VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2024-10-17
CVE-2024-45713
SolarWinds Kiwi CatTools is susceptible to a sensitive data disclosure vulnerability when a non-default setting has been enabled for troubleshooting purposes.
local
high complexity
CWE-209
5.1
5.1
2024-10-17
CVE-2024-9898
The Parallax Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's dd-parallax shortcode in all versions up to, and including, 1.8 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
6.4
6.4
2024-10-17
CVE-2024-49386
Privacy Violation vulnerability in Acronis Cyber Files
Sensitive information disclosure due to spell-jacking.
low complexity
acronis
CWE-359
5.7
5.7
2024-10-17
CVE-2024-49389
Incorrect Default Permissions vulnerability in Acronis Cyber Files
Local privilege escalation due to insecure folder permissions.
local
low complexity
acronis
CWE-276
7.8
7.8
2024-10-17
CVE-2024-49390
Uncontrolled Search Path Element vulnerability in Acronis Cyber Files
Local privilege escalation due to DLL hijacking vulnerability.
local
low complexity
acronis
CWE-427
7.3
7.3
2024-10-17
CVE-2024-49391
Uncontrolled Search Path Element vulnerability in Acronis Cyber Files
Local privilege escalation due to DLL hijacking vulnerability.
local
low complexity
acronis
CWE-427
7.3
7.3
2024-10-17
CVE-2024-49392
Cross-site Scripting vulnerability in Acronis Cyber Files
Stored cross-site scripting (XSS) vulnerability on enrollment invitation page.
network
low complexity
acronis
CWE-79
4.8
4.8
2024-10-17
CVE-2024-8920
The Fonto – Custom Web Fonts Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2024-10-17
CVE-2024-9184
The SendPulse Free Web Push plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.6 due to incorrect use of the wp_kses_allowed_html function.
network
low complexity
CWE-79
7.2
7.2
2024-10-17
CVE-2024-9951
The WP Photo Album Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wppa-tab' parameter in all versions up to, and including, 8.8.05.003 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
«
Previous
1
2
...
512
513
514
(current)
515
516
...
16059
16060
»
Next