Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-16 | CVE-2025-1355 | Unrestricted Upload of File with Dangerous Type vulnerability in Needyamin Library Card System 1.0 A vulnerability was found in needyamin Library Card System 1.0. | 9.8 |
| 2025-02-15 | CVE-2024-12562 | Deserialization of Untrusted Data vulnerability in S2Member The s2Member Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 241216 via deserialization of untrusted input from the 's2member_pro_remote_op' vulnerable parameter. | 9.8 |
| 2025-02-15 | CVE-2024-13513 | Missing Authorization vulnerability in Oliverpos Oliver POS The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.2.3 via the logging functionality. | 9.8 |
| 2025-02-14 | CVE-2024-13152 | Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in BSS Software Mobuy Online Machinery Monitoring Panel allows SQL Injection.This issue affects Mobuy Online Machinery Monitoring Panel: before 2.0. | 10.0 |
| 2025-02-13 | CVE-2025-1283 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Dingtian-Tech products The Dingtian DT-R0 Series is vulnerable to an exploit that allows attackers to bypass login requirements by directly navigating to the main page. | 9.8 |
| 2025-02-13 | CVE-2025-24861 | Command Injection vulnerability in Outbackpower Mojave Inverter Oghi8048A Firmware An attacker may inject commands via specially-crafted post requests. | 9.8 |
| 2025-02-13 | CVE-2025-24865 | Missing Authentication for Critical Function vulnerability in Myscada Mypro The administrative web interface of mySCADA myPRO Manager can be accessed without authentication which could allow an unauthorized attacker to retrieve sensitive information and upload files without the associated password. | 9.8 |
| 2025-02-13 | CVE-2025-25067 | OS Command Injection vulnerability in Myscada Mypro mySCADA myPRO Manager is vulnerable to an OS command injection which could allow a remote attacker to execute arbitrary OS commands. | 9.8 |
| 2025-02-13 | CVE-2024-13182 | The WP Directorybox Manager plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.5. | 9.8 |
| 2025-02-13 | CVE-2024-13345 | Code Injection vulnerability in Theme-Fusion Avada Builder The Avada Builder plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.11.13. | 9.8 |