We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
This is a free service provided by THREATINT. It is hosted in Europe 
It contains information on publicly disclosed Cybersecurity vulnerabilities based on data from the CVE® Program, please see the official CVE website and CVE List V5 on GitHub. Whenever applicable we also show information from the Known Exploited Vulnerabilities Catalog provided by US CISA as the authoritative source of vulnerabilities that have been exploited in the wild.
CVE-2025-0141: GlobalProtect App: Privilege Escalation (PE) Vulnerability: An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on enables a locally authenticated non administrative user to escalate their privileges to root on macOS and Linux or NT\AUTHORITY SYSTEM on Windows. The GlobalProtect app on iOS, Android, Chrome OS and GlobalProtect UWP app are not affected.
CVE-2025-0140: GlobalProtect App: Non Admin User Can Disable the GlobalProtect App: An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS and Linux devices enables a locally authenticated non administrative user to disable the app even if the GlobalProtect app configuration would not normally permit them to do so. The GlobalProtect app on Windows, iOS, Android, Chrome OS and Global...
CVE-2025-0139: Autonomous Digital Experience Manager: Privilege Escalation (PE) Vulnerability: An incorrect privilege assignment vulnerability in Palo Alto Networks Autonomous Digital Experience Manager allows a locally authenticated low privileged user on macOS endpoints to escalate their privileges to root.
CVE-2025-6976: Events Manager <= 7.0.3 - Authenticated(Contributor+) Stored Cross-Site Scripting via Plugin Shortcodes: The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-6975: Event Manager <= 7.0.3 - Reflected Cross-Site Scripting via `calendar_header` Parameter: The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘calendar_header’ parameter in all versions up to, and including, 7.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inj...
CVE-2025-0292: SSRF in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to access internal network services.
CVE-2025-53651: Jenkins HTML Publisher Plugin 425 and earlier displays log messages that include the absolute paths of files archived during the Publish HTML reports post-build step, exposing information about the Jenkins controller file system in the build log.
CVE-2025-53650: Jenkins Credentials Binding Plugin 687.v619cb_15e923f and earlier does not properly mask (i.e., replace with asterisks) credentials present in exception error messages that are written to the build log.
CVE-2025-49604: For Realtek AmebaD devices, a heap-based buffer overflow was discovered in Ameba-AIoT ameba-arduino-d before version 3.1.9 and ameba-rtos-d before commit c2bfd8216a1cbc19ad2ab5f48f372ecea756d67a on 2025/07/03. In the WLAN driver defragment function, lack of validation of the size of fragmented Wi-Fi frames may lead to a heap-based buffer overflow.
CVE-2025-44177: A directory traversal vulnerability was discovered in White Star Software Protop version 4.4.2-2024-11-27, specifically in the /pt3upd/ endpoint. An unauthenticated attacker can remotely read arbitrary files on the underlying OS using encoded traversal sequences.
CVE-2014-3931 Looking Glass Multi-Router Looking Glass (MRLG): Multi-Router Looking Glass (MRLG) contains a buffer overflow vulnerability that could allow remote attackers to cause an arbitrary memory write and memory corruption.
CVE-2019-9621 Synacor Zimbra Collaboration Suite (ZCS): Synacor Zimbra Collaboration Suite (ZCS) contains a server-side request forgery (SSRF) vulnerability via the ProxyServlet component.
CVE-2019-5418 Rails Ruby on Rails: Rails Ruby on Rails contains a path traversal vulnerability in Action View. Specially crafted accept headers in combination with calls to `render file:` can cause arbitrary files on the target server to be rendered, disclosing the file contents.
CVE-2016-10033 PHP PHPMailer: PHPMailer contains a command injection vulnerability because it fails to sanitize user-supplied input. Specifically, this issue affects the 'mail()' function of 'class.phpmailer.php' script. An attacker can exploit this issue to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial-of-service condition.
CVE-2025-6554 Google Chromium V8: Google Chromium V8 contains a type confusion vulnerability that could allow a remote attacker to perform arbitrary read/write via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Support options
