Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-19 | CVE-2024-38337 | IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, and 6.2.0.0 could allow an unauthorized attacker to retrieve or alter sensitive information contents due to incorrect permission assignments. | 9.1 |
| 2025-01-19 | CVE-2024-41783 | IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, and 6.2.0.0 could allow a privileged user to inject commands into the underlying operating system due to improper validation of a specified type of input. network low complexity critical | 9.1 |
| 2025-01-19 | CVE-2025-0561 | SQL Injection vulnerability in Angeljudesuarez Farm Management System 1.0 A vulnerability has been found in itsourcecode Farm Management System 1.0 and classified as critical. | 9.8 |
| 2025-01-18 | CVE-2024-13375 | The Adifier System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.1.7. | 9.8 |
| 2025-01-17 | CVE-2025-0540 | SQL Injection vulnerability in Angeljudesuarez Tailoring Management System 1.0 A vulnerability has been found in itsourcecode Tailoring Management System 1.0 and classified as critical. | 9.8 |
| 2025-01-16 | CVE-2024-57575 | Out-of-bounds Write vulnerability in Tenda Ac18 Firmware 15.03.05.19 Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function. | 9.8 |
| 2025-01-16 | CVE-2024-57583 | Command Injection vulnerability in Tenda Ac18 Firmware 15.03.05.19 Tenda AC18 V15.03.05.19 was discovered to contain a command injection vulnerability via the usbName parameter in the formSetSambaConf function. | 9.8 |
| 2025-01-16 | CVE-2024-50563 | Unspecified vulnerability in Fortinet products A weak authentication in Fortinet FortiManager Cloud, FortiAnalyzer versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-force attack. | 9.8 |
| 2025-01-16 | CVE-2024-48885 | Path Traversal vulnerability in Fortinet products A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiRecorder versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4, FortiWeb versions 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.10, 6.4.0 through 6.4.3, FortiVoice versions 7.0.0 through 7.0.4, 6.4.0 through 6.4.9, 6.0.0 through 6.0.12 allows attacker to escalate privilege via specially crafted packets. | 9.1 |
| 2025-01-16 | CVE-2025-0455 | The airPASS from NetVision Information has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. | 9.8 |