Vulnerabilities > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2025-03-15 | CVE-2025-1771 | PHP Remote File Inclusion vulnerability in Shinecommerce Traveler The Traveler theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.8 via the 'hotel_alone_load_more_post' function 'style' parameter. | 9.8 |
2025-03-14 | CVE-2025-29384 | Out-of-bounds Write vulnerability in Tenda AC9 Firmware 15.03.05.14 In Tenda AC9 v1.0 V15.03.05.14_multi, the wanMTU parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution. | 9.8 |
2025-03-14 | CVE-2025-29385 | Out-of-bounds Write vulnerability in Tenda AC9 Firmware 15.03.05.14 In Tenda AC9 v1.0 V15.03.05.14_multi, the cloneType parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution. | 9.8 |
2025-03-14 | CVE-2025-29386 | Out-of-bounds Write vulnerability in Tenda AC9 Firmware 15.03.05.14 In Tenda AC9 v1.0 V15.03.05.14_multi, the mac parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution. | 9.8 |
2025-03-14 | CVE-2025-29029 | Out-of-bounds Write vulnerability in Tenda AC6 Firmware 15.03.05.16 Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the formSetSpeedWan function. | 9.8 |
2025-03-14 | CVE-2025-29030 | Out-of-bounds Write vulnerability in Tenda AC6 Firmware 15.03.05.16 Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the formWifiWpsOOB function. | 9.8 |
2025-03-14 | CVE-2025-29031 | Out-of-bounds Write vulnerability in Tenda AC6 Firmware 15.03.05.16 Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the fromAddressNat function. | 9.8 |
2025-03-14 | CVE-2025-2000 | A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY formats < 13. | 9.8 |
2025-03-14 | CVE-2025-2232 | Improper Privilege Management vulnerability in Purethemes Realteo 1.2.4 The Realteo - Real Estate Plugin by Purethemes plugin for WordPress, used by the Findeo Theme, is vulnerable to authentication bypass in all versions up to, and including, 1.2.8. | 9.8 |
2025-03-14 | CVE-2024-13321 | SQL Injection vulnerability in Analyticswp The AnalyticsWP plugin for WordPress is vulnerable to SQL Injection via the 'custom_sql' parameter in all versions up to, and including, 2.0.0 due to insufficient authorization checks on the handle_get_stats() function. | 9.8 |