Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-31418 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in noonnoo Gravel allows Reflected XSS.This issue affects Gravel: from n/a through 1.6.
CVSS: HIGH (7.1) EPSS Score: 0.04% SSVC Exploitation: none
April 4th, 2025 (18 days ago)
|
|
CVE-2025-31416 |
WordPress Awesome Event Booking plugin <= 2.8.4 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AwesomeTOGI Awesome Event Booking allows Reflected XSS.This issue affects Awesome Event Booking: from n/a through 2.8.4.
CVSS: HIGH (7.1) EPSS Score: 0.04% SSVC Exploitation: none
April 4th, 2025 (18 days ago)
|
|
CVE-2025-31407 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hutsixdigital Tiger allows Stored XSS.This issue affects Tiger: from n/a through 2.0.
CVSS: MEDIUM (6.5) EPSS Score: 0.03% SSVC Exploitation: none
April 4th, 2025 (18 days ago)
|
|
CVE-2025-31405 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zankover Fami WooCommerce Compare allows PHP Local File Inclusion.This issue affects Fami WooCommerce Compare: from n/a through 1.0.5.
CVSS: HIGH (7.5) EPSS Score: 0.11% SSVC Exploitation: none
April 4th, 2025 (18 days ago)
|
|
CVE-2025-31403 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shiptrack Booking Calendar and Notification allows Blind SQL Injection.This issue affects Booking Calendar and Notification: from n/a through 4.0.3.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
April 4th, 2025 (18 days ago)
|
|
CVE-2025-31389 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sequel.Io Sequel allows Reflected XSS.This issue affects Sequel: from n/a through 1.0.11.
CVSS: HIGH (7.1) EPSS Score: 0.04%
April 4th, 2025 (18 days ago)
|
|
CVE-2025-31384 |
Description: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Aviplugins Videos allows Reflected XSS.This issue affects Videos: from n/a through 1.0.5.
CVSS: HIGH (7.1) EPSS Score: 0.04%
April 4th, 2025 (18 days ago)
|
|
CVE-2025-31381 |
Description: Missing Authorization vulnerability in shiptrack Booking Calendar and Notification allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking Calendar and Notification: from n/a through 4.0.3.
CVSS: MEDIUM (6.5) EPSS Score: 0.05%
April 4th, 2025 (18 days ago)
|
|
CVE-2025-2798 |
Description: The Woffice CRM theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.4.21. This is due to a misconfiguration of excluded roles during registration. This makes it possible for unauthenticated attackers to register with an Administrator role if a custom login form is being used. This can be combined with CVE-2025-2797 to bypass the user approval process if an Administrator can be tricked into taking an action such as clicking a link.
CVSS: CRITICAL (9.8) EPSS Score: 0.18%
April 4th, 2025 (18 days ago)
|
|
CVE-2025-22285 |
Description: Missing Authorization vulnerability in Eniture Technology Pallet Packaging for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pallet Packaging for WooCommerce: from n/a through 1.1.15.
CVSS: MEDIUM (6.5) EPSS Score: 0.05%
April 4th, 2025 (18 days ago)
|