CVE & Exploit Intelligence Database

Updated 3h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

337,847 CVEs tracked 53,242 with exploits 4,725 exploited in wild 1,540 CISA KEV 3,918 Nuclei templates 37,802 vendors 42,493 researchers

256 results Clear all

CVE-2025-59003 5.8 MEDIUM EPSS 0.00

Inkthemescom Black Rider <1.2.3 - Info Disclosure

Insertion of Sensitive Information Into Sent Data vulnerability in Inkthemescom Black Rider allows Retrieve Embedded Sensitive Data.This issue affects Black Rider: from n/a through 1.2.3.

CWE-201 Dec 31, 2025

CVE-2025-68989 7.5 HIGH EPSS 0.00

Contact Form 7 Extension For Mailchimp <0.9.49 - Info Disclosure

Insertion of Sensitive Information Into Sent Data vulnerability in Renzo Johnson Contact Form 7 Extension For Mailchimp contact-form-7-mailchimp-extension allows Retrieve Embedded Sensitive Data.This issue affects Contact Form 7 Extension For Mailchimp: from n/a through <= 0.9.49.

CWE-201 Dec 30, 2025

CVE-2025-68040 6.5 MEDIUM EPSS 0.00

weDevs WP Project Manager <3.0.1 - Info Disclosure

Insertion of Sensitive Information Into Sent Data vulnerability in weDevs WP Project Manager wedevs-project-manager allows Retrieve Embedded Sensitive Data.This issue affects WP Project Manager: from n/a through 3.0.1.

CWE-201 Dec 30, 2025

CVE-2025-68516 7.5 HIGH EPSS 0.00

Essekia Tablesome <1.1.36 - Info Disclosure

Insertion of Sensitive Information Into Sent Data vulnerability in Essekia Tablesome tablesome allows Retrieve Embedded Sensitive Data.This issue affects Tablesome: from n/a through <= 1.1.35.1.

CWE-201 Dec 24, 2025

CVE-2025-62998 5.0 MEDIUM EPSS 0.00

WP Messiah WP AI CoPilot <1.2.7 - Info Disclosure

Insertion of Sensitive Information Into Sent Data vulnerability in WP Messiah WP AI CoPilot allows Retrieve Embedded Sensitive Data.This issue affects WP AI CoPilot: from n/a through 1.2.7.

CWE-201 Dec 18, 2025

CVE-2025-14823 5.3 MEDIUM EPSS 0.00

ScreenConnect - Info Disclosure

In deployments using the ScreenConnect™ Certificate Signing Extension, encrypted configuration values including an Azure Key Vault-related key, could be returned to unauthenticated users through a client-facing endpoint under certain conditions. The values remained encrypted and securely stored at rest; however, an encrypted representation could be exposed in client responses. Updating the Certificate Signing Extension to version 1.0.12 or higher ensures configuration handling occurs exclusively on the server side, preventing encrypted values from being transmitted to or rendered by client-side components.

CWE-201 Dec 18, 2025

CVE-2025-66116 7.5 HIGH EPSS 0.00

UserElements Ultimate Member Widgets for Elementor <2.4 - Info Disc...

Insertion of Sensitive Information Into Sent Data vulnerability in UserElements Ultimate Member Widgets for Elementor ultimate-member-widgets-for-elementor allows Retrieve Embedded Sensitive Data.This issue affects Ultimate Member Widgets for Elementor: from n/a through <= 2.3.

CWE-201 Dec 18, 2025

CVE-2025-64295 6.5 MEDIUM EPSS 0.00

All In One SEO Pack <4.8.6.1 - Info Disclosure

Insertion of Sensitive Information Into Sent Data vulnerability in Syed Balkhi All In One SEO Pack all-in-one-seo-pack allows Retrieve Embedded Sensitive Data.This issue affects All In One SEO Pack: from n/a through <= 4.8.6.1.

CWE-201 Dec 18, 2025

CVE-2025-64218 7.5 HIGH EPSS 0.00

WP Chill Passster <4.2.19 - Info Disclosure

Insertion of Sensitive Information Into Sent Data vulnerability in WP Chill Passster content-protector allows Retrieve Embedded Sensitive Data.This issue affects Passster: from n/a through <= 4.2.19.

CWE-201 Dec 18, 2025

CVE-2025-64213 7.5 HIGH EPSS 0.00

StylemixThemes MasterStudy LMS Pro - Info Disclosure

Insertion of Sensitive Information Into Sent Data vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Retrieve Embedded Sensitive Data.This issue affects MasterStudy LMS Pro: from n/a through < 4.7.16.

