VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2024-12-21
CVE-2024-12635
The WP Docs plugin for WordPress is vulnerable to time-based SQL Injection via the 'dir_id' parameter in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
6.5
6.5
2024-12-21
CVE-2024-12697
The real.Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.1 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2024-12-21
CVE-2024-12721
The Custom Product Tabs For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.4 via deserialization of untrusted input from the 'wb_custom_tabs' parameter.
network
low complexity
CWE-502
7.2
7.2
2024-12-21
CVE-2024-12771
The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.43.
network
low complexity
CWE-352
8.8
8.8
2024-12-21
CVE-2024-11977
The The kk Star Ratings – Rate Post & Collect User Feedbacks plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.4.10.
network
low complexity
CWE-94
7.3
7.3
2024-12-21
CVE-2024-11349
The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.6.
network
low complexity
CWE-288
critical
9.8
9.8
2024-12-20
CVE-2024-11811
The Feedify – Web Push Notifications plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'platform', 'phone', 'email', and 'store_url' parameters.
network
low complexity
CWE-79
6.1
6.1
2024-12-20
CVE-2024-12840
A server-side request forgery exists in Satellite.
network
high complexity
CWE-918
5.0
5.0
2024-12-20
CVE-2024-28767
IBM Security Directory Integrator 7.2.0 through 7.2.0.13 and 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
low complexity
CWE-78
6.8
6.8
2024-12-20
CVE-2024-40695
IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface.
network
low complexity
CWE-434
8.0
8.0
«
Previous
1
2
3
(current)
4
5
...
15842
15843
»
Next