VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2024-10-16
CVE-2024-9105
The UltimateAI plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.8.3.
network
low complexity
CWE-288
critical
9.8
9.8
2024-10-16
CVE-2024-9305
The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.4.
network
high complexity
CWE-640
8.1
8.1
2024-10-16
CVE-2024-9521
The SEO Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post meta in versions up to, and including, 1.9 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2024-10-16
CVE-2024-9634
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.3 via deserialization of untrusted input from the give_company_name parameter.
network
low complexity
CWE-502
critical
9.8
9.8
2024-10-16
CVE-2024-9647
The Kama SpamBlock plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_POST values in all versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2024-10-16
CVE-2024-9649
The WP ULike – The Ultimate Engagement Toolkit for Websites plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.7.4.
network
low complexity
CWE-352
4.3
4.3
2024-10-16
CVE-2024-9652
The Locatoraid Store Locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_POST keys in all versions up to, and including, 3.9.47 due to insufficient input sanitization and output escaping.
network
low complexity
6.1
6.1
2024-10-16
CVE-2024-9891
The Multiline files upload for contact form 7 plugin for WordPress is vulnerable to unauthorized plugin deactivation due to a missing capability check on the mfcf7_zl_custom_handle_deactivation_plugin_form_submission() function in all versions up to, and including, 2.8.1.
network
low complexity
CWE-862
4.3
4.3
2024-10-16
CVE-2024-49340
Cross-Site Request Forgery (CSRF) vulnerability in IBM Watson Studio Local 1.2.3
IBM Watson Studio Local 1.2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm
CWE-352
8.8
8.8
2024-10-15
CVE-2024-38139
Unspecified vulnerability in Microsoft Dataverse
Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.
network
low complexity
microsoft
8.8
8.8
«
Previous
1
2
...
527
528
529
(current)
530
531
...
16062
16063
»
Next