Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2025-01-16 CVE-2024-57704 Out-of-bounds Write vulnerability in Tenda AC8 Firmware 16.03.34.06
Tenda AC8v4 V16.03.34.06 has a stack overflow vulnerability.
network
low complexity
tenda CWE-787
8.8
8.8
2025-01-16 CVE-2024-57578 Out-of-bounds Write vulnerability in Tenda Ac18 Firmware 15.03.05.19
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the funcpara1 parameter in the formSetCfm function.
low complexity
tenda CWE-787
8.8
8.8
2025-01-16 CVE-2024-41746 IBM CICS TX Advanced 10.1, 11.1, and Standard 11.1 is vulnerable to stored cross-site scripting.
network
low complexity
CWE-79
7.2
7.2
2025-01-16 CVE-2024-57769 SQL Injection vulnerability in Jfinaloa Project Jfinaloa
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component borrowmoney/listData?applyUser.
network
low complexity
jfinaloa-project CWE-89
8.8
8.8
2025-01-16 CVE-2024-57770 SQL Injection vulnerability in Jfinaloa Project Jfinaloa
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component apply/save#oaContractApply.id.
network
low complexity
jfinaloa-project CWE-89
8.8
8.8
2025-01-16 CVE-2024-57775 SQL Injection vulnerability in Jfinaloa Project Jfinaloa
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component getWorkFlowHis?insid.
network
low complexity
jfinaloa-project CWE-89
8.8
8.8
2025-01-16 CVE-2024-57162 SQL Injection vulnerability in Campcodes Cybercafe Management System 1.0
Campcodes Cybercafe Management System v1.0 is vulnerable to SQL Injection in /ccms/view-user-detail.php.
network
low complexity
campcodes CWE-89
7.2
7.2
2025-01-16 CVE-2018-25108 An unauthenticated remote attacker can cause a DoS in the controller due to uncontrolled resource consumption.
network
low complexity
CWE-770
7.5
7.5
2025-01-16 CVE-2024-12613 SQL Injection vulnerability in Hirewebxperts Passwords Manager
The Passwords Manager plugin for WordPress is vulnerable to SQL Injection via the $wpdb->prefix value in several AJAX fuctions in all versions up to, and including, 1.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
hirewebxperts CWE-89
7.5
7.5
2025-01-16 CVE-2024-45331 Unspecified vulnerability in Fortinet products
A incorrect privilege assignment in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiManager versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiAnalyzer Cloud versions 7.4.1 through 7.4.2, 7.2.1 through 7.2.6, 7.0.1 through 7.0.13, 6.4.1 through 6.4.7 allows attacker to escalate privilege via specific shell commands
local
low complexity
fortinet
7.8
7.8