Vulnerabilities > Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2025-04-02	CVE-2024-50594	An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. network low complexity CWE-191	4.3
2025-04-02	CVE-2024-50595	An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. network low complexity CWE-191	4.3
2025-04-02	CVE-2024-50596	An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. network low complexity CWE-191	4.3
2025-04-02	CVE-2024-50597	An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. network low complexity CWE-191	4.3
2025-04-02	CVE-2025-21989	NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix missing .is_two_pixels_per_container Starting from 6.11, AMDGPU driver, while being loaded with amdgpu.dc=1, due to lack of .is_two_pixels_per_container function in dce60_tg_funcs, causes a NULL pointer dereference on PCs with old GPUs, such as R9 280X. So this fix adds missing .is_two_pixels_per_container to dce60_tg_funcs. (cherry picked from commit bd4b125eb949785c6f8a53b0494e32795421209d) local low complexity linux CWE-476	5.5
2025-04-02	CVE-2025-21990	NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: NULL-check BO's backing store when determining GFX12 PTE flags PRT BOs may not have any backing store, so bo->tbo.resource will be NULL. local low complexity linux CWE-476	5.5
2025-04-02	CVE-2024-12410	The Front End Users plugin for WordPress is vulnerable to SQL Injection via the 'UserSearchField' parameter in all versions up to, and including, 3.2.32 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. network low complexity CWE-89	4.9
2025-04-02	CVE-2024-13637	The Demo Awesome plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the install_plugin function in all versions up to, and including, 1.0.3. network low complexity CWE-862	6.5
2025-04-02	CVE-2025-2483	The Gift Certificate Creator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘receip_address’ parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. network low complexity CWE-79	6.1
2025-04-02	CVE-2025-2513	The Smart Icons For WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. network low complexity CWE-79	6.4

Vulnerabilities > Medium {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Medium"}]}

Vulnerabilities > Medium