Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-5576	PHPGurukul Dairy Farm Shop Management System bwdate-report-details.php sql injection Description: A vulnerability, which was classified as critical, has been found in PHPGurukul Dairy Farm Shop Management System 1.3. This issue affects some unknown processing of the file /bwdate-report-details.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Eine Schwachstelle wurde in PHPGurukul Dairy Farm Shop Management System 1.3 entdeckt. Sie wurde als kritisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei /bwdate-report-details.php. Durch Manipulieren des Arguments fromdate/todate mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung. CVSS: MEDIUM (6.9) Source: CVE June 4th, 2025 (about 9 hours ago)
CVE-2025-5575	PHPGurukul Dairy Farm Shop Management System add-product.php sql injection Description: A vulnerability classified as critical was found in PHPGurukul Dairy Farm Shop Management System 1.3. This vulnerability affects unknown code of the file /add-product.php. The manipulation of the argument productname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. In PHPGurukul Dairy Farm Shop Management System 1.3 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /add-product.php. Durch das Manipulieren des Arguments productname mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung. CVSS: MEDIUM (6.9) Source: CVE June 4th, 2025 (about 9 hours ago)
CVE-2025-5482	Sunshine Photo Cart <= 3.4.11 - Authenticated (Subscriber) Privilege Escalation Description: The Sunshine Photo Cart: Free Client Photo Galleries for Photographers plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.11. This is due to the plugin not properly validating a user-supplied key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary user's passwords through the password reset functionality, including administrators, and leverage that to reset the user's password and gain access to their account. CVSS: HIGH (8.8) Source: CVE June 4th, 2025 (about 9 hours ago)
CVE-2025-47727	Out-of-bounds Write in CNCSoft Description: Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. CVSS: HIGH (7.3) Source: CVE June 4th, 2025 (about 9 hours ago)
CVE-2025-47726	Out-of-bounds Write in CNCSoft Description: Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. CVSS: HIGH (7.3) Source: CVE June 4th, 2025 (about 9 hours ago)
CVE-2025-47725	Out-of-bounds Write in CNCSoft Description: Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. CVSS: HIGH (7.3) Source: CVE June 4th, 2025 (about 9 hours ago)
CVE-2025-47724	Out-of-bounds Write in CNCSoft Description: Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. CVSS: HIGH (7.3) Source: CVE June 4th, 2025 (about 9 hours ago)
CVE-2025-27444	Extension - rsjoomla.com - A reflected XSS vulnerability RSform!Pro component 3.0.0 - 3.3.13 for Joomla Description: A reflected XSS vulnerability in RSform!Pro component 3.0.0 - 3.3.13 for Joomla was discovered. The issue arises from the improper handling of the filter[dateFrom] GET parameter, which is reflected unescaped in the administrative backend interface. This allows an authenticated attacker with admin or editor privileges to inject arbitrary JavaScript code by crafting a malicious URL. Source: CVE June 4th, 2025 (about 9 hours ago)
	🏴‍☠️ Global has just published a new victim : www.motorworldarc.co.uk Description: Motor World ARC is a UK-based company specializing in vehicle repairs and automotive services, offering expert solutions for a range of car-related needs. They provide high-quality accident repair, bodywork restoration, and mechanical services, with a commitment to customer satisfaction and precision. Source: Ransomware.live June 4th, 2025 (about 9 hours ago)
	🏴‍☠️ Global has just published a new victim : Epworth-Hospital Description: Epworth HealthCare is a leading not-for-profit private hospital group in Victoria, Australia, known for high-quality medical, surgical, and rehabilitation services. Founded in 1920, it operates major hospitals across Melbourne and Geelong. Source: Ransomware.live June 4th, 2025 (about 9 hours ago)