VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Medium
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-04-18
CVE-2024-13650
The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'PAFE Before After Image Comparison Slider' widget in all versions up to, and including, 2.4.34 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-04-18
CVE-2025-2613
The Login Manager – Design Login Page, View Login Activity, Limit Login Attempts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Custom logo and background URLs in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping.
network
high complexity
CWE-79
4.4
4.4
2025-04-17
CVE-2025-3764
A vulnerability classified as critical was found in SourceCodester Web-based Pharmacy Product Management System 1.0.
network
low complexity
CWE-434
6.3
6.3
2025-04-17
CVE-2025-3765
A vulnerability, which was classified as critical, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0.
network
low complexity
CWE-434
6.3
6.3
2025-04-17
CVE-2025-26268
Unspecified vulnerability in Dragonflydb Dragonfly
DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service (daemon crash) via a crafted Redis command.
network
low complexity
dragonflydb
6.5
6.5
2025-04-17
CVE-2025-43014
Missing Critical Step in Authentication vulnerability in Jetbrains Toolbox
In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user confirmation
network
low complexity
jetbrains
CWE-304
6.5
6.5
2025-04-17
CVE-2025-43015
Insecure Default Initialization of Resource vulnerability in Jetbrains Rubymine
In JetBrains RubyMine before 2025.1 remote Interpreter overwrote ports to listen on all interfaces
network
low complexity
jetbrains
CWE-1188
6.5
6.5
2025-04-17
CVE-2025-42921
Improper Validation of Certificate with Host Mismatch vulnerability in Jetbrains Toolbox
In JetBrains Toolbox App before 2.6 host key verification was missing in SSH plugin
network
low complexity
jetbrains
CWE-297
6.5
6.5
2025-04-17
CVE-2025-3453
The Password Protected – Password Protect your WordPress Site, Pages, & WooCommerce Products – Restrict Content, Protect WooCommerce Category and more plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.7.7 via the 'password_protected_cookie' function.
network
low complexity
CWE-863
5.3
5.3
2025-04-17
CVE-2025-3479
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Order Replay in all versions up to, and including, 1.42.0 via the 'handle_stripe_single' function due to insufficient validation on a user controlled key.
network
low complexity
CWE-354
5.3
5.3
«
Previous
1
2
...
7
8
9
(current)
10
11
...
7207
7208
»
Next