Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2025-03-20 CVE-2025-0453 Unspecified vulnerability in Lfprojects Mlflow 2.17.2
In mlflow/mlflow version 2.17.2, the `/graphql` endpoint is vulnerable to a denial of service attack.
network
low complexity
lfprojects
7.5
7.5
2025-03-20 CVE-2025-1040 Unspecified vulnerability in Agpt Autogpt
AutoGPT versions 0.3.4 and earlier are vulnerable to a Server-Side Template Injection (SSTI) that could lead to Remote Code Execution (RCE).
network
low complexity
agpt
8.8
8.8
2025-03-20 CVE-2025-1451 Resource Exhaustion vulnerability in Lollms web UI 13
A vulnerability in parisneo/lollms-webui v13 arises from the server's handling of multipart boundaries in file uploads.
network
low complexity
lollms CWE-400
7.5
7.5
2025-03-20 CVE-2025-1770 The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.24 via the 'style' parameter.
network
low complexity
CWE-22
8.8
8.8
2025-03-19 CVE-2024-51459 IBM InfoSphere Information Server 11.7 could allow a local user to execute privileged commands due to the improper handling of permissions.
local
low complexity
CWE-280
8.4
8.4
2025-03-19 CVE-2025-29924 Incorrect Authorization vulnerability in Xwiki
XWiki Platform is a generic wiki platform.
network
low complexity
xwiki CWE-863
7.5
7.5
2025-03-19 CVE-2025-30154 Embedded Malicious Code vulnerability in Reviewdog products
reviewdog/action-setup is a GitHub action that installs reviewdog.
network
low complexity
reviewdog CWE-506
8.6
8.6
2025-03-19 CVE-2024-42176 Unspecified vulnerability in Hcltech Dryice Myxalytics 6.3/6.4
HCL MyXalytics is affected by concurrent login vulnerability.
network
low complexity
hcltech
8.0
8.0
2025-03-19 CVE-2024-12920 The FoodBakery | Delivery Restaurant Directory WordPress Theme theme for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the foodbakery_var_backup_file_delete, foodbakery_widget_file_delete, theme_option_save, export_widget_settings, ajax_import_widget_data, foodbakery_var_settings_backup_generate, foodbakery_var_backup_file_restore, and theme_option_rest_all functions in all versions up to, and including, 4.7.
network
low complexity
CWE-862
8.8
8.8
2025-03-19 CVE-2024-13933 The FoodBakery | Delivery Restaurant Directory WordPress Theme theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.7.
network
low complexity
CWE-352
8.8
8.8