VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2024-11-22
CVE-2024-41779
IBM Engineering Systems Design Rhapsody - Model Manager 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition.
network
low complexity
CWE-367
critical
9.8
9.8
2024-11-22
CVE-2024-41781
IBM PowerVM Platform KeyStore (IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1030.00 through FW1030.60, FW1050.00 through FW1050.20, and FW1060.00 through FW1060.10 functionality can be compromised if an attacker gains service access to the HMC.
high complexity
CWE-497
5.1
5.1
2024-11-22
CVE-2024-7837
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Firmanet Software ERP allows SQL Injection.This issue affects ERP: through 22.11.2024. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
network
low complexity
CWE-89
8.2
8.2
2024-11-22
CVE-2024-7882
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Special Minds Design and Software e-Commerce allows SQL Injection.This issue affects e-Commerce: through 22.11.2024. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
network
low complexity
CWE-89
6.5
6.5
2024-11-22
CVE-2024-10034
The Gallery Blocks with Lightbox.
network
low complexity
CWE-79
5.5
5.5
2024-11-22
CVE-2024-10666
The Easy Twitter Feed – Twitter feeds plugin for WP plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.6 via the [etf] shortcode.
network
low complexity
CWE-639
4.3
4.3
2024-11-22
CVE-2024-11104
The Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs) plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the save_options() function in all versions up to, and including, 2.6.2.
network
low complexity
CWE-862
8.1
8.1
2024-11-22
CVE-2024-11225
The Premium Packages – Sell Digital Products Securely plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.9.3.
network
low complexity
CWE-79
6.1
6.1
2024-11-22
CVE-2024-11355
The Ultimate YouTube Video & Shorts Player With Vimeo plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_setting() function in all versions up to, and including, 3.3.
network
low complexity
CWE-862
4.3
4.3
2024-11-22
CVE-2024-11381
The Control horas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ch_registro' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
«
1
(current)
2
3
4
5
...
16513
16514
»
Next