Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-14 | CVE-2024-13641 | Unspecified vulnerability in Wpswings Return Refund and Exchange for Woocommerce The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.5 via the 'attachment' directory. | 7.5 |
| 2025-02-14 | CVE-2024-13692 | Authorization Bypass Through User-Controlled Key vulnerability in Wpswings Return Refund and Exchange for Woocommerce The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.4.5 via several functions due to missing validation on a user controlled key. | 5.4 |
| 2025-02-14 | CVE-2024-55904 | IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 / IBM UrbanCode Deploy 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.9 could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements. | 7.2 |
| 2025-02-13 | CVE-2025-1283 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Dingtian-Tech products The Dingtian DT-R0 Series is vulnerable to an exploit that allows attackers to bypass login requirements by directly navigating to the main page. | 9.8 |
| 2025-02-13 | CVE-2025-20615 | Privacy Violation vulnerability in Qardio 2.7.4 The Qardio Arm iOS application exposes sensitive data such as usernames and passwords in a plist file. | 6.6 |
| 2025-02-13 | CVE-2025-22896 | Cleartext Storage of Sensitive Information vulnerability in Myscada Mypro mySCADA myPRO Manager stores credentials in cleartext, which could allow an attacker to obtain sensitive information. | 7.5 |
| 2025-02-13 | CVE-2025-23411 | Cross-Site Request Forgery (CSRF) vulnerability in Myscada Mypro mySCADA myPRO Manager is vulnerable to cross-site request forgery (CSRF), which could allow an attacker to obtain sensitive information. | 6.5 |
| 2025-02-13 | CVE-2025-24861 | Command Injection vulnerability in Outbackpower Mojave Inverter Oghi8048A Firmware An attacker may inject commands via specially-crafted post requests. | 9.8 |
| 2025-02-13 | CVE-2025-24865 | Missing Authentication for Critical Function vulnerability in Myscada Mypro The administrative web interface of mySCADA myPRO Manager can be accessed without authentication which could allow an unauthorized attacker to retrieve sensitive information and upload files without the associated password. | 9.8 |
| 2025-02-13 | CVE-2025-25067 | OS Command Injection vulnerability in Myscada Mypro mySCADA myPRO Manager is vulnerable to an OS command injection which could allow a remote attacker to execute arbitrary OS commands. | 9.8 |