VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-04-22
CVE-2025-3472
The Ocean Extra plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.4.6.
network
low complexity
CWE-94
6.5
6.5
2025-04-22
CVE-2025-2839
The WP Import Export Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpiePreviewData’ function in all versions up to, and including, 3.9.27 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-04-22
CVE-2025-3814
The Tax Switch for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class-name’ parameter in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-04-22
CVE-2025-3616
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the gspb_make_proxy_api_request() function in versions 11.4 to 11.4.5.
network
low complexity
CWE-434
8.8
8.8
2025-04-22
CVE-2025-1731
An incorrect permission assignment vulnerability in the PostgreSQL commands of the USG FLEX H series uOS firmware versions from V1.20 through V1.31 could allow an authenticated local attacker with low privileges to gain access to the Linux shell and escalate their privileges by crafting malicious scripts or modifying system configurations with administrator-level access through a stolen token.
local
low complexity
CWE-732
7.8
7.8
2025-04-22
CVE-2025-1732
An improper privilege management vulnerability in the recovery function of the USG FLEX H series uOS firmware version V1.31 and earlier could allow an authenticated local attacker with administrator privileges to upload a crafted configuration file and escalate privileges on a vulnerable device.
local
low complexity
CWE-269
6.7
6.7
2025-04-22
CVE-2025-3850
A vulnerability, which was classified as problematic, has been found in YXJ2018 SpringBoot-Vue-OnlineExam 1.0.
network
high complexity
CWE-287
3.7
3.7
2025-04-22
CVE-2025-3854
A vulnerability, which was classified as critical, was found in H3C GR-3000AX up to V100R006.
low complexity
CWE-120
8.0
8.0
2025-04-22
CVE-2025-3855
A vulnerability was found in CodeCanyon RISE Ultimate Project Manager 3.8.2 and classified as problematic.
network
low complexity
CWE-99
4.3
4.3
2025-04-22
CVE-2025-3856
A vulnerability was found in xxyopen Novel-Plus 5.1.0.
network
low complexity
CWE-74
6.3
6.3
«
Previous
1
2
3
(current)
4
5
...
16881
16882
»
Next