VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-03-11
CVE-2025-26706
Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.07.
network
low complexity
5.3
5.3
2025-03-11
CVE-2025-2173
A vulnerability was found in libzvbi up to 0.2.43.
network
low complexity
CWE-908
5.3
5.3
2025-03-11
CVE-2025-2174
A vulnerability was found in libzvbi up to 0.2.43.
network
low complexity
CWE-190
5.3
5.3
2025-03-11
CVE-2025-2175
A vulnerability was found in libzvbi up to 0.2.43.
network
low complexity
CWE-190
4.3
4.3
2025-03-11
CVE-2024-13413
The ProductDyno plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘res’ parameter in all versions up to, and including, 1.0.24 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2025-03-11
CVE-2024-13436
The Appsero Helper plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.2.
network
low complexity
CWE-352
6.1
6.1
2025-03-11
CVE-2025-1661
Path Traversal vulnerability in Pluginus Husky - products Filter Professional for Woocommerce
The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.6.5 via the 'template' parameter of the woof_text_search AJAX action.
network
low complexity
pluginus
CWE-22
critical
9.8
9.8
2025-03-11
CVE-2025-2169
The The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.0.4.
network
low complexity
CWE-94
7.3
7.3
2025-03-11
CVE-2024-11253
A post-authentication command injection vulnerability in the "DNSServer” parameter of the diagnostic function in the Zyxel VMG8825-T50K firmware version V5.50(ABOM.8.5)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device.
network
low complexity
CWE-78
7.2
7.2
2025-03-11
CVE-2024-12009
A post-authentication command injection vulnerability in the "ZyEE" function of the Zyxel EX5601-T1 firmware version V5.70(ACDZ.3.6)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device.
network
low complexity
CWE-78
7.2
7.2
«
Previous
1
2
...
395
396
397
(current)
398
399
...
17181
17182
»
Next