Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-07 | CVE-2025-2097 | Out-of-bounds Write vulnerability in Totolink Ex1800T Firmware 9.1.0Cu.2112B20220316 A vulnerability, which was classified as critical, has been found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. | 9.8 |
| 2025-03-07 | CVE-2025-2094 | OS Command Injection vulnerability in Totolink Ex1800T Firmware 9.1.0Cu.2112B20220316 A vulnerability was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. | 9.8 |
| 2025-03-07 | CVE-2025-2095 | OS Command Injection vulnerability in Totolink Ex1800T Firmware 9.1.0Cu.2112B20220316 A vulnerability classified as critical has been found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. | 9.8 |
| 2025-03-07 | CVE-2025-2096 | OS Command Injection vulnerability in Totolink Ex1800T Firmware 9.1.0Cu.2112B20220316 A vulnerability classified as critical was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. | 9.8 |
| 2025-03-07 | CVE-2025-2088 | Injection vulnerability in PHPgurukul Pre-School Enrollment System 1.0 A vulnerability, which was classified as critical, was found in PHPGurukul Pre-School Enrollment System up to 1.0. | 9.8 |
| 2025-03-07 | CVE-2024-12876 | Missing Authorization vulnerability in Uxper Golo The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.10. | 9.8 |
| 2025-03-07 | CVE-2024-13904 | Server-Side Request Forgery (SSRF) vulnerability in Platformly Platform.Ly for Woocommerce The Platform.ly for WooCommerce plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.6 via the 'hooks' function. | 9.1 |
| 2025-03-07 | CVE-2025-1315 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Sfwebservice Injob The InWave Jobs plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 3.5.1. | 9.8 |
| 2025-03-07 | CVE-2025-1475 | The WPCOM Member plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.7.5. | 9.8 |
| 2025-03-06 | CVE-2024-12144 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Finder Fire Safety Finder ERP/CRM (Old System) allows SQL Injection.This issue affects Finder ERP/CRM (Old System): before 18.12.2024. | 9.8 |