Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-03-05 CVE-2025-20206 A vulnerability in the interprocess communication (IPC) channel of Cisco Secure Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the Secure Firewall Posture Engine, formerly HostScan, is installed on Cisco Secure Client. This vulnerability is due to insufficient validation of resources that are loaded by the application at run time.
local
low complexity
CWE-347
7.1
7.1
2025-03-05 CVE-2025-20208 A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) could allow a low-privileged, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
network
low complexity
CWE-79
4.6
4.6
2025-03-05 CVE-2024-12097 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Boceksoft Informatics E-Travel allows SQL Injection.This issue affects E-Travel: before 15.12.2024.
network
low complexity
CWE-89
critical
 9.8
9.8
2025-03-05 CVE-2024-13147 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Merkur Software B2B Login Panel allows SQL Injection.This issue affects B2B Login Panel: before 15.01.2025.
network
low complexity
CWE-89
critical
 9.8
9.8
2025-03-05 CVE-2024-11216 Authorization Bypass Through User-Controlled Key, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in PozitifIK Pik Online allows Account Footprinting, Session Hijacking.This issue affects Pik Online: through 05.03.2025. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
network
low complexity
CWE-639
7.6
7.6
2025-03-05 CVE-2024-11153 The Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.0 via the WordPress core search feature.
network
low complexity
CWE-200
5.3
5.3
2025-03-05 CVE-2024-11951 The Homey Login Register plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.0.
network
low complexity
CWE-269
critical
 9.8
9.8
2025-03-05 CVE-2024-12281 The Homey theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.2.
network
low complexity
CWE-269
critical
 9.8
9.8
2025-03-05 CVE-2024-12650 An attacker with low privileges can manipulate the requested memory size, causing the application to use an invalid memory area.
network
low complexity
CWE-252
5.4
5.4
2025-03-05 CVE-2024-13423 The Sparkling theme for WordPress is vulnerable to unauthorized plugin activation/deactivation due to a missing capability check on the 'sparkling_activate_plugin' and 'sparkling_deactivate_plugin' functions in versions up to, and including, 2.4.9.
network
low complexity
CWE-862
5.3
5.3