Vulnerabilities > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2025-03-22 | CVE-2025-2626 | SQL Injection vulnerability in Mayurik Advocate Office Management System 1.0 A vulnerability classified as critical was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. | 9.8 |
2025-03-22 | CVE-2025-2627 | SQL Injection vulnerability in PHPgurukul ART Gallery Management System 1.0 A vulnerability, which was classified as critical, has been found in PHPGurukul Art Gallery Management System 1.0. | 9.8 |
2025-03-22 | CVE-2025-2621 | Out-of-bounds Write vulnerability in Dlink Dap-1620 Firmware 1.03 A vulnerability was found in D-Link DAP-1620 1.03 and classified as critical. | 9.8 |
2025-03-22 | CVE-2025-30472 | Out-of-bounds Write vulnerability in Corosync Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet. | 9.8 |
2025-03-21 | CVE-2025-2589 | Missing Authorization vulnerability in Code-Projects Human Resource Management 1.0.1 A vulnerability was found in code-projects Human Resource Management System 1.0.1 and classified as critical. | 9.8 |
2025-03-21 | CVE-2025-26336 | Stack-based Buffer Overflow vulnerability in Dell products Dell Chassis Management Controller Firmware for Dell PowerEdge FX2, version(s) prior to 2.40.200.202101130302, and Dell Chassis Management Controller Firmware for Dell PowerEdge VRTX version(s) prior to 3.41.200.202209300499, contain(s) a Stack-based Buffer Overflow vulnerability. | 9.8 |
2025-03-21 | CVE-2025-29814 | Improper authorization in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network. | 9.3 |
2025-03-20 | CVE-2024-12450 | Server-Side Request Forgery (SSRF) vulnerability in Infiniflow Ragflow 0.12.0 In infiniflow/ragflow versions 0.12.0, the `web_crawl` function in `document_app.py` contains multiple vulnerabilities. | 9.8 |
2025-03-20 | CVE-2024-4990 | Unspecified vulnerability in Yiiframework YII 2.0.48 In yiisoft/yii2 version 2.0.48, the base Component class contains a vulnerability where the `__set()` magic method does not validate that the value passed is a valid Behavior class name or configuration. | 9.1 |
2025-03-20 | CVE-2024-7053 | Unspecified vulnerability in Openwebui Open Webui 0.3.8 A vulnerability in open-webui/open-webui version 0.3.8 allows an attacker with a user-level account to perform a session fixation attack. | 9.0 |