Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-23 | CVE-2024-55192 | Out-of-bounds Write vulnerability in Openimageio 3.1.0.0 OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via the component OpenImageIO_v3_1_0::farmhash::inlined::Fetch64(char const*). | 9.8 |
| 2025-01-23 | CVE-2024-55193 | Unspecified vulnerability in Openimageio 3.1.0.0 OpenImageIO v3.1.0.0dev was discovered to contain a segmentation violation via the component /OpenImageIO/string_view.h. | 9.8 |
| 2025-01-23 | CVE-2024-55194 | Out-of-bounds Write vulnerability in Openimageio 3.1.0.0 OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via the component /OpenImageIO/fmath.h. | 9.8 |
| 2025-01-23 | CVE-2024-57328 | SQL Injection vulnerability in Projectworlds Online Food Ordering System 1.0 A SQL Injection vulnerability exists in the login form of Online Food Ordering System v1.0. | 9.8 |
| 2025-01-23 | CVE-2025-23006 | Unspecified vulnerability in Sonicwall products Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands. | 9.8 |
| 2025-01-23 | CVE-2024-13234 | SQL Injection vulnerability in Woobewoo Product Table 1.9.5 The Product Table by WBW plugin for WordPress is vulnerable to SQL Injection via the 'additionalCondition' parameter in all versions up to, and including, 2.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 9.8 |
| 2025-01-22 | CVE-2024-12857 | Missing Authentication for Critical Function vulnerability in Scriptsbundle Adforest The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.8. | 9.8 |
| 2025-01-22 | CVE-2024-13091 | Unrestricted Upload of File with Dangerous Type vulnerability in Wpbot Wpot The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'qcld_wpcfb_file_upload' function in all versions up to, and including, 13.5.4. | 9.8 |
| 2025-01-20 | CVE-2024-45647 | Unspecified vulnerability in IBM products IBM Security Verify Access 10.0.0 through 10.0.8 and IBM Security Verify Access Docker 10.0.0 through 10.0.8 could allow could an unverified user to change the password of an expired user without prior knowledge of that password. | 9.8 |
| 2025-01-20 | CVE-2025-0585 | The a+HRD from aEnrich Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. | 9.8 |