VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Medium
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-05-29
CVE-2025-4670
The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's edd_receipt shortcode in all versions up to, and including, 3.3.8.1 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-05-29
CVE-2025-5122
The Map Block Leaflet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-05-29
CVE-2025-5286
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘additional_settings’ parameter in all versions up to, and including, 5.3.6 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-05-29
CVE-2025-4583
The Smash Balloon Social Photo Feed – Easy Social Feeds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `data-plugin` attribute in all versions up to, and including, 6.9.0 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
5.4
5.4
2025-05-28
CVE-2025-32803
In some cases, Kea log files or lease files may be world-readable. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8.
local
low complexity
4.0
4.0
2025-05-28
CVE-2025-32802
Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea.
local
low complexity
6.1
6.1
2025-05-28
CVE-2024-38341
IBM Sterling Secure Proxy 6.0.0.0 through 6.0.3.1, 6.1.0.0 through 6.1.0.0, and 6.2.0.0 through 6.2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
high complexity
CWE-328
5.9
5.9
2025-05-28
CVE-2024-51453
IBM Sterling Secure Proxy 6.2.0.0 through 6.2.0.1 could allow a remote attacker to traverse directories on the system.
network
low complexity
CWE-22
4.3
4.3
2025-05-28
CVE-2025-5297
A vulnerability, which was classified as critical, has been found in SourceCodester Computer Store System 1.0.
local
low complexity
CWE-121
5.3
5.3
2025-05-28
CVE-2025-4963
The WP Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.15 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
«
Previous
1
2
...
3
4
5
(current)
6
7
...
7294
7295
»
Next