Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2025-01-09 CVE-2025-0347 SQL Injection vulnerability in Anisha Admission Management System 1.0
A vulnerability was found in code-projects Admission Management System 1.0.
network
low complexity
anisha CWE-89
critical
9.8
2025-01-09 CVE-2025-0341 Unrestricted Upload of File with Dangerous Type vulnerability in Campcodes Computer Laboratory Management System 1.0
A vulnerability, which was classified as critical, has been found in CampCodes Computer Laboratory Management System 1.0.
network
low complexity
campcodes CWE-434
critical
9.8
2025-01-09 CVE-2024-53704 Unspecified vulnerability in Sonicwall Sonicos
An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.
network
low complexity
sonicwall
critical
9.8
2025-01-09 CVE-2025-0336 SQL Injection vulnerability in Codezips Project Management System 1.0
A vulnerability was found in Codezips Project Management System 1.0.
network
low complexity
codezips CWE-89
critical
9.8
2025-01-09 CVE-2025-0340 SQL Injection vulnerability in Code-Projects Cinema Seat Reservation System 1.0
A vulnerability classified as critical was found in code-projects Cinema Seat Reservation System 1.0.
network
low complexity
code-projects CWE-89
critical
9.8
2025-01-09 CVE-2025-0335 Unrestricted Upload of File with Dangerous Type vulnerability in Fabianros Online Bike Rental System 1.0
A vulnerability was found in code-projects Online Bike Rental System 1.0 and classified as critical.
network
low complexity
fabianros CWE-434
critical
9.8
2025-01-08 CVE-2025-0282 Out-of-bounds Write vulnerability in Ivanti products
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.
network
high complexity
ivanti CWE-787
critical
9.0
2025-01-08 CVE-2024-11350 The AdForest theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.1.6.
network
low complexity
CWE-640
critical
9.8
2025-01-08 CVE-2024-54676 Unspecified vulnerability in Apache Openmeetings
Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0 Description: Default clustering instructions at https://openmeetings.apache.org/Clustering.html  doesn't specify white/black lists for OpenJPA this leads to possible deserialisation of untrusted data. Users are recommended to upgrade to version 8.0.0 and update their startup scripts to include the relevant 'openjpa.serialization.class.blacklist' and 'openjpa.serialization.class.whitelist' configurations as shown in the documentation.
network
low complexity
apache
critical
9.8
2025-01-08 CVE-2024-11635 Code Injection vulnerability in Iptanus Wordpress File Upload
The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.12 via the 'wfu_ABSPATH' cookie parameter.
network
low complexity
iptanus CWE-94
critical
9.8