VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-02-26
CVE-2025-1726
There is a SQL injection issue in Esri ArcGIS Monitor versions 2023.0 through 2024.x on Windows and Linux that allows a remote, authenticated attacker with low privileges to improperly read limited database schema information by passing crafted queries.
network
low complexity
CWE-89
4.3
4.3
2025-02-26
CVE-2025-1634
A flaw was found in the quarkus-resteasy extension, which causes memory leaks when client requests with low timeouts are made.
network
low complexity
CWE-401
7.5
7.5
2025-02-26
CVE-2025-20111
A vulnerability in the health monitoring diagnostics of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of specific Ethernet frames.
low complexity
CWE-1220
7.4
7.4
2025-02-26
CVE-2025-20116
A vulnerability in the web UI of Cisco APIC could allow an authenticated, remote attacker to perform a stored XSS attack on an affected system.
network
low complexity
CWE-79
4.8
4.8
2025-02-26
CVE-2025-20117
A vulnerability in the CLI of Cisco APIC could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device.
local
low complexity
CWE-77
5.1
5.1
2025-02-26
CVE-2025-20161
A vulnerability in the software upgrade process of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker with valid Administrator credentials to execute a command injection attack on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of specific elements within a software image.
local
low complexity
CWE-78
5.1
5.1
2025-02-26
CVE-2025-0719
IBM Cloud Pak for Data 4.0.0 through 4.8.5 and 5.0.0 is vulnerable to cross-site scripting.
network
low complexity
CWE-79
6.1
6.1
2025-02-26
CVE-2024-12434
The SureMembers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.10.6 via the REST API.
network
low complexity
CWE-200
5.3
5.3
2025-02-26
CVE-2024-13560
The Subscriptions & Memberships for PayPal plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.6.
network
low complexity
CWE-352
4.3
4.3
2025-02-26
CVE-2024-13803
The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-marker’ parameter in all versions up to, and including, 5.2.3 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
«
1
(current)
2
3
4
5
...
16417
16418
»
Next