Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-21 | CVE-2024-13353 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Cyberchimps Responsive Addons for Elementor The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.4 via several widgets. | 8.8 |
| 2025-02-21 | CVE-2025-1471 | Unspecified vulnerability in Eclipse OMR In Eclipse OMR versions 0.2.0 to 0.4.0, some of the z/OS atoe print functions use a constant length buffer for string conversion. | 7.8 |
| 2025-02-21 | CVE-2024-11260 | SQL Injection vulnerability in Pixelite Events Manager The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to time-based SQL Injection via the active_status parameter in all versions up to, and including, 6.6.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
| 2025-02-21 | CVE-2024-13818 | Information Exposure Through Log Files vulnerability in Genetechsolutions PIE Register The Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.8.3.9 through publicly exposed log files. | 7.5 |
| 2025-02-20 | CVE-2025-27097 | Resource Exhaustion vulnerability in The-Guild Graphql Mesh GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as MongoDB, MySQL, and PostgreSQL. | 7.5 |
| 2025-02-20 | CVE-2025-27098 | Path Traversal vulnerability in The-Guild Graphql Mesh CLI and Graphql Mesh Http GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as MongoDB, MySQL, and PostgreSQL. | 7.5 |
| 2025-02-20 | CVE-2025-27091 | Heap-based Buffer Overflow vulnerability in Cisco Openh264 OpenH264 is a free license codec library which supports H.264 encoding and decoding. | 7.5 |
| 2025-02-20 | CVE-2024-49779 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Openpages With Watson 9.0 IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to bypass security restrictions, caused by improper validation and management of authentication cookies. | 8.8 |
| 2025-02-20 | CVE-2024-49781 | XXE vulnerability in IBM Openpages With Watson 9.0 IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to an XML external entity injection (XXE) attack when processing XML data. | 7.1 |
| 2025-02-20 | CVE-2024-13476 | SQL Injection vulnerability in Eniture LTL Freight Quotes The LTL Freight Quotes – GlobalTranz Edition plugin for WordPress is vulnerable to SQL Injection via the 'engtz_wd_save_dropship' AJAX endpoint in all versions up to, and including, 2.3.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |