Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-32139 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bradvin FooBox Image Lightbox . This issue affects FooBox Image Lightbox : from n/a through 2.7.33.
CVSS: MEDIUM (5.9) EPSS Score: 0.03%
April 10th, 2025 (11 days ago)
|
|
CVE-2025-32128 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in aaronfrey Nearby Locations allows SQL Injection. This issue affects Nearby Locations: from n/a through 1.1.1.
CVSS: HIGH (7.6) EPSS Score: 0.04%
April 10th, 2025 (11 days ago)
|
|
CVE-2025-32119 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CardGate CardGate Payments for WooCommerce allows Blind SQL Injection. This issue affects CardGate Payments for WooCommerce: from n/a through 3.2.1.
CVSS: HIGH (8.2) EPSS Score: 0.03%
April 10th, 2025 (11 days ago)
|
|
CVE-2025-32116 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Studi7 QR Master allows Reflected XSS. This issue affects QR Master: from n/a through 1.0.5.
CVSS: HIGH (7.1) EPSS Score: 0.04%
April 10th, 2025 (11 days ago)
|
|
CVE-2025-32115 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes Popping Content Light allows Reflected XSS. This issue affects Popping Content Light: from n/a through 2.4.
CVSS: HIGH (7.1) EPSS Score: 0.04%
April 10th, 2025 (11 days ago)
|
|
CVE-2025-32114 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 5sterrenspecialist 5sterrenspecialist allows Reflected XSS. This issue affects 5sterrenspecialist: from n/a through 1.3.
CVSS: HIGH (7.1) EPSS Score: 0.04%
April 10th, 2025 (11 days ago)
|
|
CVE-2025-31524 |
Description: Incorrect Privilege Assignment vulnerability in NotFound WP User Profiles allows Privilege Escalation. This issue affects WP User Profiles: from n/a through 2.6.2.
CVSS: HIGH (8.8) EPSS Score: 0.04%
April 10th, 2025 (11 days ago)
|
|
CVE-2025-30582 |
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in aytechnet DyaPress ERP/CRM allows PHP Local File Inclusion. This issue affects DyaPress ERP/CRM: from n/a through 18.0.2.0.
CVSS: HIGH (8.1) EPSS Score: 0.06%
April 10th, 2025 (11 days ago)
|
|
CVE-2025-22279 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Crocoblock JetCompareWishlist allows PHP Local File Inclusion.This issue affects JetCompareWishlist: from n/a through 1.5.9.
CVSS: HIGH (7.5) EPSS Score: 0.13%
April 10th, 2025 (11 days ago)
|
|
CVE-2025-3417 |
Description: The Embedder plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajax_set_global_option() function in versions 1.3 to 1.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
CVSS: HIGH (8.8) EPSS Score: 0.04%
April 10th, 2025 (11 days ago)
|