VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2024-10-24
CVE-2024-6826
Allocation of Resources Without Limits or Throttling vulnerability in Gitlab
An issue has been discovered in GitLab CE/EE affecting all versions from 11.2 before 17.3.6, 17.4 before 17.4.3, and 17.5 before 17.5.1.
network
low complexity
gitlab
CWE-770
6.5
6.5
2024-10-24
CVE-2024-8312
Cross-site Scripting vulnerability in Gitlab
An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 17.3.6, 17.4 before 17.4.3, and 17.5 before 17.5.1.
network
low complexity
gitlab
CWE-79
5.4
5.4
2024-10-24
CVE-2024-10050
The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 1.6.43 via the hfe_template shortcode.
network
low complexity
CWE-200
4.3
4.3
2024-10-24
CVE-2024-8717
The PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer – DearFlip plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'pdf_source' parameter in all versions up to, and including, 2.3.32 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2024-10-24
CVE-2024-8667
The HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized post publication due to a missing capability check on the activateCampaign() function in all versions up to, and including, 2.10.0.
network
low complexity
CWE-862
4.3
4.3
2024-10-24
CVE-2024-9531
The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mvx_sent_deactivation_request' function in all versions up to, and including, 4.2.4.
network
low complexity
CWE-285
4.3
4.3
2024-10-24
CVE-2024-9943
The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.4.
network
low complexity
CWE-352
6.3
6.3
2024-10-24
CVE-2024-9864
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ticket names in all versions up to, and including, 4.0.4.7 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2024-10-24
CVE-2024-9374
The Terms descriptions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.4.6.
network
low complexity
6.1
6.1
2024-10-23
CVE-2023-50355
Information Exposure Through an Error Message vulnerability in Hcltech Sametime 11.6/12.0/12.0.2
HCL Sametime is impacted by the error messages containing sensitive information.
network
low complexity
hcltech
CWE-209
5.3
5.3
«
Previous
1
2
...
341
342
343
(current)
344
345
...
15850
15851
»
Next