Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2025-03-06 CVE-2025-2046 Unspecified vulnerability in Mayurik Best Employee Management System 1.0
A vulnerability was found in SourceCodester Best Employee Management System 1.0 and classified as critical.
network
low complexity
mayurik
critical
 9.8
9.8
2025-03-06 CVE-2024-12144 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Finder Fire Safety Finder ERP/CRM (Old System) allows SQL Injection.This issue affects Finder ERP/CRM (Old System): before 18.12.2024.
network
low complexity
CWE-89
critical
 9.8
9.8
2025-03-05 CVE-2024-12097 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Boceksoft Informatics E-Travel allows SQL Injection.This issue affects E-Travel: before 15.12.2024.
network
low complexity
CWE-89
critical
 9.8
9.8
2025-03-05 CVE-2024-13147 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Merkur Software B2B Login Panel allows SQL Injection.This issue affects B2B Login Panel: before 15.01.2025.
network
low complexity
CWE-89
critical
 9.8
9.8
2025-03-05 CVE-2024-11951 The Homey Login Register plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.0.
network
low complexity
CWE-269
critical
 9.8
9.8
2025-03-05 CVE-2024-12281 The Homey theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.2.
network
low complexity
CWE-269
critical
 9.8
9.8
2025-03-05 CVE-2024-13787 The VEDA - MultiPurpose WordPress Theme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.2 via deserialization of untrusted input in the 'veda_backup_and_restore_action' function.
network
low complexity
CWE-502
critical
 9.8
9.8
2025-03-05 CVE-2025-1515 The WP Real Estate Manager plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.8.
network
low complexity
CWE-288
critical
 9.8
9.8
2025-03-05 CVE-2025-1393 An unauthenticated remote attacker can use hard-coded credentials to gain full administration privileges on the affected product.
network
low complexity
CWE-798
critical
 9.8
9.8
2025-03-05 CVE-2025-1966 Unspecified vulnerability in PHPgurukul Pre-School Enrollment System 1.0
A vulnerability classified as critical was found in PHPGurukul Pre-School Enrollment System 1.0.
network
low complexity
phpgurukul
critical
 9.8
9.8