Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-45542 |
Description: SQL injection vulnerability in the registrationform endpoint of CloudClassroom-PHP-Project v1.0. The pass parameter is vulnerable due to improper input validation, allowing attackers to inject SQL queries.
EPSS Score: 0.13% SSVC Exploitation: poc
June 2nd, 2025 (6 days ago)
|
|
CVE-2025-44172 |
Description: Tenda AC6 V15.03.05.16 was discovered to contain a stack overflow via the time parameter in the setSmartPowerManagement function.
EPSS Score: 0.03%
June 2nd, 2025 (6 days ago)
|
|
CVE-2025-44115 |
Description: A vulnerability has been found in Cotonti Siena v0.9.25. Affected by this vulnerability is the file /admin.php?m=config&n=edit&o=core&p=title. The manipulation of the value of title leads to cross-site scripting.
EPSS Score: 0.03%
June 2nd, 2025 (6 days ago)
|
|
CVE-2024-40114 |
Description: A Cross Site Scripting (XSS) vulnerability in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before allows an attacker to manipulate the language cookie to inject malicious JavaScript code.
EPSS Score: 0.03%
June 2nd, 2025 (6 days ago)
|
|
CVE-2024-40113 |
Description: Sitecom WLX-2006 Wall Mount Range Extender N300 v.1.5 and before is vulnerable to Use of Default Credentials.
EPSS Score: 0.03%
June 2nd, 2025 (6 days ago)
|
|
CVE-2024-23659 |
Description: SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of an uploaded file. This is related to javascript/bigup.js and javascript/bigup.utils.js.
EPSS Score: 1.01% SSVC Exploitation: none
June 2nd, 2025 (6 days ago)
|
|
CVE-2024-23525 |
Description: The Spreadsheet::ParseXLSX package before 0.30 for Perl allows XXE attacks because it neglects to use the no_xxe option of XML::Twig.
EPSS Score: 0.16% SSVC Exploitation: poc
June 2nd, 2025 (6 days ago)
|
|
CVE-2024-22877 |
Description: StrangeBee TheHive 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case reporting functionality. This feature allows an attacker to insert malicious JavaScript code inside the template or its variables, that will be executed in the context of the TheHive application when the HTML report is opened.
EPSS Score: 0.14% SSVC Exploitation: none
June 2nd, 2025 (6 days ago)
|
|
CVE-2024-22819 |
Description: FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_templets_update.
EPSS Score: 0.06% SSVC Exploitation: poc
June 2nd, 2025 (6 days ago)
|
|
CVE-2024-22628 |
Description: Budget and Expense Tracker System v1.0 is vulnerable to SQL Injection via /expense_budget/admin/?page=reports/budget&date_start=2023-12-28&date_end=
EPSS Score: 0.14% SSVC Exploitation: poc
June 2nd, 2025 (6 days ago)
|