Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2025-03-22 CVE-2025-2626 SQL Injection vulnerability in Mayurik Advocate Office Management System 1.0
A vulnerability classified as critical was found in SourceCodester Kortex Lite Advocate Office Management System 1.0.
network
low complexity
mayurik CWE-89
critical
9.8
2025-03-22 CVE-2025-2627 SQL Injection vulnerability in PHPgurukul ART Gallery Management System 1.0
A vulnerability, which was classified as critical, has been found in PHPGurukul Art Gallery Management System 1.0.
network
low complexity
phpgurukul CWE-89
critical
9.8
2025-03-22 CVE-2025-2621 Out-of-bounds Write vulnerability in Dlink Dap-1620 Firmware 1.03
A vulnerability was found in D-Link DAP-1620 1.03 and classified as critical.
network
low complexity
dlink CWE-787
critical
9.8
2025-03-22 CVE-2025-30472 Out-of-bounds Write vulnerability in Corosync
Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet.
network
low complexity
corosync CWE-787
critical
9.8
2025-03-21 CVE-2025-2589 Missing Authorization vulnerability in Code-Projects Human Resource Management 1.0.1
A vulnerability was found in code-projects Human Resource Management System 1.0.1 and classified as critical.
network
low complexity
code-projects CWE-862
critical
9.8
2025-03-21 CVE-2025-26336 Stack-based Buffer Overflow vulnerability in Dell products
Dell Chassis Management Controller Firmware for Dell PowerEdge FX2, version(s) prior to 2.40.200.202101130302, and Dell Chassis Management Controller Firmware for Dell PowerEdge VRTX version(s) prior to 3.41.200.202209300499, contain(s) a Stack-based Buffer Overflow vulnerability.
network
low complexity
dell CWE-121
critical
9.8
2025-03-21 CVE-2025-29814 Improper authorization in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.
network
low complexity
CWE-20
critical
9.3
2025-03-20 CVE-2024-12450 Server-Side Request Forgery (SSRF) vulnerability in Infiniflow Ragflow 0.12.0
In infiniflow/ragflow versions 0.12.0, the `web_crawl` function in `document_app.py` contains multiple vulnerabilities.
network
low complexity
infiniflow CWE-918
critical
9.8
2025-03-20 CVE-2024-4990 Unspecified vulnerability in Yiiframework YII 2.0.48
In yiisoft/yii2 version 2.0.48, the base Component class contains a vulnerability where the `__set()` magic method does not validate that the value passed is a valid Behavior class name or configuration.
network
low complexity
yiiframework
critical
9.1
2025-03-20 CVE-2024-7053 Unspecified vulnerability in Openwebui Open Webui 0.3.8
A vulnerability in open-webui/open-webui version 0.3.8 allows an attacker with a user-level account to perform a session fixation attack.
network
low complexity
openwebui
critical
9.0