Vulnerabilities > Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2025-03-22	CVE-2025-2626	SQL Injection vulnerability in Mayurik Advocate Office Management System 1.0 A vulnerability classified as critical was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. network low complexity mayurik CWE-89 critical	9.8
2025-03-22	CVE-2025-2627	SQL Injection vulnerability in PHPgurukul ART Gallery Management System 1.0 A vulnerability, which was classified as critical, has been found in PHPGurukul Art Gallery Management System 1.0. network low complexity phpgurukul CWE-89 critical	9.8
2025-03-22	CVE-2025-2621	Out-of-bounds Write vulnerability in Dlink Dap-1620 Firmware 1.03 A vulnerability was found in D-Link DAP-1620 1.03 and classified as critical. network low complexity dlink CWE-787 critical	9.8
2025-03-22	CVE-2025-30472	Out-of-bounds Write vulnerability in Corosync Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet. network low complexity corosync CWE-787 critical	9.8
2025-03-21	CVE-2025-2589	Missing Authorization vulnerability in Code-Projects Human Resource Management 1.0.1 A vulnerability was found in code-projects Human Resource Management System 1.0.1 and classified as critical. network low complexity code-projects CWE-862 critical	9.8
2025-03-21	CVE-2025-26336	Stack-based Buffer Overflow vulnerability in Dell products Dell Chassis Management Controller Firmware for Dell PowerEdge FX2, version(s) prior to 2.40.200.202101130302, and Dell Chassis Management Controller Firmware for Dell PowerEdge VRTX version(s) prior to 3.41.200.202209300499, contain(s) a Stack-based Buffer Overflow vulnerability. network low complexity dell CWE-121 critical	9.8
2025-03-21	CVE-2025-29814	Improper authorization in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network. network low complexity CWE-20 critical	9.3
2025-03-20	CVE-2024-12450	Server-Side Request Forgery (SSRF) vulnerability in Infiniflow Ragflow 0.12.0 In infiniflow/ragflow versions 0.12.0, the `web_crawl` function in `document_app.py` contains multiple vulnerabilities. network low complexity infiniflow CWE-918 critical	9.8
2025-03-20	CVE-2024-4990	Unspecified vulnerability in Yiiframework YII 2.0.48 In yiisoft/yii2 version 2.0.48, the base Component class contains a vulnerability where the `__set()` magic method does not validate that the value passed is a valid Behavior class name or configuration. network low complexity yiiframework critical	9.1
2025-03-20	CVE-2024-7053	Unspecified vulnerability in Openwebui Open Webui 0.3.8 A vulnerability in open-webui/open-webui version 0.3.8 allows an attacker with a user-level account to perform a session fixation attack. network low complexity openwebui critical	9.0

Vulnerabilities > Critical {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Critical"}]}

Vulnerabilities > Critical