Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-29 | CVE-2023-35907 | Weak Password Requirements vulnerability in IBM Aspera Faspex IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 9.8 |
| 2025-01-29 | CVE-2023-37398 | Weak Password Requirements vulnerability in IBM Aspera Faspex IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 9.8 |
| 2025-01-29 | CVE-2025-0803 | SQL Injection vulnerability in Gymmanagementsystem GYM Management System 1.0 A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0. | 9.8 |
| 2025-01-28 | CVE-2024-13448 | Unrestricted Upload of File with Dangerous Type vulnerability in Themerex Addons The ThemeREX Addons plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'trx_addons_uploads_save_data' function in all versions up to, and including, 2.32.3. | 9.8 |
| 2025-01-28 | CVE-2023-50316 | SQL Injection vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 is vulnerable to SQL injection. | 9.8 |
| 2025-01-27 | CVE-2024-54512 | Unspecified vulnerability in Apple Watchos The issue was addressed by removing the relevant flags. | 9.1 |
| 2025-01-27 | CVE-2025-24154 | Out-of-bounds Write vulnerability in Apple products An out-of-bounds write was addressed with improved input validation. | 9.1 |
| 2025-01-27 | CVE-2024-55227 | Cross-site Scripting vulnerability in Dolibarr Erp/Crm 21.0.0 A cross-site scripting (XSS) vulnerability in the Events/Agenda module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter. | 9.0 |
| 2025-01-27 | CVE-2024-55228 | Cross-site Scripting vulnerability in Dolibarr Erp/Crm 21.0.0 A cross-site scripting (XSS) vulnerability in the Product module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter. | 9.0 |
| 2025-01-25 | CVE-2025-0357 | The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'WPB_Profile_controller::handle_image_upload' function in versions up to, and including, 1.6.9. | 9.8 |