Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-03-22 CVE-2025-2624 SQL Injection vulnerability in Westboy Cicadascms 1.0
A vulnerability was found in westboy CicadasCMS 1.0.
network
low complexity
westboy CWE-89
7.5
2025-03-22 CVE-2025-2623 Cross-site Scripting vulnerability in Westboy Cicadascms 1.0
A vulnerability was found in westboy CicadasCMS 1.0.
network
low complexity
westboy CWE-79
5.4
2025-03-22 CVE-2025-2621 Out-of-bounds Write vulnerability in Dlink Dap-1620 Firmware 1.03
A vulnerability was found in D-Link DAP-1620 1.03 and classified as critical.
network
low complexity
dlink CWE-787
critical
9.8
2025-03-22 CVE-2025-2622 Unspecified vulnerability in Aizuda Snail-Job 1.4.0
A vulnerability was found in aizuda snail-job 1.4.0.
network
low complexity
aizuda
8.8
2025-03-22 CVE-2025-2186 The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin for WordPress is vulnerable to SQL Injection via the ‘automationId’ parameter in all versions up to, and including, 3.5.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
7.5
2025-03-22 CVE-2025-2617 A vulnerability classified as problematic was found in yangyouwang ??? crud ???????? 1.0.0.
network
low complexity
CWE-94
2.4
2025-03-22 CVE-2025-1970 The Export and Import Users and Customers plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.6.2 via the validate_file() function.
network
low complexity
CWE-918
7.6
2025-03-22 CVE-2025-1971 The Export and Import Users and Customers plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.2 via deserialization of untrusted input from the 'form_data' parameter.
network
low complexity
CWE-502
7.2
2025-03-22 CVE-2025-1972 The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_log_page() function in all versions up to, and including, 2.6.2.
network
low complexity
CWE-73
2.7
2025-03-22 CVE-2025-1973 The Export and Import Users and Customers plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.6.2 via the download_file() function.
network
low complexity
CWE-22
4.9