Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-02-26 CVE-2025-20117 A vulnerability in the CLI of Cisco APIC could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device.
local
low complexity
CWE-77
5.1
5.1
2025-02-26 CVE-2025-20161 A vulnerability in the software upgrade process of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker with valid Administrator credentials to execute a command injection attack on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of specific elements within a software image.
local
low complexity
CWE-78
5.1
5.1
2025-02-26 CVE-2025-0719 IBM Cloud Pak for Data 4.0.0 through 4.8.5 and 5.0.0 is vulnerable to cross-site scripting.
network
low complexity
CWE-79
6.1
6.1
2025-02-26 CVE-2024-12434 The SureMembers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.10.6 via the REST API.
network
low complexity
CWE-200
5.3
5.3
2025-02-26 CVE-2024-13560 The Subscriptions & Memberships for PayPal plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.6.
network
low complexity
CWE-352
4.3
4.3
2025-02-26 CVE-2024-13803 Cross-site Scripting vulnerability in Wpdeveloper Essential Blocks
The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-marker’ parameter in all versions up to, and including, 5.2.3 due to insufficient input sanitization and output escaping.
network
low complexity
wpdeveloper CWE-79
5.4
5.4
2025-02-26 CVE-2024-39441 Unspecified vulnerability in Google Android 13.0/14.0/15.0
In wifi display, there is a possible missing permission check.
local
low complexity
google
8.4
8.4
2025-02-26 CVE-2024-6810 The Quiz Organizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.9.1 due to insufficient input sanitization and output escaping.
network
high complexity
CWE-79
4.4
4.4
2025-02-26 CVE-2025-0731 An unauthenticated remote attacker can upload a .aspx file instead of a PV system picture through the demo account.
network
low complexity
CWE-434
6.5
6.5
2025-02-26 CVE-2025-1517 Cross-site Scripting vulnerability in Sinaextra Sina Extension for Elementor
The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Fancy Text, Countdown Widget, and Login Form shortcodes in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
sinaextra CWE-79
5.4
5.4