Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-12 | CVE-2025-26372 | Missing Authorization vulnerability in Q-Free Maxtime A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove users from groups via crafted HTTP requests. | 8.1 |
| 2025-02-12 | CVE-2025-26375 | Missing Authorization vulnerability in Q-Free Maxtime A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to create users with arbitrary privileges via crafted HTTP requests. | 8.8 |
| 2025-02-12 | CVE-2025-26378 | Missing Authorization vulnerability in Q-Free Maxtime A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to reset passwords, including the ones of administrator accounts, via crafted HTTP requests. | 8.8 |
| 2025-02-12 | CVE-2025-1197 | SQL Injection vulnerability in Fabianros Real Estate Property Management System 1.0 A vulnerability has been found in code-projects Real Estate Property Management System 1.0 and classified as critical. | 7.5 |
| 2025-02-12 | CVE-2024-10960 | Unrestricted Upload of File with Dangerous Type vulnerability in Brizy The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'storeUploads' function in all versions up to, and including, 2.6.4. | 8.8 |
| 2025-02-12 | CVE-2024-13480 | SQL Injection vulnerability in Eniture LTL Freight Quotes The LTL Freight Quotes – For Customers of FedEx Freight plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 3.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
| 2025-02-12 | CVE-2024-13532 | SQL Injection vulnerability in Eniture Small Package Quotes The Small Package Quotes – Purolator Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
| 2025-02-12 | CVE-2025-1191 | SQL Injection vulnerability in Janobe Multi Restaurant Table Reservation System 1.0 A vulnerability was found in SourceCodester Multi Restaurant Table Reservation System 1.0 and classified as critical. | 8.8 |
| 2025-02-12 | CVE-2025-1192 | SQL Injection vulnerability in Janobe Multi Restaurant Table Reservation System 1.0 A vulnerability was found in SourceCodester Multi Restaurant Table Reservation System 1.0. | 8.8 |
| 2025-02-12 | CVE-2024-12296 | Missing Authorization vulnerability in Apusthemes Superio The Apus Framework plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'import_page_options' function in all versions up to, and including, 2.3. | 8.8 |