Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2025-03-19 CVE-2024-12922 The Altair theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check within functions.php in all versions up to, and including, 5.2.4.
network
low complexity
CWE-862
critical
 9.8
9.8
2025-03-18 CVE-2024-56346 IBM AIX 7.2 and 7.3 nimesis NIM master service could allow a remote attacker to execute arbitrary commands due to improper process controls.
network
low complexity
CWE-114
critical
 10.0
10
2025-03-18 CVE-2024-56347 IBM AIX 7.2 and 7.3 nimsh service SSL/TLS protection mechanisms could allow a remote attacker to execute arbitrary commands due to improper process controls.
network
low complexity
CWE-114
critical
 9.6
9.6
2025-03-18 CVE-2024-8997 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vestel EVC04 Configuration Interface allows SQL Injection.This issue affects EVC04 Configuration Interface: through 18.03.2025.
network
low complexity
CWE-89
critical
 9.8
9.8
2025-03-18 CVE-2024-23943 An unauthenticated remote attacker can gain access to the cloud API due to a lack of authentication for a critical function in the affected devices.
network
low complexity
CWE-306
critical
 9.1
9.1
2025-03-17 CVE-2025-2385 SQL Injection vulnerability in Code-Projects Modern BAG 1.0
A vulnerability has been found in code-projects Modern Bag 1.0 and classified as critical.
network
low complexity
code-projects CWE-89
critical
 9.8
9.8
2025-03-17 CVE-2025-2386 SQL Injection vulnerability in PHPgurukul Local Services Search Engine Management System 1.0
A vulnerability was found in PHPGurukul Local Services Search Engine Management System 1.0 and classified as critical.
network
low complexity
phpgurukul CWE-89
critical
 9.8
9.8
2025-03-17 CVE-2025-2383 SQL Injection vulnerability in PHPgurukul Doctor Appointment Management System 1.0.0
A vulnerability, which was classified as critical, has been found in PHPGurukul Doctor Appointment Management System 1.0.
network
low complexity
phpgurukul CWE-89
critical
 9.8
9.8
2025-03-17 CVE-2025-2369 Stack-based Buffer Overflow vulnerability in Totolink Ex1800T Firmware 9.1.0Cu.2112B20220316
A vulnerability was found in TOTOLINK EX1800T up to 9.1.0cu.2112_B20220316.
network
low complexity
totolink CWE-121
critical
 9.8
9.8
2025-03-17 CVE-2025-2370 Stack-based Buffer Overflow vulnerability in Totolink Ex1800T Firmware 9.1.0Cu.2112B20220316
A vulnerability was found in TOTOLINK EX1800T up to 9.1.0cu.2112_B20220316.
network
low complexity
totolink CWE-121
critical
 9.8
9.8