CWE-201 Dec 18, 2025

CVE-2025-49919 5.8 MEDIUM EPSS 0.00

WPCenter eRoom <1.5.6 - Info Disclosure

Insertion of Sensitive Information Into Sent Data vulnerability in WPCenter eRoom eroom-zoom-meetings-webinar allows Retrieve Embedded Sensitive Data.This issue affects eRoom: from n/a through <= 1.5.6.

CWE-201 Dec 18, 2025

CVE-2025-49918 5.9 MEDIUM EPSS 0.00

VikBooking Hotel Booking Engine & PMS <1.8.3 - Info Disclosure

Insertion of Sensitive Information Into Sent Data vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows Retrieve Embedded Sensitive Data.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through <= 1.8.2.

CWE-201 Dec 18, 2025

CVE-2025-66126 5.3 MEDIUM EPSS 0.00

wowpress.host Fix Media Library <2.0.0 - Info Disclosure

Insertion of Sensitive Information Into Sent Data vulnerability in wowpress.host Fix Media Library wow-media-library-fix allows Retrieve Embedded Sensitive Data.This issue affects Fix Media Library: from n/a through <= 2.0.

CWE-201 Dec 16, 2025

CVE-2025-66125 5.3 MEDIUM EPSS 0.00

Nitesh Ultimate Auction <4.3.2 - Info Disclosure

Insertion of Sensitive Information Into Sent Data vulnerability in Nitesh Ultimate Auction ultimate-auction allows Retrieve Embedded Sensitive Data.This issue affects Ultimate Auction : from n/a through <= 4.3.2.

CWE-201 Dec 16, 2025

CVE-2025-49300 2.7 LOW EPSS 0.00

shinetheme Traveler Option Tree <2.9 - Info Disclosure

Insertion of Sensitive Information Into Sent Data vulnerability in shinetheme Traveler Option Tree custom-option-tree allows Retrieve Embedded Sensitive Data.This issue affects Traveler Option Tree: from n/a through <= 2.8.

CWE-201 Dec 16, 2025

CVE-2025-66388 6.5 MEDIUM EPSS 0.00

Apache Airflow <3.1.4 - Info Disclosure

A vulnerability in Apache Airflow allowed authenticated UI users to view secret values in rendered templates due to secrets not being properly redacted, potentially exposing secrets to users without the appropriate authorization. Users are recommended to upgrade to version 3.1.4, which fixes this issue.

CWE-201 Dec 15, 2025

CVE-2025-67721 1 Writeup EPSS 0.00

Aircompressor <3.3 - Info Disclosure

Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. In versions 3.3 and below, incorrect handling of malformed data in Java-based decompressor implementations for Snappy and LZ4 allow remote attackers to read previous buffer contents via crafted compressed input. With certain crafted compressed inputs, elements from the output buffer can end up in the uncompressed output, potentially leaking sensitive data. This is relevant for applications that reuse the same output buffer to uncompress multiple inputs. This can be the case of a web server that allocates a fix-sized buffer for performance purposes. There is similar vulnerability in GHSA-cmp6-m4wj-q63q. This issue is fixed in version 3.4.

CWE-201 Dec 12, 2025

CVE-2025-63071 5.3 MEDIUM EPSS 0.00

auxin-elements <2.17.12 - Info Disclosure

Insertion of Sensitive Information Into Sent Data vulnerability in averta Shortcodes and extra features for Phlox theme auxin-elements allows Retrieve Embedded Sensitive Data.This issue affects Shortcodes and extra features for Phlox theme: from n/a through <= 2.17.12.

CWE-201 Dec 09, 2025

CVE-2025-63007 4.3 MEDIUM EPSS 0.00

Metagauss EventPrime <4.2.4.1 - Info Disclosure

Insertion of Sensitive Information Into Sent Data vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Retrieve Embedded Sensitive Data.This issue affects EventPrime: from n/a through <= 4.2.4.1.

CWE-201 Dec 09, 2025

CVE-2025-62997 5.3 MEDIUM EPSS 0.00

WP EasyCart <5.8.11 - Info Disclosure

Insertion of Sensitive Information Into Sent Data vulnerability in levelfourdevelopment WP EasyCart wp-easycart allows Retrieve Embedded Sensitive Data.This issue affects WP EasyCart: from n/a through <= 5.8.11.

CWE-201 Dec 09, 2025