Vulnerabilities > Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2025-01-27	CVE-2025-0721	Cross-site Scripting vulnerability in Needyamin Image Gallery Management System 1.0 A vulnerability classified as problematic has been found in needyamin image_gallery 1.0. network low complexity needyamin CWE-79	6.1
2025-01-26	CVE-2023-38009	IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning. high complexity CWE-295	4.2
2025-01-26	CVE-2023-50945	IBM Common Licensing 9.0 stores user credentials in plain clear text which can be read by a local user. local low complexity CWE-256	6.2
2025-01-26	CVE-2023-50946	IBM Common Licensing 9.0 could allow an authenticated user to modify a configuration file that they should not have access to due to a broken authorization mechanism. network low complexity CWE-863	6.5
2025-01-26	CVE-2024-31906	IBM Automation Decision Services 23.0.2 allows web pages to be stored locally which can be read by another user on the system. local low complexity CWE-525	6.2
2025-01-26	CVE-2024-12334	Cross-site Scripting vulnerability in Codexpert WC Affiliate The WC Affiliate – A Complete WooCommerce Affiliate Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via any parameter in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. network low complexity codexpert CWE-79	6.1
2025-01-26	CVE-2024-13505	Cross-site Scripting vulnerability in Ays-Pro Survey Maker The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ays_sections[5][questions][8][title]’ parameter in all versions up to, and including, 5.1.3.3 due to insufficient input sanitization and output escaping. network low complexity ays-pro CWE-79	4.8
2025-01-26	CVE-2024-10636	The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 8.8.0 (Business), up to, and including, 21.8.0 (Developer), and up to, and including, 31.8.0 (Agency) due to insufficient input sanitization and output escaping. network low complexity CWE-79	6.1
2025-01-25	CVE-2024-35144	IBM Maximo Application Suite 8.10, 8.11, and 9.0 - Monitor Component stores source code on the web server that could aid in further attacks against the system. network low complexity CWE-540	5.3
2025-01-25	CVE-2024-35145	IBM Maximo Application Suite 9.0.0 - Monitor Component is vulnerable to cross-site scripting. network low complexity CWE-79	6.1

Vulnerabilities > Medium {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Medium"}]}

Vulnerabilities > Medium