VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-04-22
CVE-2025-31327
SAP Field Logistics Manage Logistics application OData meta-data property is vulnerable to data tampering, due to which certain fields could be externally modified by an attacker causing low impact on integrity of the application.
network
low complexity
CWE-472
4.3
4.3
2025-04-22
CVE-2025-31328
SAP Learning Solution is vulnerable to Cross-Site Request Forgery (CSRF), allowing an attacker to trick authenticated user into sending unintended requests to the server.
network
low complexity
CWE-352
4.6
4.6
2025-04-22
CVE-2025-27907
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery (SSRF).
network
low complexity
CWE-918
4.1
4.1
2025-04-22
CVE-2025-1950
IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands locally due to improper validation of libraries of an untrusted source.
local
low complexity
CWE-114
critical
9.3
9.3
2025-04-22
CVE-2025-1951
IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands as a privileged user due to execution of commands with unnecessary privileges.
local
low complexity
CWE-250
8.4
8.4
2025-04-22
CVE-2024-11299
The Memberpress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.11.37 via the WordPress core search feature.
network
low complexity
CWE-200
5.3
5.3
2025-04-22
CVE-2025-3457
The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'oceanwp_icon' shortcode in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-04-22
CVE-2025-3458
The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ocean_gallery_id’ parameter in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-04-22
CVE-2025-3472
The Ocean Extra plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.4.6.
network
low complexity
CWE-94
6.5
6.5
2025-04-22
CVE-2025-2839
The WP Import Export Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpiePreviewData’ function in all versions up to, and including, 3.9.27 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
«
1
(current)
2
3
4
5
...
16873
16874
»
Next