Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2025-04-06 CVE-2025-3308 SQL Injection vulnerability in Adonesevangelista Online Blood Bank Management System 1.0
A vulnerability was found in code-projects Blood Bank Management System 1.0.
network
low complexity
adonesevangelista CWE-89
critical
9.8
2025-04-06 CVE-2025-3307 SQL Injection vulnerability in Code-Projects Blood Bank Management System 1.0
A vulnerability was found in code-projects Blood Bank Management System 1.0.
network
low complexity
code-projects CWE-89
critical
9.8
2025-04-06 CVE-2025-3306 SQL Injection vulnerability in Code-Projects Blood Bank Management System 1.0
A vulnerability was found in code-projects Blood Bank Management System 1.0 and classified as critical.
network
low complexity
code-projects CWE-89
critical
9.8
2025-04-05 CVE-2025-2941 The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation via the wc-upload-file[] parameter in all versions up to, and including, 1.1.4.
network
low complexity
CWE-22
critical
9.8
2025-04-04 CVE-2025-3268 Unspecified vulnerability in Qinguoyi Tinywebserver
A vulnerability has been found in qinguoyi TinyWebServer up to 1.0 and classified as critical.
network
low complexity
qinguoyi
critical
9.8
2025-04-04 CVE-2025-3265 Injection vulnerability in PHPgurukul E-Diary Management System 1.0
A vulnerability classified as critical was found in PHPGurukul e-Diary Management System 1.0.
network
low complexity
phpgurukul CWE-74
critical
9.8
2025-04-04 CVE-2025-3266 Stack-based Buffer Overflow vulnerability in Qinguoyi Tinywebserver 1.0
A vulnerability, which was classified as critical, has been found in qinguoyi TinyWebServer up to 1.0.
network
low complexity
qinguoyi CWE-121
critical
9.8
2025-04-04 CVE-2025-2798 The Woffice CRM theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.4.21.
network
low complexity
CWE-269
critical
9.8
2025-04-04 CVE-2025-3245 SQL Injection vulnerability in Angeljudesuarez Library Management System
A vulnerability was found in itsourcecode Library Management System 1.0.
network
low complexity
angeljudesuarez CWE-89
critical
9.8
2025-04-04 CVE-2025-2780 The Woffice Core plugin for WordPress, used by the Woffice Theme, is vulnerable to arbitrary file uploads due to missing file type validation in the 'saveFeaturedImage' function in all versions up to, and including, 5.4.21.
network
low complexity
CWE-434
critical
9.8