Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-49072 |
Description: Deserialization of Untrusted Data vulnerability in AncoraThemes Mr. Murphy allows Object Injection.This issue affects Mr. Murphy: from n/a before 1.2.12.1.
CVSS: CRITICAL (9.8)
June 6th, 2025 (about 21 hours ago)
|
|
CVE-2025-38000 |
Description: In the Linux kernel, the following vulnerability has been resolved:
sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()
When enqueuing the first packet to an HFSC class, hfsc_enqueue() calls the
child qdisc's peek() operation before incrementing sch->q.qlen and
sch->qstats.backlog. If the child qdisc uses qdisc_peek_dequeued(), this may
trigger an immediate dequeue and potential packet drop. In such cases,
qdisc_tree_reduce_backlog() is called, but the HFSC qdisc's qlen and backlog
have not yet been updated, leading to inconsistent queue accounting. This
can leave an empty HFSC class in the active list, causing further
consequences like use-after-free.
This patch fixes the bug by moving the increment of sch->q.qlen and
sch->qstats.backlog before the call to the child qdisc's peek() operation.
This ensures that queue length and backlog are always accurate when packet
drops or dequeues are triggered during the peek.
June 6th, 2025 (about 21 hours ago)
|
|
CVE-2025-31025 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Blocksera Image Hover Effects Block allows Stored XSS. This issue affects Image Hover Effects Block: from n/a through 1.4.5.
CVSS: MEDIUM (6.5)
June 6th, 2025 (about 21 hours ago)
|
|
CVE-2025-31000 |
Description: Missing Authorization vulnerability in Miguel Fuentes Payment QR WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Payment QR WooCommerce: from n/a through 1.1.6.
CVSS: MEDIUM (5.3)
June 6th, 2025 (about 21 hours ago)
|
|
CVE-2025-30999 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Fahad Mahmood WP Shopify allows PHP Local File Inclusion. This issue affects WP Shopify: from n/a through 1.5.3.
CVSS: HIGH (7.5)
June 6th, 2025 (about 21 hours ago)
|
|
CVE-2025-30997 |
Description: Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Car Repair Services allows Server Side Request Forgery. This issue affects Car Repair Services: from n/a through 5.0.
CVSS: MEDIUM (5.4)
June 6th, 2025 (about 21 hours ago)
|
|
CVE-2025-30995 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Widgetize Pages Light allows Stored XSS. This issue affects Widgetize Pages Light: from n/a through 3.0.
CVSS: HIGH (7.1)
June 6th, 2025 (about 21 hours ago)
|
|
CVE-2025-30994 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Emraan Cheema CubeWP – All-in-One Dynamic Content Framework allows Cross Site Request Forgery. This issue affects CubeWP – All-in-One Dynamic Content Framework: from n/a through 1.1.23.
CVSS: MEDIUM (4.3)
June 6th, 2025 (about 21 hours ago)
|
|
CVE-2025-30991 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shahjada Premium Packages allows Stored XSS. This issue affects Premium Packages: from n/a through 6.0.2.
CVSS: MEDIUM (6.5)
June 6th, 2025 (about 21 hours ago)
|
|
CVE-2025-30990 |
Description: Missing Authorization vulnerability in ThemeHunk ThemeHunk allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ThemeHunk: from n/a through 1.1.1.
CVSS: MEDIUM (4.3)
June 6th, 2025 (about 21 hours ago)
|