Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-13610
Simple Social Media Share Buttons < 6.0.0 - Admin+ Stored XSS
Description: The Simple Social Media Share Buttons WordPress plugin before 6.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Source: CVE
April 15th, 2025 (about 5 hours ago)

CVE-2024-13207
Widget for Social Page Feeds < 6.4.2 - Admin+ Stored XSS
Description: The Widget for Social Page Feeds WordPress plugin before 6.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Source: CVE
April 15th, 2025 (about 5 hours ago)
Meta Resumes E.U. AI Training Using Public User Data After Regulator Approval
Description: Meta has announced that it will begin to train its artificial intelligence (AI) models using public data shared by adults across its platforms in the European Union, nearly a year after it paused its efforts due to data protection concerns from Irish regulators. "This training will better support millions of people and businesses in Europe, by teaching our generative AI models to better
Source: TheHackerNews
April 15th, 2025 (about 7 hours ago)
Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability
🚨 Marked as known exploited on April 15th, 2025 (about 7 hours ago).
Description: A recently disclosed security flaw in Gladinet CentreStack also impacts its Triofox remote access and collaboration solution, according to Huntress, with seven different organizations compromised to date. Tracked as CVE-2025-30406 (CVSS score: 9.0), the vulnerability refers to the use of a hard-coded cryptographic key that could expose internet-accessible servers to remote code execution attacks

CVSS: CRITICAL (9.8)

Source: TheHackerNews
April 15th, 2025 (about 7 hours ago)
[remote] Pymatgen 2024.1 - Remote Code Execution (RCE)
Description: Pymatgen 2024.1 - Remote Code Execution (RCE)
Source: ExploitDB
April 15th, 2025 (about 7 hours ago)

CVE-2025-29984
Dell Trusted Device, versions prior to 7.0.3.0, contain an Incorrect Default Permissions vulnerability. A low privileged attacker with local...
Description: Dell Trusted Device, versions prior to 7.0.3.0, contain an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

CVSS: MEDIUM (6.7)

Source: CVE
April 15th, 2025 (about 7 hours ago)

CVE-2025-29983
Dell Trusted Device, versions prior to 7.0.3.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low...
Description: Dell Trusted Device, versions prior to 7.0.3.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

CVSS: MEDIUM (6.7)

Source: CVE
April 15th, 2025 (about 7 hours ago)

CVE-2025-3613
Demtec Graphytics visualization cross site scripting
Description: A vulnerability has been found in Demtec Graphytics 5.0.7 and classified as problematic. This vulnerability affects unknown code of the file /visualization. The manipulation of the argument description leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. In Demtec Graphytics 5.0.7 wurde eine problematische Schwachstelle gefunden. Betroffen ist eine unbekannte Verarbeitung der Datei /visualization. Mittels dem Manipulieren des Arguments description mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (5.1)

Source: CVE
April 15th, 2025 (about 8 hours ago)

CVE-2025-3612
Demtec Graphytics HTTP GET Parameter visualization cross site scripting
Description: A vulnerability, which was classified as problematic, was found in Demtec Graphytics 5.0.7. This affects an unknown part of the file /visualization of the component HTTP GET Parameter Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Es wurde eine problematische Schwachstelle in Demtec Graphytics 5.0.7 gefunden. Hiervon betroffen ist ein unbekannter Codeblock der Datei /visualization der Komponente HTTP GET Parameter Handler. Durch Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (5.3)

Source: CVE
April 15th, 2025 (about 8 hours ago)

CVE-2025-3470
TS Poll – Survey, Versus Poll, Image Poll, Video Poll <= 2.4.6 - Authenticated (Administrator+) SQL Injection via 's' Parameter
Description: The TS Poll – Survey, Versus Poll, Image Poll, Video Poll plugin for WordPress is vulnerable to SQL Injection via the s parameter in all versions up to, and including, 2.4.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

CVSS: MEDIUM (4.9)

SSVC Exploitation: none

Source: CVE
April 15th, 2025 (about 8 hours ago)