VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Medium
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-05-29
CVE-2025-2518
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
network
high complexity
CWE-789
5.3
5.3
2025-05-29
CVE-2025-3050
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when using Q replication due to the improper allocation of CPU resources.
network
high complexity
CWE-770
5.3
5.3
2025-05-29
CVE-2025-5326
A vulnerability was found in zhilink ???(??)?????? ADP Application Developer Platform ??????? 1.0.0 and classified as critical.
network
low complexity
CWE-502
6.3
6.3
2025-05-29
CVE-2025-4670
The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's edd_receipt shortcode in all versions up to, and including, 3.3.8.1 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-05-29
CVE-2025-5122
The Map Block Leaflet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-05-29
CVE-2025-5286
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘additional_settings’ parameter in all versions up to, and including, 5.3.6 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-05-29
CVE-2025-4583
The Smash Balloon Social Photo Feed – Easy Social Feeds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `data-plugin` attribute in all versions up to, and including, 6.9.0 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
5.4
5.4
2025-05-28
CVE-2025-32803
In some cases, Kea log files or lease files may be world-readable. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8.
local
low complexity
4.0
4.0
2025-05-28
CVE-2025-32802
Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea.
local
low complexity
6.1
6.1
2025-05-28
CVE-2024-38341
IBM Sterling Secure Proxy 6.0.0.0 through 6.0.3.1, 6.1.0.0 through 6.1.0.0, and 6.2.0.0 through 6.2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
high complexity
CWE-328
5.9
5.9
«
Previous
1
2
...
5
6
7
(current)
8
9
...
7297
7298
»
Next