Vulnerabilities > High

DATE	CVE	VULNERABILITY TITLE	RISK
2025-03-19	CVE-2024-42176	Unspecified vulnerability in Hcltech Dryice Myxalytics 6.3/6.4 HCL MyXalytics is affected by concurrent login vulnerability. network low complexity hcltech	8.0
2025-03-19	CVE-2024-12920	The FoodBakery \| Delivery Restaurant Directory WordPress Theme theme for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the foodbakery_var_backup_file_delete, foodbakery_widget_file_delete, theme_option_save, export_widget_settings, ajax_import_widget_data, foodbakery_var_settings_backup_generate, foodbakery_var_backup_file_restore, and theme_option_rest_all functions in all versions up to, and including, 4.7. network low complexity CWE-862	8.8
2025-03-19	CVE-2024-13933	The FoodBakery \| Delivery Restaurant Directory WordPress Theme theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.7. network low complexity CWE-352	8.8
2025-03-19	CVE-2024-12136	Missing Critical Step in Authentication vulnerability in Elfatek Anka Jpd00028 Firmware Missing Critical Step in Authentication vulnerability in Elfatek Elektronics ANKA JPD-00028 allows Authentication Bypass.This issue affects ANKA JPD-00028: through 19.03.2025. NOTE: The vendor did not inform about the completion of the fixing process within the specified time. local low complexity elfatek CWE-304	7.8
2025-03-19	CVE-2024-12137	Authentication Bypass by Capture-replay vulnerability in Elfatek Elektronics ANKA JPD-00028 allows Session Hijacking.This issue affects ANKA JPD-00028: through 19.03.2025. NOTE: The vendor did not inform about the completion of the fixing process within the specified time. low complexity CWE-294	7.6
2025-03-19	CVE-2024-13412	The CozyStay theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handler function in all versions up to, and including, 1.7.0. network low complexity CWE-862	7.5
2025-03-19	CVE-2024-12295	The BoomBox Theme Extensions plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.8.0. network low complexity CWE-640	8.8
2025-03-18	CVE-2024-12563	The s2Member Pro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 250214 via the 'template' attribute. network low complexity CWE-98	8.8
2025-03-18	CVE-2024-23942	A local user may find a configuration file on the client workstation with unencrypted sensitive data. local low complexity CWE-311	7.1
2025-03-18	CVE-2025-1468	An unauthenticated remote attacker can gain access to sensitive information including authentication information when using CODESYS OPC UA Server with the non-default Basic128Rsa15 security policy. network low complexity CWE-203	7.5

Vulnerabilities > High {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"High"}]}

Vulnerabilities > High