Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-02-24 CVE-2025-27141 Incorrect Permission Assignment for Critical Resource vulnerability in Metabase
Metabase Enterprise Edition is the enterprise version of Metabase business intelligence and data analytics software.
network
low complexity
metabase CWE-732
6.5
2025-02-24 CVE-2025-27112 Improper Authentication vulnerability in Navidrome
Navidrome is an open source web-based music collection server and streamer.
network
low complexity
navidrome CWE-287
6.5
2025-02-24 CVE-2025-27133 SQL Injection vulnerability in Wegia 3.2.13/3.2.14
WeGIA is a Web manager for charitable institutions.
network
low complexity
wegia CWE-89
8.8
2025-02-24 CVE-2024-57026 Cross-site Scripting vulnerability in Tawk Tawk.To
TawkTo Widget Version <= 1.3.7 is vulnerable to Cross Site Scripting (XSS) due to processing user input in a way that allows JavaScript execution.
network
low complexity
tawk CWE-79
6.1
2025-02-24 CVE-2024-56897 Unrestricted Upload of File with Dangerous Type vulnerability in Yitechnology YI CAR Dashcam Firmware 3.88
Improper access control in the HTTP server in YI Car Dashcam v3.88 allows unrestricted file downloads, uploads, and API commands.
network
low complexity
yitechnology CWE-434
critical
9.8
2025-02-24 CVE-2025-26803 Unspecified vulnerability in Phusion Passenger
The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method.
network
low complexity
phusion
7.5
2025-02-24 CVE-2024-12916 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Agito Computer Life4All allows SQL Injection.This issue affects Life4All: before 10.01.2025.
network
low complexity
CWE-89
8.8
2025-02-24 CVE-2024-12917 Files or Directories Accessible to External Parties vulnerability in Agito Computer Health4All allows Exploiting Incorrectly Configured Access Control Security Levels, Authentication Abuse.This issue affects Health4All: before 10.01.2025.
network
low complexity
CWE-552
8.3
2025-02-24 CVE-2024-12918 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Agito Computer Health4All allows SQL Injection.This issue affects Health4All: before 10.01.2025.
network
low complexity
CWE-89
8.8
2025-02-24 CVE-2025-0545 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tekrom Technology T-Soft E-Commerce allows Cross-Site Scripting (XSS).This issue affects T-Soft E-Commerce: before v5.
network
low complexity
CWE-79
4.7