Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-13 | CVE-2024-13182 | The WP Directorybox Manager plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.5. | 9.8 |
| 2025-02-13 | CVE-2024-10763 | The Campress theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.35 via the 'campress_woocommerce_get_ajax_products' function. | 9.8 |
| 2025-02-12 | CVE-2025-0108 | Missing Authentication for Critical Function vulnerability in Paloaltonetworks Pan-Os An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. | 9.1 |
| 2025-02-12 | CVE-2025-25343 | Classic Buffer Overflow vulnerability in Tenda AC6 Firmware 15.03.05.16 Tenda AC6 V15.03.05.16 firmware has a buffer overflow vulnerability in the formexeCommand function. | 9.8 |
| 2025-02-12 | CVE-2025-25742 | Out-of-bounds Write vulnerability in Dlink Dir-853 Firmware 1.20B07 D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the AccountPassword parameter in the SetSysEmailSettings module. | 9.8 |
| 2025-02-12 | CVE-2025-25744 | Out-of-bounds Write vulnerability in Dlink Dir-853 Firmware 1.20B07 D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the Password parameter in the SetDynamicDNSSettings module. | 9.8 |
| 2025-02-12 | CVE-2025-0332 | Path Traversal vulnerability in Telerik UI for Winforms In Progress® Telerik® UI for WinForms, versions prior to 2025 Q1 (2025.1.211), using the improper limitation of a target path can lead to decompressing an archive's content into a restricted directory. | 9.8 |
| 2025-02-12 | CVE-2025-25349 | SQL Injection vulnerability in PHPgurukul Daily Expense Tracker System 1.1 PHPGurukul Daily Expense Tracker System v1.1 is vulnerable to SQL Injection in /dets/add-expense.php via the costitem parameter. | 9.8 |
| 2025-02-12 | CVE-2025-25351 | SQL Injection vulnerability in PHPgurukul Daily Expense Tracker System 1.1 PHPGurukul Daily Expense Tracker System v1.1 is vulnerable to SQL Injection in /dets/add-expense.php via the dateexpense parameter. | 9.8 |
| 2025-02-12 | CVE-2024-13477 | SQL Injection vulnerability in Enituretechnology LTL Freight Quotes The LTL Freight Quotes – Unishippers Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' parameter in all versions up to, and including, 2.5.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 9.8 |