VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Medium
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2024-06-04
CVE-2024-4274
The Essential Real Estate plugin for WordPress is vulnerable to unauthorized loss of data due to insufficient validation on the remove_property_attachment_ajax() function in all versions up to, and including, 4.4.2.
network
low complexity
4.3
4.3
2024-06-04
CVE-2024-4462
The Nafeza Prayer Time plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping.
network
high complexity
4.4
4.4
2024-06-04
CVE-2024-4697
The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘heading_tag’ parameter in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping.
network
low complexity
6.4
6.4
2024-06-04
CVE-2024-4997
The WPUpper Share Buttons plugin for WordPress is vulnerable to unauthorized access of data when preparing sharing links for posts and pages in all versions up to, and including, 3.43.
network
low complexity
5.3
5.3
2024-06-04
CVE-2024-3888
The tagDiv Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button shortcode in all versions up to, and including, 4.8 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
6.4
6.4
2024-06-04
CVE-2024-29975
** UNSUPPORTED WHEN ASSIGNED ** The improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an authenticated local attacker with administrator privileges to execute some system commands as the “root” user on a vulnerable device.
local
low complexity
CWE-269
6.7
6.7
2024-06-04
CVE-2024-29976
** UNSUPPORTED WHEN ASSIGNED ** The improper privilege management vulnerability in the command “show_allsessions” in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an authenticated attacker to obtain a logged-in administrator’s session information containing cookies on an affected device.
network
low complexity
CWE-269
6.5
6.5
2024-06-03
CVE-2023-43537
Information disclosure while handling T2LM Action Frame in WLAN Host.
network
low complexity
6.5
6.5
2024-06-03
CVE-2023-43543
Memory corruption in Audio during a playback or a recording due to race condition between allocation and deallocation of graph object.
local
low complexity
6.7
6.7
2024-06-03
CVE-2023-43544
Memory corruption when IPC callback handle is used after it has been released during register callback by another thread.
local
low complexity
6.7
6.7
«
Previous
1
2
...
407
408
409
(current)
410
411
...
11726
11727
»
Next