Vulnerabilities > High

DATE	CVE	VULNERABILITY TITLE	RISK
2025-01-15	CVE-2024-57726	Unspecified vulnerability in Simple-Help Simplehelp SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. network low complexity simple-help	8.8
2025-01-15	CVE-2024-57727	Path Traversal vulnerability in Simple-Help Simplehelp SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. network low complexity simple-help CWE-22	7.5
2025-01-15	CVE-2024-57728	Link Following vulnerability in Simple-Help Simplehelp SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. network low complexity simple-help CWE-59	7.2
2025-01-15	CVE-2024-11848	The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nitropack_dismiss_notice_forever' AJAX action in all versions up to, and including, 1.17.0. network low complexity CWE-862	8.1
2025-01-15	CVE-2025-0437	Out-of-bounds Read vulnerability in Google Chrome Out of bounds read in Metrics in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google CWE-125	8.8
2025-01-15	CVE-2024-13351	The Social proof testimonials and reviews by Repuso plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rw_image_badge1' shortcode in all versions up to, and including, 5.20 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity CWE-79	7.2
2025-01-15	CVE-2024-4227	In Genivia gSOAP with a specific configuration an unauthenticated remote attacker can generate a high CPU load when forcing to parse an XML having duplicate ID attributes which can lead to a DoS. network low complexity CWE-834	7.5
2025-01-14	CVE-2025-21135	Animate versions 24.0.6, 23.0.9 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. local low complexity CWE-191	7.8
2025-01-14	CVE-2025-21136	Substance3D - Designer versions 14.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. local low complexity CWE-787	7.8
2025-01-14	CVE-2025-21137	Substance3D - Designer versions 14.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. local low complexity CWE-122	7.8

Vulnerabilities > High {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"High"}]}

Vulnerabilities > High