Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2025-04-22 CVE-2025-1950 IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands locally due to improper validation of libraries of an untrusted source.
local
low complexity
CWE-114
critical
9.3
2025-04-19 CVE-2021-4455 The Wordpress Plugin Smart Product Review plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0.4.
network
low complexity
CWE-434
critical
9.8
2025-04-19 CVE-2025-1093 The AIHub theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the generate_image function in all versions up to, and including, 1.3.7.
network
low complexity
CWE-434
critical
9.8
2025-04-19 CVE-2025-3278 The UrbanGo Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.0.4.
network
low complexity
CWE-269
critical
9.8
2025-04-18 CVE-2025-3783 Unrestricted Upload of File with Dangerous Type vulnerability in Seniorwalter Web-Based Pharmacy Product Management System 1.0
A vulnerability classified as critical was found in SourceCodester Web-based Pharmacy Product Management System 1.0.
network
low complexity
seniorwalter CWE-434
critical
9.8
2025-04-16 CVE-2025-27495 A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2).
network
low complexity
CWE-89
critical
9.8
2025-04-16 CVE-2025-27539 A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2).
network
low complexity
CWE-89
critical
9.8
2025-04-16 CVE-2025-27540 A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2).
network
low complexity
CWE-89
critical
9.8
2025-04-16 CVE-2025-3679 Out-of-bounds Write vulnerability in Pcman FTP Server 2.0.7
A vulnerability, which was classified as critical, was found in PCMan FTP Server 2.0.7.
network
low complexity
pcman CWE-787
critical
9.8
2025-04-16 CVE-2025-3676 SQL Injection vulnerability in Xxyopen Novel-Plus 3.5.0
A vulnerability classified as critical has been found in xxyopen Novel-Plus 3.5.0.
network
low complexity
xxyopen CWE-89
critical
9.8