Vulnerabilities > Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2025-01-28	CVE-2025-23211	Code Injection vulnerability in Tandoor Recipes Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. network low complexity tandoor CWE-94 critical	9.9
2025-01-28	CVE-2024-13448	Unrestricted Upload of File with Dangerous Type vulnerability in Themerex Addons The ThemeREX Addons plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'trx_addons_uploads_save_data' function in all versions up to, and including, 2.32.3. network low complexity themerex CWE-434 critical	9.8
2025-01-28	CVE-2023-50316	SQL Injection vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 is vulnerable to SQL injection. network low complexity ibm CWE-89 critical	9.8
2025-01-27	CVE-2024-54512	Unspecified vulnerability in Apple Watchos The issue was addressed by removing the relevant flags. network low complexity apple critical	9.1
2025-01-27	CVE-2025-24154	Out-of-bounds Write vulnerability in Apple products An out-of-bounds write was addressed with improved input validation. network low complexity apple CWE-787 critical	9.1
2025-01-27	CVE-2024-55227	Cross-site Scripting vulnerability in Dolibarr Erp/Crm 21.0.0 A cross-site scripting (XSS) vulnerability in the Events/Agenda module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter. network low complexity dolibarr CWE-79 critical	9.0
2025-01-27	CVE-2024-55228	Cross-site Scripting vulnerability in Dolibarr Erp/Crm 21.0.0 A cross-site scripting (XSS) vulnerability in the Product module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter. network low complexity dolibarr CWE-79 critical	9.0
2025-01-25	CVE-2025-0357	Unrestricted Upload of File with Dangerous Type vulnerability in Iqonicdesign Wpbookit The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'WPB_Profile_controller::handle_image_upload' function in versions up to, and including, 1.6.9. network low complexity iqonicdesign CWE-434 critical	9.8
2025-01-24	CVE-2025-24596	Missing Authorization vulnerability in Wcproducttable Woocommerce Product Table Missing Authorization vulnerability in WC Product Table WooCommerce Product Table Lite allows Exploiting Incorrectly Configured Access Control Security Levels. network low complexity wcproducttable CWE-862 critical	9.8
2025-01-24	CVE-2024-13545	Unspecified vulnerability in G5Plus Ultimate Bootstrap Elements for Elementor The Bootstrap Ultimate theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.9 via the path parameter. network low complexity g5plus critical	9.8

Vulnerabilities > Critical {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Critical"}]}

Vulnerabilities > Critical