Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-02-14 CVE-2024-13692 Authorization Bypass Through User-Controlled Key vulnerability in Wpswings Return Refund and Exchange for Woocommerce
The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.4.5 via several functions due to missing validation on a user controlled key.
network
low complexity
wpswings CWE-639
5.4
2025-02-14 CVE-2024-55904 IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 / IBM UrbanCode Deploy 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.9 could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements.
network
low complexity
CWE-78
7.2
2025-02-13 CVE-2025-22896 Cleartext Storage of Sensitive Information vulnerability in Myscada Mypro
mySCADA myPRO Manager stores credentials in cleartext, which could allow an attacker to obtain sensitive information.
network
low complexity
myscada CWE-312
7.5
2025-02-13 CVE-2025-23411 Cross-Site Request Forgery (CSRF) vulnerability in Myscada Mypro
mySCADA myPRO Manager is vulnerable to cross-site request forgery (CSRF), which could allow an attacker to obtain sensitive information.
network
low complexity
myscada CWE-352
6.5
2025-02-13 CVE-2025-24861 Command Injection vulnerability in Outbackpower Mojave Inverter Oghi8048A Firmware
An attacker may inject commands via specially-crafted post requests.
network
low complexity
outbackpower CWE-77
critical
9.8
2025-02-13 CVE-2025-24865 Missing Authentication for Critical Function vulnerability in Myscada Mypro
The administrative web interface of mySCADA myPRO Manager can be accessed without authentication which could allow an unauthorized attacker to retrieve sensitive information and upload files without the associated password.
network
low complexity
myscada CWE-306
critical
9.8
2025-02-13 CVE-2025-22480 Link Following vulnerability in Dell Supportassist 3.2.0.90
Dell SupportAssist OS Recovery versions prior to 5.5.13.1 contain a symbolic link attack vulnerability.
local
low complexity
dell CWE-59
7.8
2025-02-13 CVE-2025-25352 SQL Injection vulnerability in PHPgurukul Land Record System 1.0
A SQL Injection vulnerability was found in /admin/aboutus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the pagetitle POST request parameter.
network
low complexity
phpgurukul CWE-89
7.2
2025-02-13 CVE-2025-25354 SQL Injection vulnerability in PHPgurukul Land Record System 1.0
A SQL Injection was found in /admin/admin-profile.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the contactnumber POST request parameter.
network
low complexity
phpgurukul CWE-89
7.2
2025-02-13 CVE-2025-25355 SQL Injection vulnerability in PHPgurukul Land Record System 1.0
A SQL Injection vulnerability was found in /admin/bwdates-reports-details.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the fromdate POST request parameter.
network
low complexity
phpgurukul CWE-89
7.2