Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2025-01-30 CVE-2025-0873 SQL Injection vulnerability in Angeljudesuarez Tailoring Management System 1.0
A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0.
network
low complexity
angeljudesuarez CWE-89
critical
 9.8
9.8
2025-01-30 CVE-2025-0872 SQL Injection vulnerability in Angeljudesuarez Tailoring Management System 1.0
A vulnerability classified as critical has been found in itsourcecode Tailoring Management System 1.0.
network
low complexity
angeljudesuarez CWE-89
critical
 9.8
9.8
2025-01-30 CVE-2024-12822 Missing Authorization vulnerability in Userproplugin Media Manager
The Media Manager for UserPro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the add_capto_img() function in all versions up to, and including, 3.11.0.
network
low complexity
userproplugin CWE-862
critical
 9.8
9.8
2025-01-30 CVE-2024-13720 Path Traversal vulnerability in Ivanm WP Image Uploader
The WP Image Uploader plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the gky_image_uploader_main_function() function in all versions up to, and including, 1.0.1.
network
low complexity
ivanm CWE-22
critical
 9.1
9.1
2025-01-30 CVE-2024-13742 Deserialization of Untrusted Data vulnerability in Icontrolwp
The iControlWP – Multiple WordPress Site Manager plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.5 via deserialization of untrusted input from the reqpars parameter.
network
low complexity
icontrolwp CWE-502
critical
 9.8
9.8
2025-01-30 CVE-2025-0847 SQL Injection vulnerability in 1000Projects Employee Task Management System 1.0
A vulnerability was found in 1000 Projects Employee Task Management System 1.0.
network
low complexity
1000projects CWE-89
critical
 9.8
9.8
2025-01-30 CVE-2025-0848 Stack-based Buffer Overflow vulnerability in Tenda A18 Firmware 15.13.07.09
A vulnerability was found in Tenda A18 up to 15.13.07.09.
network
low complexity
tenda CWE-121
critical
 9.8
9.8
2025-01-30 CVE-2025-0846 SQL Injection vulnerability in 1000Projects Employee Task Management System 1.0
A vulnerability was found in 1000 Projects Employee Task Management System 1.0.
network
low complexity
1000projects CWE-89
critical
 9.8
9.8
2025-01-29 CVE-2025-0843 SQL Injection vulnerability in Needyamin Library Card System 1.0
A vulnerability was found in needyamin Library Card System 1.0.
network
low complexity
needyamin CWE-89
critical
 9.8
9.8
2025-01-29 CVE-2025-0842 SQL Injection vulnerability in Needyamin Library Card System 1.0
A vulnerability was found in needyamin Library Card System 1.0 and classified as critical.
network
low complexity
needyamin CWE-89
critical
 9.8
9.8