Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-12 | CVE-2025-1206 | SQL Injection vulnerability in Codezips GYM Management System 1.0 A vulnerability was found in Codezips Gym Management System 1.0. | 8.8 |
| 2025-02-12 | CVE-2024-57951 | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: hrtimers: Handle CPU state correctly on hotplug Consider a scenario where a CPU transitions from CPUHP_ONLINE to halfway through a CPU hotunplug down to CPUHP_HRTIMERS_PREPARE, and then back to CPUHP_ONLINE: Since hrtimers_prepare_cpu() does not run, cpu_base.hres_active remains set to 1 throughout. | 7.8 |
| 2025-02-12 | CVE-2025-1200 | Injection vulnerability in Mayurik Best Church Management Software 1.1 A vulnerability was found in SourceCodester Best Church Management Software 1.1. | 8.8 |
| 2025-02-12 | CVE-2025-26368 | Missing Authorization vulnerability in Q-Free Maxtime A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove user groups via crafted HTTP requests. | 8.1 |
| 2025-02-12 | CVE-2025-26371 | Missing Authorization vulnerability in Q-Free Maxtime A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to add users to groups via crafted HTTP requests. | 8.8 |
| 2025-02-12 | CVE-2025-26372 | Missing Authorization vulnerability in Q-Free Maxtime A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove users from groups via crafted HTTP requests. | 8.1 |
| 2025-02-12 | CVE-2025-26375 | Missing Authorization vulnerability in Q-Free Maxtime A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to create users with arbitrary privileges via crafted HTTP requests. | 8.8 |
| 2025-02-12 | CVE-2025-26378 | Missing Authorization vulnerability in Q-Free Maxtime A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to reset passwords, including the ones of administrator accounts, via crafted HTTP requests. | 8.8 |
| 2025-02-12 | CVE-2025-1197 | SQL Injection vulnerability in Fabianros Real Estate Property Management System 1.0 A vulnerability has been found in code-projects Real Estate Property Management System 1.0 and classified as critical. | 7.5 |
| 2025-02-12 | CVE-2024-10960 | Unrestricted Upload of File with Dangerous Type vulnerability in Brizy The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'storeUploads' function in all versions up to, and including, 2.6.4. | 8.8 |