Vulnerabilities > Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2025-05-14	CVE-2024-13940	The Ninja Forms Webhooks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.0.7 via the form webhook functionality. network low complexity CWE-918	5.5
2025-05-14	CVE-2024-8988	The PeepSo Core: File Uploads plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.4.6.0 via the file_download REST API endpoint due to missing validation on a user controlled key. network low complexity CWE-639	5.3
2025-05-14	CVE-2025-4520	The Uncanny Automator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in versions up to, and including, 6.4.0.2. network low complexity CWE-862	5.4
2025-05-13	CVE-2025-30314	Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. network low complexity CWE-79	6.1
2025-05-13	CVE-2025-30315	Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. network low complexity CWE-79	6.1
2025-05-13	CVE-2025-30316	Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. network low complexity CWE-79	5.4
2025-05-13	CVE-2025-43551	Substance3D - Stager versions 3.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. local low complexity CWE-125	5.5
2025-05-13	CVE-2025-43566	ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. network low complexity CWE-22	6.8
2025-05-13	CVE-2025-30329	NULL Pointer Dereference vulnerability in Adobe Animate Animate versions 24.0.8, 23.0.11 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. local low complexity adobe CWE-476	5.5
2025-05-13	CVE-2025-30394	Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network. network high complexity CWE-591	5.9

Vulnerabilities > Medium {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Medium"}]}

Vulnerabilities > Medium