Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-27011 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magepeopleteam Booking and Rental Manager allows PHP Local File Inclusion. This issue affects Booking and Rental Manager: from n/a through 2.2.8.
CVSS: HIGH (7.5) EPSS Score: 0.11%
April 15th, 2025 (5 days ago)
|
|
CVE-2025-27008 |
Description: Missing Authorization vulnerability in NotFound Unlimited Timeline allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Unlimited Timeline: from n/a through n/a.
CVSS: HIGH (7.5) EPSS Score: 0.03%
April 15th, 2025 (5 days ago)
|
|
CVE-2025-26998 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Blocks – Gutenberg based Page Builder allows Stored XSS. This issue affects SKT Blocks – Gutenberg based Page Builder: from n/a through 1.8.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
April 15th, 2025 (5 days ago)
|
|
CVE-2025-26996 |
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Fetch Designs Sign-up Sheets allows Code Injection. This issue affects Sign-up Sheets: from n/a through 2.3.0.1.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
April 15th, 2025 (5 days ago)
|
|
CVE-2025-26953 |
Description: Missing Authorization vulnerability in NotFound JetMenu allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects JetMenu: from n/a through 2.4.9.
CVSS: HIGH (7.5) EPSS Score: 0.03%
April 15th, 2025 (5 days ago)
|
|
CVE-2025-26951 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in covertnine C9 Blocks allows DOM-Based XSS. This issue affects C9 Blocks: from n/a through 1.7.7.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
April 15th, 2025 (5 days ago)
|
|
CVE-2025-26950 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AddonsPress Nepali Date Converter allows Stored XSS. This issue affects Nepali Date Converter: from n/a through 2.0.8.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
April 15th, 2025 (5 days ago)
|
|
CVE-2025-26934 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in graphthemes Glossy Blog allows Stored XSS. This issue affects Glossy Blog: from n/a through 1.0.3.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
April 15th, 2025 (5 days ago)
|
|
CVE-2025-26930 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in alleythemes Home Services allows DOM-Based XSS. This issue affects Home Services: from n/a through 1.2.6.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
April 15th, 2025 (5 days ago)
|
|
CVE-2025-26927 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in EPC AI Hub allows Upload a Web Shell to a Web Server. This issue affects AI Hub: from n/a through 1.3.3.
CVSS: CRITICAL (10.0) EPSS Score: 0.04%
April 15th, 2025 (5 days ago)
|