Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
April 18th, 2025 (1 day ago)
|
CVE-2025-3783 |
Description: A vulnerability classified as critical was found in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add-product.php. The manipulation of the argument Avatar leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. In SourceCodester Web-based Pharmacy Product Management System 1.0 wurde eine kritische Schwachstelle entdeckt. Es geht um eine nicht näher bekannte Funktion der Datei /add-product.php. Durch die Manipulation des Arguments Avatar mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
April 18th, 2025 (1 day ago)
|
|
CVE-2025-3598 |
Description: The Coupon Affiliates – Affiliate Plugin for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the commission_summary parameter in all versions up to, and including, .6.3.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
CVSS: MEDIUM (6.1) EPSS Score: 0.04%
April 18th, 2025 (1 day ago)
|
|
CVE-2025-1863 |
Description: Insecure default settings have been found in recorder products provided by Yokogawa Electric Corporation. The default setting of the authentication function is disabled on the affected products. Therefore, when connected to a network with default settings, anyone can access all functions related to settings and operations. As a result, an attacker can illegally manipulate and configure important data such as measured values and settings.
This issue affects GX10 / GX20 / GP10 / GP20 Paperless Recorders: R5.04.01 or earlier; GM Data Acquisition System: R5.05.01 or earlier; DX1000 / DX2000 / DX1000N Paperless Recorders: R4.21 or earlier; FX1000 Paperless Recorders: R1.31 or earlier; μR10000 / μR20000 Chart Recorders: R1.51 or earlier; MW100 Data Acquisition Units: All versions; DX1000T / DX2000T Paperless Recorders: All versions; CX1000 / CX2000 Paperless Recorders: All versions.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
April 18th, 2025 (1 day ago)
|
|
CVE-2025-39471 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pantherius Modal Survey.This issue affects Modal Survey: from n/a through 2.0.2.0.1.
CVSS: CRITICAL (9.3) EPSS Score: 0.03%
April 18th, 2025 (1 day ago)
|
|
CVE-2025-39470 |
Description: Path Traversal: '.../...//' vulnerability in ThimPress Ivy School allows PHP Local File Inclusion.This issue affects Ivy School: from n/a through 1.6.0.
CVSS: HIGH (8.1) EPSS Score: 0.04%
April 18th, 2025 (1 day ago)
|
|
CVE-2025-39469 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pantherius Modal Survey allows Reflected XSS.This issue affects Modal Survey: from n/a through 2.0.2.0.1.
CVSS: HIGH (7.1) EPSS Score: 0.03%
April 18th, 2025 (1 day ago)
|
|
🚨 Marked as known exploited on April 18th, 2025 (1 day ago).
Description: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a medium-severity security flaw impacting Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild.
The vulnerability, assigned the CVE identifier CVE-2025-24054 (CVSS score: 6.5), is a Windows New Technology LAN Manager (NTLM) hash disclosure
CVSS: MEDIUM (6.5)
April 18th, 2025 (1 day ago)
|
|
CVE-2025-42599 |
Description: Active! mail 6 BuildInfo: 6.60.05008561 and earlier contains a stack-based buffer overflow vulnerability. Receiving a specially crafted request created and sent by a remote unauthenticated attacker may lead to arbitrary code execution and/or a denial-of-service (DoS) condition.
CVSS: CRITICAL (9.8) EPSS Score: 0.27%
April 18th, 2025 (1 day ago)
|
|
CVE-2025-3520 |
Description: The Avatar plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and including, 0.1.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
CVSS: HIGH (8.1) EPSS Score: 0.26%
April 18th, 2025 (1 day ago)
|