 2025 (3 days ago)
|
|
CVE-2024-11924 |
Description: The Icegram Express formerly known as Email Subscribers WordPress plugin before 5.7.52 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
EPSS Score: 0.03%
April 17th, 2025 (3 days ago)
|
|
Description: Gartner projects IT security spending in the MENA region will continue to increase in 2025, with security services accounting for the most growth.
April 17th, 2025 (3 days ago)
|
|
Description: This blog post is about the RomethemeKit For Elementor plugin vulnerability. If you're a RomethemeKit For Elementor user, please update the plugin to at least version 1.5.5. If you are a Patchstack customer, you are protected from this vulnerability already, and no further action is required from you. For plugin developers, we have security audit […]
The post Critical RomethemeKit For Elementor Plugin Vulnerability Patched appeared first on Patchstack.
April 17th, 2025 (3 days ago)
|
|
🚨 Marked as known exploited on April 17th, 2025 (3 days ago).
Description: Apple on Wednesday released security updates for iOS, iPadOS, macOS Sequoia, tvOS, and visionOS to address two security flaws that it said have come under active exploitation in the wild.
The vulnerabilities in question are listed below -
CVE-2025-31200 (CVSS score: 7.5) - A memory corruption vulnerability in the Core Audio framework that could allow code execution when processing an audio
EPSS Score: 0.45%
April 17th, 2025 (3 days ago)
|
|
Description: TP-Link VN020 F3v(T) TT_V6.2.1021 - Buffer Overflow Memory Corruption
April 17th, 2025 (3 days ago)
|
|
CVE-2025-1290 |
Description: A race condition Use-After-Free vulnerability exists in the virtio_transport_space_update function within the Kernel 5.4 on ChromeOS. Concurrent allocation and freeing of the virtio_vsock_sock structure
during an AF_VSOCK connect syscall can occur before a worker thread accesses it resulting in a dangling pointer and potential kernel code execution.
EPSS Score: 0.03%
April 17th, 2025 (3 days ago)
|
|
April 17th, 2025 (3 days ago)
|