Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-1524 |
Description: The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
EPSS Score: 0.03%
April 17th, 2025 (5 days ago)
|
|
CVE-2025-1523 |
Description: The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
EPSS Score: 0.03%
April 17th, 2025 (5 days ago)
|
|
CVE-2024-13925 |
Description: The Klarna Checkout for WooCommerce WordPress plugin before 2.13.5 exposes an unauthenticated WooCommerce Ajax endpoint that allows an attacker to flood the log files with data at the maximum size allowed for a POST parameter per request. This can result in rapid consumption of disk space, potentially filling the entire disk.
EPSS Score: 0.04%
April 17th, 2025 (5 days ago)
|
|
CVE-2024-11924 |
Description: The Icegram Express formerly known as Email Subscribers WordPress plugin before 5.7.52 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
EPSS Score: 0.03%
April 17th, 2025 (5 days ago)
|
|
Description: Gartner projects IT security spending in the MENA region will continue to increase in 2025, with security services accounting for the most growth.
April 17th, 2025 (5 days ago)
|
|
🚨 Marked as known exploited on April 17th, 2025 (5 days ago).
Description: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting SonicWall Secure Mobile Access (SMA) 100 Series gateways to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The high-severity vulnerability, tracked as CVE-2021-20035 (CVSS score: 7.2), relates to a case of operating system command injection
CVSS: MEDIUM (6.5)
April 17th, 2025 (5 days ago)
|
|
Description: This blog post is about the RomethemeKit For Elementor plugin vulnerability. If you're a RomethemeKit For Elementor user, please update the plugin to at least version 1.5.5. If you are a Patchstack customer, you are protected from this vulnerability already, and no further action is required from you. For plugin developers, we have security audit […]
The post Critical RomethemeKit For Elementor Plugin Vulnerability Patched appeared first on Patchstack.
April 17th, 2025 (5 days ago)
|
|
🚨 Marked as known exploited on April 17th, 2025 (5 days ago).
Description: Apple on Wednesday released security updates for iOS, iPadOS, macOS Sequoia, tvOS, and visionOS to address two security flaws that it said have come under active exploitation in the wild.
The vulnerabilities in question are listed below -
CVE-2025-31200 (CVSS score: 7.5) - A memory corruption vulnerability in the Core Audio framework that could allow code execution when processing an audio
EPSS Score: 0.41%
April 17th, 2025 (5 days ago)
|
|
Description: TP-Link VN020 F3v(T) TT_V6.2.1021 - Buffer Overflow Memory Corruption
April 17th, 2025 (5 days ago)
|
|
CVE-2025-43717 |
Description: In PEAR HTTP_Request2 before 2.7.0, multiple files in the tests directory, notably tests/_network/getparameters.php and tests/_network/postparameters.php, reflect any GET or POST parameters, leading to XSS.
CVSS: MEDIUM (5.4) EPSS Score: 0.03%
April 17th, 2025 (5 days ago)
|