VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> High
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2024-12-14
CVE-2024-31891
IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 contains a local privilege escalation vulnerability.
local
low complexity
CWE-250
7.8
7.8
2024-12-14
CVE-2024-31892
IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 could allow a user to perform unauthorized actions after intercepting and modifying a csv file due to improper neutralization of formula elements.
network
high complexity
CWE-89
7.5
7.5
2024-12-14
CVE-2024-11720
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via submission forms in all versions up to, and including, 3.24.5 due to insufficient input sanitization and output escaping on the new Taxonomy form.
network
low complexity
CWE-79
7.2
7.2
2024-12-14
CVE-2024-11721
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.24.5.
network
high complexity
CWE-269
8.1
8.1
2024-12-14
CVE-2024-11711
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'resumeid' parameter in all versions up to, and including, 2.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
7.5
7.5
2024-12-14
CVE-2024-10646
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form's subject parameter in all versions up to, and including, 5.2.6 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
7.2
7.2
2024-12-14
CVE-2024-9698
The Crafthemes Demo Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'process_uploaded_files' function in all versions up to, and including, 3.3.
network
low complexity
CWE-434
7.2
7.2
2024-12-13
CVE-2024-10783
The MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites plugin for WordPress is vulnerable to privilege escalation due to a missing authorization checks on the register_site function in all versions up to, and including, 5.2 when a site is left in an unconfigured state.
network
high complexity
CWE-862
8.1
8.1
2024-12-12
CVE-2024-54103
Unspecified vulnerability in Huawei Harmonyos 5.0.0
Vulnerability of improper access control in the album module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
network
low complexity
huawei
7.5
7.5
2024-12-12
CVE-2024-54104
Unspecified vulnerability in Huawei Harmonyos 5.0.0
Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
network
low complexity
huawei
7.5
7.5
«
Previous
1
2
3
4
(current)
5
6
...
6473
6474
»
Next