| 2025-03-20 | CVE-2024-8898 | Unspecified vulnerability in Lollms web UI 12
A path traversal vulnerability exists in the `install` and `uninstall` API endpoints of parisneo/lollms-webui version V12 (Strawberry). network low complexity lollms critical | 9.8 |
| 2025-03-20 | CVE-2024-8953 | Improper Control of Dynamically-Managed Code Resources vulnerability in Composio 0.4.3
In composiohq/composio version 0.4.3, the mathematical_calculator endpoint uses the unsafe eval() function to perform mathematical operations. | 9.8 |
| 2025-03-20 | CVE-2024-8958 | Unspecified vulnerability in Composio 0.4.3
In composiohq/composio version 0.4.3, there is an unrestricted file write and read vulnerability in the filetools actions. network low complexity composio critical | 9.8 |
| 2025-03-20 | CVE-2025-0655 | OS Command Injection vulnerability in MAN D-Tale 3.15.1
A vulnerability in man-group/dtale versions 3.15.1 allows an attacker to override global state settings to enable the `enable_custom_filters` feature, which is typically restricted to trusted environments. | 9.8 |
| 2025-03-20 | CVE-2024-12016 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CM Informatics CM News allows SQL Injection.This issue affects CM News: through 6.0. NOTE: The vendor was contacted and it was learned that the product is not supported. network low complexity CWE-89 critical | 9.8 |
| 2025-03-20 | CVE-2025-2505 | The Age Gate plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 3.5.3 via the 'lang' parameter. network low complexity CWE-22 critical | 9.8 |
| 2025-03-19 | CVE-2024-13442 | The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.0. network low complexity CWE-288 critical | 9.8 |
| 2025-03-19 | CVE-2025-2512 | The File Away plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check and missing file type validation in the upload() function in all versions up to, and including, 3.9.9.0.1. network low complexity CWE-434 critical | 9.8 |
| 2025-03-19 | CVE-2024-13790 | The MinimogWP – The High Converting eCommerce WordPress Theme theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.7.0 via the 'template' parameter. network low complexity CWE-98 critical | 9.8 |
| 2025-03-19 | CVE-2024-13410 | The CozyStay and TinySalt plugins for WordPress are vulnerable to PHP Object Injection in all versions up to, and including, 1.7.0, and in all versions up to, and including 3.9.0, respectively, via deserialization of untrusted input in the 'ajax_handler' function. network low complexity CWE-502 critical | 9.8 |