VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Critical
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-04-22
CVE-2025-1950
IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands locally due to improper validation of libraries of an untrusted source.
local
low complexity
CWE-114
critical
9.3
9.3
2025-04-19
CVE-2021-4455
The Wordpress Plugin Smart Product Review plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0.4.
network
low complexity
CWE-434
critical
9.8
9.8
2025-04-19
CVE-2025-1093
The AIHub theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the generate_image function in all versions up to, and including, 1.3.7.
network
low complexity
CWE-434
critical
9.8
9.8
2025-04-19
CVE-2025-3278
The UrbanGo Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.0.4.
network
low complexity
CWE-269
critical
9.8
9.8
2025-04-18
CVE-2025-3783
Unrestricted Upload of File with Dangerous Type vulnerability in Seniorwalter Web-Based Pharmacy Product Management System 1.0
A vulnerability classified as critical was found in SourceCodester Web-based Pharmacy Product Management System 1.0.
network
low complexity
seniorwalter
CWE-434
critical
9.8
9.8
2025-04-16
CVE-2025-27495
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2).
network
low complexity
CWE-89
critical
9.8
9.8
2025-04-16
CVE-2025-27539
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2).
network
low complexity
CWE-89
critical
9.8
9.8
2025-04-16
CVE-2025-27540
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2).
network
low complexity
CWE-89
critical
9.8
9.8
2025-04-16
CVE-2025-3679
Out-of-bounds Write vulnerability in Pcman FTP Server 2.0.7
A vulnerability, which was classified as critical, was found in PCMan FTP Server 2.0.7.
network
low complexity
pcman
CWE-787
critical
9.8
9.8
2025-04-16
CVE-2025-3676
SQL Injection vulnerability in Xxyopen Novel-Plus 3.5.0
A vulnerability classified as critical has been found in xxyopen Novel-Plus 3.5.0.
network
low complexity
xxyopen
CWE-89
critical
9.8
9.8
«
1
(current)
2
3
4
5
...
2570
2571
»
Next