VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-04-05
CVE-2025-1233
The Lafka Plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'lafka_options_upload' AJAX function in all versions up to, and including, 7.1.0.
network
low complexity
CWE-862
4.3
4.3
2025-04-05
CVE-2025-2789
The MultiVendorX – Empower Your WooCommerce Store with a Dynamic Multivendor Marketplace – Build the Next Amazon, eBay, Etsy plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_table_rate_shipping_row function in all versions up to, and including, 4.2.19.
network
low complexity
CWE-862
5.3
5.3
2025-04-05
CVE-2024-13604
The KB Support – Customer Support Ticket & Helpdesk Plugin, Knowledge Base Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.4 via the 'kbs' directory.
network
low complexity
CWE-200
7.5
7.5
2025-04-05
CVE-2025-0810
The Read More & Accordion plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.5.
network
high complexity
CWE-352
7.5
7.5
2025-04-05
CVE-2025-2544
The AI Content Pipelines plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-04-05
CVE-2025-2933
The Email Notifications for Updates plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the awun_import_settings() function in all versions up to, and including, 1.1.6.
network
low complexity
CWE-862
8.8
8.8
2025-04-05
CVE-2025-1500
IBM Maximo Application Suite 9.0 could allow an authenticated user to upload a file with dangerous types that could be executed by another user if opened.
network
low complexity
CWE-434
5.5
5.5
2025-04-05
CVE-2025-2889
The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Link Additional Parameters in all versions up to, and including, 7.7.3 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-04-04
CVE-2025-3265
Injection vulnerability in PHPgurukul E-Diary Management System 1.0
A vulnerability classified as critical was found in PHPGurukul e-Diary Management System 1.0.
network
low complexity
phpgurukul
CWE-74
critical
9.8
9.8
2025-04-04
CVE-2025-3266
Stack-based Buffer Overflow vulnerability in Qinguoyi Tinywebserver 1.0
A vulnerability, which was classified as critical, has been found in qinguoyi TinyWebServer up to 1.0.
network
low complexity
qinguoyi
CWE-121
critical
9.8
9.8
«
Previous
1
2
...
34
35
36
(current)
37
38
...
16825
16826
»
Next