Vulnerabilities > High

DATE	CVE	VULNERABILITY TITLE	RISK
2025-01-18	CVE-2025-23209	Code Injection vulnerability in Craftcms Craft CMS Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. network high complexity craftcms CWE-94	8.1
2025-01-18	CVE-2018-9389	Out-of-bounds Write vulnerability in Google Android In ip6_append_data of ip6_output.c, there is a possible way to achieve code execution due to a heap buffer overflow. local low complexity google CWE-787	7.8
2025-01-17	CVE-2025-0528	A vulnerability, which was classified as critical, has been found in Tenda AC8, AC10 and AC18 16.03.10.20. network low complexity CWE-74	7.2
2025-01-17	CVE-2025-0527	A vulnerability classified as critical was found in code-projects Admission Management System 1.0. network low complexity CWE-74	7.3
2025-01-17	CVE-2024-13377	The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘alt’ parameter in all versions up to, and including, 2.9.1.3 due to insufficient input sanitization and output escaping. network low complexity CWE-79	7.2
2025-01-17	CVE-2024-13333	The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fma_local_file_system' function in versions 5.2.12 to 5.2.13. network high complexity CWE-434	7.5
2025-01-17	CVE-2025-21325	Unspecified vulnerability in Microsoft products Windows Secure Kernel Mode Elevation of Privilege Vulnerability local low complexity microsoft	7.8
2025-01-16	CVE-2024-41746	IBM CICS TX Advanced 10.1, 11.1, and Standard 11.1 is vulnerable to stored cross-site scripting. network low complexity CWE-79	7.2
2025-01-16	CVE-2024-57769	SQL Injection vulnerability in Jfinaloa Project Jfinaloa JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component borrowmoney/listData?applyUser. network low complexity jfinaloa-project CWE-89	8.8
2025-01-16	CVE-2024-57770	SQL Injection vulnerability in Jfinaloa Project Jfinaloa JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component apply/save#oaContractApply.id. network low complexity jfinaloa-project CWE-89	8.8

Vulnerabilities > High {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"High"}]}

Vulnerabilities > High