Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2025-03-20 CVE-2024-8898 Unspecified vulnerability in Lollms web UI 12
A path traversal vulnerability exists in the `install` and `uninstall` API endpoints of parisneo/lollms-webui version V12 (Strawberry).
network
low complexity
lollms
critical
9.8
2025-03-20 CVE-2024-8953 Improper Control of Dynamically-Managed Code Resources vulnerability in Composio 0.4.3
In composiohq/composio version 0.4.3, the mathematical_calculator endpoint uses the unsafe eval() function to perform mathematical operations.
network
low complexity
composio CWE-913
critical
9.8
2025-03-20 CVE-2024-8958 Unspecified vulnerability in Composio 0.4.3
In composiohq/composio version 0.4.3, there is an unrestricted file write and read vulnerability in the filetools actions.
network
low complexity
composio
critical
9.8
2025-03-20 CVE-2025-0655 OS Command Injection vulnerability in MAN D-Tale 3.15.1
A vulnerability in man-group/dtale versions 3.15.1 allows an attacker to override global state settings to enable the `enable_custom_filters` feature, which is typically restricted to trusted environments.
network
low complexity
man CWE-78
critical
9.8
2025-03-20 CVE-2024-12016 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CM Informatics CM News allows SQL Injection.This issue affects CM News: through 6.0. NOTE: The vendor was contacted and it was learned that the product is not supported.
network
low complexity
CWE-89
critical
9.8
2025-03-20 CVE-2025-2505 The Age Gate plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 3.5.3 via the 'lang' parameter.
network
low complexity
CWE-22
critical
9.8
2025-03-19 CVE-2024-13442 The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.0.
network
low complexity
CWE-288
critical
9.8
2025-03-19 CVE-2025-2512 The File Away plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check and missing file type validation in the upload() function in all versions up to, and including, 3.9.9.0.1.
network
low complexity
CWE-434
critical
9.8
2025-03-19 CVE-2024-13790 The MinimogWP – The High Converting eCommerce WordPress Theme theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.7.0 via the 'template' parameter.
network
low complexity
CWE-98
critical
9.8
2025-03-19 CVE-2024-13410 The CozyStay and TinySalt plugins for WordPress are vulnerable to PHP Object Injection in all versions up to, and including, 1.7.0, and in all versions up to, and including 3.9.0, respectively, via deserialization of untrusted input in the 'ajax_handler' function.
network
low complexity
CWE-502
critical
9.8