Vulnerabilities > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2025-01-09 | CVE-2025-0347 | SQL Injection vulnerability in Anisha Admission Management System 1.0 A vulnerability was found in code-projects Admission Management System 1.0. | 9.8 |
2025-01-09 | CVE-2025-0341 | Unrestricted Upload of File with Dangerous Type vulnerability in Campcodes Computer Laboratory Management System 1.0 A vulnerability, which was classified as critical, has been found in CampCodes Computer Laboratory Management System 1.0. | 9.8 |
2025-01-09 | CVE-2024-53704 | Unspecified vulnerability in Sonicwall Sonicos An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication. | 9.8 |
2025-01-09 | CVE-2025-0336 | SQL Injection vulnerability in Codezips Project Management System 1.0 A vulnerability was found in Codezips Project Management System 1.0. | 9.8 |
2025-01-09 | CVE-2025-0340 | SQL Injection vulnerability in Code-Projects Cinema Seat Reservation System 1.0 A vulnerability classified as critical was found in code-projects Cinema Seat Reservation System 1.0. | 9.8 |
2025-01-09 | CVE-2025-0335 | Unrestricted Upload of File with Dangerous Type vulnerability in Fabianros Online Bike Rental System 1.0 A vulnerability was found in code-projects Online Bike Rental System 1.0 and classified as critical. | 9.8 |
2025-01-08 | CVE-2025-0282 | Out-of-bounds Write vulnerability in Ivanti products A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution. | 9.0 |
2025-01-08 | CVE-2024-11350 | The AdForest theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.1.6. | 9.8 |
2025-01-08 | CVE-2024-54676 | Unspecified vulnerability in Apache Openmeetings Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0 Description: Default clustering instructions at https://openmeetings.apache.org/Clustering.html doesn't specify white/black lists for OpenJPA this leads to possible deserialisation of untrusted data. Users are recommended to upgrade to version 8.0.0 and update their startup scripts to include the relevant 'openjpa.serialization.class.blacklist' and 'openjpa.serialization.class.whitelist' configurations as shown in the documentation. | 9.8 |
2025-01-08 | CVE-2024-11635 | Code Injection vulnerability in Iptanus Wordpress File Upload The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.12 via the 'wfu_ABSPATH' cookie parameter. | 9.8 |