Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2025-02-21 CVE-2025-1535 A vulnerability was found in Baiyi Cloud Asset Management System 8.142.100.161.
network
low complexity
CWE-74
7.3
2025-02-21 CVE-2024-13353 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Cyberchimps Responsive Addons for Elementor
The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.4 via several widgets.
network
low complexity
cyberchimps CWE-829
8.8
2025-02-21 CVE-2025-1471 Unspecified vulnerability in Eclipse OMR
In Eclipse OMR versions 0.2.0 to 0.4.0, some of the z/OS atoe print functions use a constant length buffer for string conversion.
local
low complexity
eclipse
7.8
2025-02-21 CVE-2024-11260 SQL Injection vulnerability in Pixelite Events Manager
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to time-based SQL Injection via the active_status parameter in all versions up to, and including, 6.6.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
pixelite CWE-89
7.5
2025-02-21 CVE-2024-13818 Information Exposure Through Log Files vulnerability in Genetechsolutions PIE Register
The Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.8.3.9 through publicly exposed log files.
network
low complexity
genetechsolutions CWE-532
7.5
2025-02-20 CVE-2025-27097 Resource Exhaustion vulnerability in The-Guild Graphql Mesh
GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as MongoDB, MySQL, and PostgreSQL.
network
low complexity
the-guild CWE-400
7.5
2025-02-20 CVE-2025-27098 Path Traversal vulnerability in The-Guild Graphql Mesh CLI and Graphql Mesh Http
GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as MongoDB, MySQL, and PostgreSQL.
network
low complexity
the-guild CWE-22
7.5
2025-02-20 CVE-2025-27091 Heap-based Buffer Overflow vulnerability in Cisco Openh264
OpenH264 is a free license codec library which supports H.264 encoding and decoding.
network
high complexity
cisco CWE-122
7.5
2025-02-20 CVE-2024-49781 IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to an XML external entity injection (XXE) attack when processing XML data.
network
low complexity
CWE-611
7.1
2025-02-20 CVE-2024-13476 SQL Injection vulnerability in Eniture LTL Freight Quotes
The LTL Freight Quotes – GlobalTranz Edition plugin for WordPress is vulnerable to SQL Injection via the 'engtz_wd_save_dropship' AJAX endpoint in all versions up to, and including, 2.3.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
eniture CWE-89
7.5