VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> High
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-04-01
CVE-2025-31131
Path Traversal vulnerability in Yeswiki
YesWiki is a wiki system written in PHP.
network
low complexity
yeswiki
CWE-22
7.5
7.5
2025-04-01
CVE-2025-1658
Out-of-bounds Read vulnerability in Autodesk Navisworks
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability.
local
low complexity
autodesk
CWE-125
7.8
7.8
2025-04-01
CVE-2025-1659
Out-of-bounds Read vulnerability in Autodesk Navisworks
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability.
local
low complexity
autodesk
CWE-125
7.8
7.8
2025-04-01
CVE-2025-1660
Out-of-bounds Write vulnerability in Autodesk Navisworks
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability.
local
low complexity
autodesk
CWE-787
7.8
7.8
2025-04-01
CVE-2025-2891
The Real Estate 7 WordPress theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the 'template-submit-listing.php' file in all versions up to, and including, 3.5.4.
network
low complexity
CWE-434
8.8
8.8
2025-04-01
CVE-2024-13567
The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.3.1 via the 'awesome-support' directory.
network
low complexity
CWE-200
7.5
7.5
2025-04-01
CVE-2025-2007
The Import Export Suite for CSV and XML Datafeed plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteImage() function in all versions up to, and including, 7.19.
network
low complexity
CWE-23
8.1
8.1
2025-04-01
CVE-2025-2008
The Import Export Suite for CSV and XML Datafeed plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import_single_post_as_csv() function in all versions up to, and including, 7.19.
network
low complexity
CWE-434
8.8
8.8
2025-04-01
CVE-2025-21384
An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network.
network
low complexity
CWE-693
8.3
8.3
2025-03-31
CVE-2025-3038
Injection vulnerability in Fabian Payroll Management System 1.0
A vulnerability was found in code-projects Payroll Management System 1.0 and classified as critical.
network
low complexity
fabian
CWE-74
8.8
8.8
«
Previous
1
2
...
88
89
90
(current)
91
92
...
6895
6896
»
Next