Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-29 | CVE-2025-0803 | SQL Injection vulnerability in Gymmanagementsystem GYM Management System 1.0 A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0. | 9.8 |
| 2025-01-28 | CVE-2024-13448 | Unrestricted Upload of File with Dangerous Type vulnerability in Themerex Addons The ThemeREX Addons plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'trx_addons_uploads_save_data' function in all versions up to, and including, 2.32.3. | 9.8 |
| 2025-01-27 | CVE-2024-54512 | Unspecified vulnerability in Apple Watchos The issue was addressed by removing the relevant flags. | 9.1 |
| 2025-01-27 | CVE-2024-55227 | Cross-site Scripting vulnerability in Dolibarr Erp/Crm 21.0.0 A cross-site scripting (XSS) vulnerability in the Events/Agenda module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter. | 9.0 |
| 2025-01-27 | CVE-2024-55228 | Cross-site Scripting vulnerability in Dolibarr Erp/Crm 21.0.0 A cross-site scripting (XSS) vulnerability in the Product module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter. | 9.0 |
| 2025-01-25 | CVE-2025-0357 | The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'WPB_Profile_controller::handle_image_upload' function in versions up to, and including, 1.6.9. | 9.8 |
| 2025-01-24 | CVE-2025-24596 | Missing Authorization vulnerability in Wcproducttable Woocommerce Product Table Missing Authorization vulnerability in WC Product Table WooCommerce Product Table Lite allows Exploiting Incorrectly Configured Access Control Security Levels. | 9.8 |
| 2025-01-24 | CVE-2024-13545 | Unspecified vulnerability in G5Plus Ultimate Bootstrap Elements for Elementor The Bootstrap Ultimate theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.9 via the path parameter. | 9.8 |
| 2025-01-23 | CVE-2023-46400 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Kwhotel 0.47 KWHotel 0.47 is vulnerable to CSV Formula Injection in the add guest function. | 9.8 |
| 2025-01-23 | CVE-2023-46401 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Kwhotel 0.47 KWHotel 0.47 is vulnerable to CSV Formula Injection in the invoice adding function. | 9.8 |