Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-04-11 CVE-2024-11679 An input validation weakness was reported in the TpmSetup module for some legacy System x server products that could allow a local attacker with elevated privileges to read the contents of memory.
local
low complexity
 4.4
4.4
2025-04-11 CVE-2025-3421 The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'form_id' parameter in all versions up to, and including, 3.1.1 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2025-04-11 CVE-2025-3422 The The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.1.1.
network
low complexity
CWE-94
5.4
5.4
2025-04-11 CVE-2025-3439 The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.1 via deserialization of untrusted input from the 'field_value' parameter.
network
low complexity
CWE-502
critical
 9.8
9.8
2025-04-11 CVE-2025-2541 The WP Project Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.22 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-04-11 CVE-2025-2575 The Z Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-04-11 CVE-2025-2128 The Cost Calculator Builder plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order_ids’ parameter in all versions up to, and including, 3.2.67 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
6.5
6.5
2025-04-11 CVE-2025-3434 The SMTP for Amazon SES – YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Email Logs in all versions up to, and including, 1.8 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
7.2
7.2
2025-04-11 CVE-2025-2636 The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.1.0.85 via the 'instawp-database-manager' parameter.
network
low complexity
CWE-22
critical
 9.8
9.8
2025-04-11 CVE-2024-51461 IBM QRadar WinCollect Agent 10.0 through 10.1.13 could allow a remote attacker to cause a denial of service by interrupting an HTTP request that could consume memory resources.
network
low complexity
CWE-770
4.3
4.3