Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2025-04-08 CVE-2025-1095 IBM Personal Communications v14 and v15 include a Windows service that is vulnerable to local privilege escalation (LPE).
local
low complexity
CWE-119
8.8
8.8
2025-04-08 CVE-2025-2807 The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary plugin installations due to a missing capability check in the mvl_setup_wizard_install_plugin() function in all versions up to, and including, 1.4.64.
network
low complexity
CWE-862
8.8
8.8
2025-04-08 CVE-2024-41791 A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions).
network
low complexity
CWE-306
7.3
7.3
2025-04-08 CVE-2024-41792 A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions).
network
low complexity
CWE-22
8.6
8.6
2025-04-08 CVE-2024-41793 A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions).
network
low complexity
CWE-306
8.6
8.6
2025-04-08 CVE-2025-3064 The WPFront User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.1.
network
low complexity
CWE-352
8.8
8.8
2025-04-08 CVE-2025-23186 In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call (RFC) request to restricted destinations, which can be used to expose credentials for a remote service.
network
high complexity
CWE-94
8.5
8.5
2025-04-08 CVE-2025-27428 Due to directory traversal vulnerability, an authorized attacker could gain access to some critical information by using RFC enabled function module.
network
low complexity
CWE-862
7.7
7.7
2025-04-08 CVE-2025-30014 SAP Capital Yield Tax Management has directory traversal vulnerability due to insufficient path validation.
network
low complexity
CWE-35
7.7
7.7
2025-04-08 CVE-2025-3431 The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 6.91 via the 'dzsap_download' action.
network
low complexity
CWE-73
7.5
7.5