Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2025-01-25 CVE-2024-12600 The Custom Product Tabs Lite for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.0 via deserialization of untrusted input from the 'frs_woo_product_tabs' parameter.
network
low complexity
CWE-502
7.2
7.2
2025-01-25 CVE-2025-0682 The ThemeREX Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.0 via the 'trx_sc_reviews' shortcode 'type' attribute.
network
low complexity
CWE-98
8.8
8.8
2025-01-25 CVE-2025-0411 Unspecified vulnerability in 7-Zip
7-Zip Mark-of-the-Web Bypass Vulnerability.
local
high complexity
7-zip
7.0
7.0
2025-01-24 CVE-2025-0707 A vulnerability was found in Rise Group Rise Mode Temp CPU 2.1.
local
low complexity
CWE-426
7.8
7.8
2025-01-24 CVE-2025-24591 Missing Authorization vulnerability in Ninjateam Gdpr Ccpa Compliance & Cookie Consent Banner
Missing Authorization vulnerability in NinjaTeam GDPR CCPA Compliance Support allows Exploiting Incorrectly Configured Access Control Security Levels.
network
low complexity
ninjateam CWE-862
8.8
8.8
2025-01-24 CVE-2025-24618 Missing Authorization vulnerability in Elementinvader Addons for Elementor
Missing Authorization vulnerability in ElementInvader ElementInvader Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.
network
low complexity
elementinvader CWE-862
8.8
8.8
2025-01-24 CVE-2025-24753 Missing Authorization vulnerability in Kadencewp Gutenberg Blocks With AI
Missing Authorization vulnerability in Kadence WP Gutenberg Blocks by Kadence Blocks allows Exploiting Incorrectly Configured Access Control Security Levels.
network
low complexity
kadencewp CWE-862
8.8
8.8
2025-01-24 CVE-2024-25034 Unrestricted Upload of File with Dangerous Type vulnerability in IBM Planning Analytics 2.0/2.1
IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the type of file in the File Manager T1 process.
network
low complexity
ibm CWE-434
8.8
8.8
2025-01-24 CVE-2024-40693 Unrestricted Upload of File with Dangerous Type vulnerability in IBM Planning Analytics 2.0/2.1
IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface.
network
low complexity
ibm CWE-434
8.0
8.0
2025-01-24 CVE-2024-41739 IBM Cognos Dashboards 4.0.7 and 5.0.0 on Cloud Pak for Data could allow a remote attacker to perform unauthorized actions due to dependency confusion.
network
low complexity
CWE-427
8.8
8.8