Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-30 | CVE-2025-0880 | SQL Injection vulnerability in Codezips GYM Management System 1.0 A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical. | 9.8 |
| 2025-01-30 | CVE-2025-0881 | SQL Injection vulnerability in Codezips GYM Management System 1.0 A vulnerability was found in Codezips Gym Management System 1.0. | 9.8 |
| 2025-01-30 | CVE-2025-0874 | SQL Injection vulnerability in Fabianros Simple CAR Rental System 1.0 A vulnerability, which was classified as critical, has been found in code-projects Simple Plugins Car Rental Management 1.0. | 9.8 |
| 2025-01-30 | CVE-2025-0873 | SQL Injection vulnerability in Angeljudesuarez Tailoring Management System 1.0 A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. | 9.8 |
| 2025-01-30 | CVE-2025-0872 | SQL Injection vulnerability in Angeljudesuarez Tailoring Management System 1.0 A vulnerability classified as critical has been found in itsourcecode Tailoring Management System 1.0. | 9.8 |
| 2025-01-30 | CVE-2025-22219 | Unspecified vulnerability in VMWare Aria Operations for Logs and Cloud Foundation VMware Aria Operations for Logs contains a stored cross-site scripting vulnerability. A malicious actor with non-administrative privileges may be able to inject a malicious script that (can perform stored cross-site scripting) may lead to arbitrary operations as admin user. | 9.0 |
| 2025-01-30 | CVE-2024-12822 | Missing Authorization vulnerability in Userproplugin Media Manager The Media Manager for UserPro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the add_capto_img() function in all versions up to, and including, 3.11.0. | 9.8 |
| 2025-01-30 | CVE-2024-13720 | Path Traversal vulnerability in Ivanm WP Image Uploader The WP Image Uploader plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the gky_image_uploader_main_function() function in all versions up to, and including, 1.0.1. | 9.1 |
| 2025-01-30 | CVE-2024-13742 | Deserialization of Untrusted Data vulnerability in Icontrolwp The iControlWP – Multiple WordPress Site Manager plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.5 via deserialization of untrusted input from the reqpars parameter. | 9.8 |
| 2025-01-30 | CVE-2025-0847 | SQL Injection vulnerability in 1000Projects Employee Task Management System 1.0 A vulnerability was found in 1000 Projects Employee Task Management System 1.0. | 9.8 |