Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-14 | CVE-2025-24607 | Missing Authorization vulnerability in Northernbeacheswebsites Ideapush Missing Authorization vulnerability in Northern Beaches Websites IdeaPush allows Exploiting Incorrectly Configured Access Control Security Levels. | 9.8 |
| 2025-02-13 | CVE-2025-1283 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Dingtian-Tech products The Dingtian DT-R0 Series is vulnerable to an exploit that allows attackers to bypass login requirements by directly navigating to the main page. | 9.8 |
| 2025-02-13 | CVE-2025-24861 | Command Injection vulnerability in Outbackpower Mojave Inverter Oghi8048A Firmware An attacker may inject commands via specially-crafted post requests. | 9.8 |
| 2025-02-13 | CVE-2025-24865 | Missing Authentication for Critical Function vulnerability in Myscada Mypro The administrative web interface of mySCADA myPRO Manager can be accessed without authentication which could allow an unauthorized attacker to retrieve sensitive information and upload files without the associated password. | 9.8 |
| 2025-02-13 | CVE-2025-25067 | OS Command Injection vulnerability in Myscada Mypro mySCADA myPRO Manager is vulnerable to an OS command injection which could allow a remote attacker to execute arbitrary OS commands. | 9.8 |
| 2025-02-13 | CVE-2024-13182 | The WP Directorybox Manager plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.5. | 9.8 |
| 2025-02-13 | CVE-2024-13345 | Code Injection vulnerability in Theme-Fusion Avada Builder The Avada Builder plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.11.13. | 9.8 |
| 2025-02-13 | CVE-2024-13346 | Code Injection vulnerability in Theme-Fusion Avada The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.11.13. | 9.8 |
| 2025-02-13 | CVE-2024-10763 | Unspecified vulnerability in Apuswp Campress The Campress theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.35 via the 'campress_woocommerce_get_ajax_products' function. | 9.8 |
| 2025-02-13 | CVE-2024-13770 | Deserialization of Untrusted Data vulnerability in Themerex Puzzles The Puzzles | WP Magazine / Review with Store WordPress Theme + RTL theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.2.4 via deserialization of untrusted input 'view_more_posts' AJAX action. | 9.8 |