Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-11 | CVE-2025-27494 | A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions < V6.4.9). | 9.1 |
| 2025-03-11 | CVE-2025-1661 | Path Traversal vulnerability in Pluginus Husky - products Filter Professional for Woocommerce The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.6.5 via the 'template' parameter of the woof_text_search AJAX action. | 9.8 |
| 2025-03-10 | CVE-2025-24813 | Use of Incorrectly-Resolved Name or Reference vulnerability in Apache Tomcat Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98. If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads - attacker knowledge of the names of security sensitive files being uploaded - the security sensitive files also being uploaded via partial PUT If all of the following were true, a malicious user was able to perform remote code execution: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - application was using Tomcat's file based session persistence with the default storage location - application included a library that may be leveraged in a deserialization attack Users are recommended to upgrade to version 11.0.3, 10.1.35 or 9.0.99, which fixes the issue. | 9.8 |
| 2025-03-10 | CVE-2025-1497 | Command Injection vulnerability in Mljar Plotai A vulnerability, that could result in Remote Code Execution (RCE), has been found in PlotAI. | 9.8 |
| 2025-03-10 | CVE-2025-2152 | Heap-based Buffer Overflow vulnerability in Assimp 5.4.3 A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. | 9.8 |
| 2025-03-10 | CVE-2025-1945 | Unspecified vulnerability in Mmaitre314 Picklescan picklescan before 0.0.23 fails to detect malicious pickle files inside PyTorch model archives when certain ZIP file flag bits are modified. | 9.8 |
| 2025-03-08 | CVE-2024-13924 | Server-Side Request Forgery (SSRF) vulnerability in Fancywp Starter Templates The Starter Templates by FancyWP plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.0.0 via the 'http_request_host_is_external' filter. | 9.1 |
| 2025-03-08 | CVE-2024-13359 | Unrestricted Upload of File with Dangerous Type vulnerability in Tychesoftwares Product Input Fields for Woocommerce The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the add_product_input_fields_to_order_item_meta() function in all versions up to, and including, 1.12.0. | 9.8 |
| 2025-03-08 | CVE-2025-1323 | SQL Injection vulnerability in Plechevandrey Wp-Recall The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to SQL Injection via the 'databeat' parameter in all versions up to, and including, 16.26.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 9.8 |
| 2025-03-08 | CVE-2025-0177 | Improper Privilege Management vulnerability in Javothemes Javo Core The Javo Core plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.0.0.080. | 9.8 |