Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2025-01-17 CVE-2024-13377 The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘alt’ parameter in all versions up to, and including, 2.9.1.3 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
7.2
7.2
2025-01-17 CVE-2024-13333 The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fma_local_file_system' function in versions 5.2.12 to 5.2.13.
network
high complexity
CWE-434
7.5
7.5
2025-01-17 CVE-2024-52363 Path Traversal vulnerability in IBM Infosphere Information Server 11.7
IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
7.5
7.5
2025-01-17 CVE-2025-21325 Unspecified vulnerability in Microsoft products
Windows Secure Kernel Mode Elevation of Privilege Vulnerability
local
low complexity
microsoft
7.8
7.8
2025-01-16 CVE-2024-57704 Out-of-bounds Write vulnerability in Tenda AC8 Firmware 16.03.34.06
Tenda AC8v4 V16.03.34.06 has a stack overflow vulnerability.
network
low complexity
tenda CWE-787
8.8
8.8
2025-01-16 CVE-2024-57578 Out-of-bounds Write vulnerability in Tenda Ac18 Firmware 15.03.05.19
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the funcpara1 parameter in the formSetCfm function.
low complexity
tenda CWE-787
8.8
8.8
2025-01-16 CVE-2024-41746 IBM CICS TX Advanced 10.1, 11.1, and Standard 11.1 is vulnerable to stored cross-site scripting.
network
low complexity
CWE-79
7.2
7.2
2025-01-16 CVE-2024-57769 SQL Injection vulnerability in Jfinaloa Project Jfinaloa
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component borrowmoney/listData?applyUser.
network
low complexity
jfinaloa-project CWE-89
8.8
8.8
2025-01-16 CVE-2024-57770 SQL Injection vulnerability in Jfinaloa Project Jfinaloa
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component apply/save#oaContractApply.id.
network
low complexity
jfinaloa-project CWE-89
8.8
8.8
2025-01-16 CVE-2024-57775 SQL Injection vulnerability in Jfinaloa Project Jfinaloa
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component getWorkFlowHis?insid.
network
low complexity
jfinaloa-project CWE-89
8.8
8.8