VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-05-14
CVE-2025-2900
IBM Semeru Runtime 8.0.302.0 through 8.0.442.0, 11.0.12.0 through 11.0.26.0, 17.0.0.0 through 17.0.14.0, and 21.0.0.0 through 12.0.6.0 is vulnerable to a denial of service caused by a buffer overflow and subsequent crash, due to a defect in its native AES/CBC encryption implementation.
network
low complexity
CWE-122
7.5
7.5
2025-05-14
CVE-2025-33104
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting.
network
high complexity
CWE-79
4.4
4.4
2025-05-14
CVE-2025-3769
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.92 via the 'view_booking_summary_in_lightbox' due to missing validation on a user controlled key.
network
low complexity
CWE-639
5.3
5.3
2025-05-14
CVE-2025-3931
A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children's "worker" processes through the DBus component.
local
low complexity
CWE-280
7.8
7.8
2025-05-14
CVE-2024-13940
The Ninja Forms Webhooks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.0.7 via the form webhook functionality.
network
low complexity
CWE-918
5.5
5.5
2025-05-14
CVE-2024-8988
The PeepSo Core: File Uploads plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.4.6.0 via the file_download REST API endpoint due to missing validation on a user controlled key.
network
low complexity
CWE-639
5.3
5.3
2025-05-14
CVE-2025-3623
The Uncanny Automator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.4.0.1 via deserialization of untrusted input in the automator_api_decode_message() function.
network
low complexity
CWE-502
8.1
8.1
2025-05-14
CVE-2025-4520
The Uncanny Automator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in versions up to, and including, 6.4.0.2.
network
low complexity
CWE-862
5.4
5.4
2025-05-13
CVE-2025-26646
External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.
network
low complexity
CWE-73
8.0
8.0
2025-05-13
CVE-2025-4574
In crossbeam-channel rust crate, the internal `Channel` type's `Drop` method has a race condition which could, in some circumstances, lead to a double-free that could result in memory corruption.
network
low complexity
CWE-415
6.5
6.5
«
1
(current)
2
3
4
5
...
17036
17037
»
Next