VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> High
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-03-07
CVE-2025-2097
A vulnerability, which was classified as critical, has been found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316.
network
low complexity
CWE-121
8.8
8.8
2025-03-07
CVE-2025-0162
IBM Aspera Shares 1.9.9 through 1.10.0 PL7 is vulnerable to an XML external entity injection (XXE) attack when processing XML data.
network
low complexity
CWE-611
7.1
7.1
2025-03-07
CVE-2025-2088
A vulnerability, which was classified as critical, was found in PHPGurukul Pre-School Enrollment System up to 1.0.
network
low complexity
CWE-74
7.3
7.3
2025-03-07
CVE-2024-10804
The Ultimate Video Player WordPress & WooCommerce Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 10.0 via the content/downloader.php file.
network
low complexity
CWE-22
7.5
7.5
2025-03-07
CVE-2024-12035
The CS Framework plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the cs_widget_file_delete() function in all versions up to, and including, 6.9.
network
low complexity
CWE-22
8.8
8.8
2025-03-07
CVE-2024-12036
The CS Framework plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 6.9 via the get_widget_settings_json() function.
network
low complexity
CWE-73
7.5
7.5
2025-03-07
CVE-2024-9658
The School Management System for Wordpress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 93.0.0.
network
low complexity
CWE-288
8.8
8.8
2025-03-07
CVE-2025-0959
The Eventer - WordPress Event & Booking Manager Plugin plugin for WordPress is vulnerable to SQL Injection via the reg_id parameter in all versions up to, and including, 3.9.9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-564
8.8
8.8
2025-03-07
CVE-2024-13906
The Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.7.3 via deserialization of untrusted input in the 'import_gallery_from_csv' function.
network
low complexity
CWE-502
7.2
7.2
2025-03-07
CVE-2025-1309
The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the uip_save_form_as_option() function in all versions up to, and including, 3.5.04.
network
low complexity
CWE-862
8.8
8.8
«
1
(current)
2
3
4
5
...
6691
6692
»
Next