VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2024-11-29
CVE-2024-49803
IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
network
low complexity
CWE-78
critical
9.8
9.8
2024-11-29
CVE-2024-49804
IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a locally authenticated non-administrative user to escalate their privileges due to unnecessary permissions used to perform certain tasks.
local
low complexity
CWE-250
7.8
7.8
2024-11-29
CVE-2024-49805
IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
network
low complexity
CWE-798
critical
9.4
9.4
2024-11-29
CVE-2024-49806
IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
network
low complexity
CWE-798
critical
9.4
9.4
2024-11-28
CVE-2024-7747
The Wallet for WooCommerce plugin for WordPress is vulnerable to incorrect conversion between numeric types in all versions up to, and including, 1.5.6.
network
low complexity
CWE-681
6.5
6.5
2024-11-28
CVE-2024-10670
The Primary Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.6.2 via the [prim_elementor_template] shortcode due to insufficient restrictions on which posts can be included.
network
low complexity
CWE-639
4.3
4.3
2024-11-28
CVE-2024-10780
The Restaurant & Cafe Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.5.9 via the 'narestaurant_elementor_template' shortcode due to insufficient restrictions on which posts can be included.
network
low complexity
CWE-639
4.3
4.3
2024-11-28
CVE-2024-10798
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.1003 via the 'wpr-template' shortcode due to insufficient restrictions on which posts can be included.
network
low complexity
CWE-639
4.3
4.3
2024-11-28
CVE-2024-11103
The Contest Gallery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 24.0.7.
network
low complexity
CWE-640
critical
9.8
9.8
2024-11-28
CVE-2024-11203
The EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘provider_name parameter in all versions up to, and including, 4.1.3 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
«
1
(current)
2
3
4
5
...
15626
15627
»
Next