Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-12 | CVE-2025-25351 | SQL Injection vulnerability in PHPgurukul Daily Expense Tracker System 1.1 PHPGurukul Daily Expense Tracker System v1.1 is vulnerable to SQL Injection in /dets/add-expense.php via the dateexpense parameter. | 9.8 |
| 2025-02-12 | CVE-2024-13477 | SQL Injection vulnerability in Eniture LTL Freight Quotes The LTL Freight Quotes – Unishippers Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' parameter in all versions up to, and including, 2.5.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 9.8 |
| 2025-02-12 | CVE-2024-12213 | Incorrect Privilege Assignment vulnerability in Apusthemes Superio The WP Job Board Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.2.76. | 9.8 |
| 2025-02-12 | CVE-2025-1188 | SQL Injection vulnerability in Codezips GYM Management System 1.0 A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0. | 9.8 |
| 2025-02-12 | CVE-2025-1183 | SQL Injection vulnerability in Codezips GYM Management System 1.0 A vulnerability has been found in CodeZips Gym Management System 1.0 and classified as critical. | 9.8 |
| 2025-02-12 | CVE-2025-26520 | Unspecified vulnerability in Cacti 1.2.27/1.2.28 Cacti through 1.2.29 allows SQL injection in the template function in host_templates.php via the graph_template parameter. | 9.8 |
| 2025-02-12 | CVE-2024-13421 | Unspecified vulnerability in Contempothemes Real Estate 7 The Real Estate 7 WordPress theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.1. | 9.8 |
| 2025-02-11 | CVE-2025-1044 | Unspecified vulnerability in Logsign Unified Secops Platform Logsign Unified SecOps Platform Authentication Bypass Vulnerability. | 9.8 |
| 2025-02-11 | CVE-2025-24434 | Incorrect Authorization vulnerability in Adobe Commerce and Commerce B2B Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in Privilege escalation. | 9.1 |
| 2025-02-11 | CVE-2025-24472 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Fortinet Fortios and Fortiproxy An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may allow a remote attacker to gain super-admin privileges via crafted CSF proxy requests. | 9.8 |