Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-16 | CVE-2024-12613 | SQL Injection vulnerability in Hirewebxperts Passwords Manager The Passwords Manager plugin for WordPress is vulnerable to SQL Injection via the $wpdb->prefix value in several AJAX fuctions in all versions up to, and including, 1.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
| 2025-01-16 | CVE-2024-45331 | Unspecified vulnerability in Fortinet products A incorrect privilege assignment in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiManager versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiAnalyzer Cloud versions 7.4.1 through 7.4.2, 7.2.1 through 7.2.6, 7.0.1 through 7.0.13, 6.4.1 through 6.4.7 allows attacker to escalate privilege via specific shell commands | 7.8 |
| 2025-01-16 | CVE-2025-0457 | The airPASS from NetVision Information has an OS Command Injection vulnerability, allowing remote attackers with regular privileges to inject and execute arbitrary OS commands. | 8.8 |
| 2025-01-15 | CVE-2024-57727 | Path Traversal vulnerability in Simple-Help Simplehelp SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. | 7.5 |
| 2025-01-15 | CVE-2024-57728 | Link Following vulnerability in Simple-Help Simplehelp SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. | 7.2 |
| 2025-01-15 | CVE-2024-27856 | Code Injection vulnerability in Apple products The issue was addressed with improved checks. | 7.8 |
| 2025-01-15 | CVE-2024-40771 | Unspecified vulnerability in Apple products The issue was addressed with improved memory handling. | 7.8 |
| 2025-01-15 | CVE-2025-0484 | Unspecified vulnerability in Fanli2012 Native-PHP-Cms 1.0 A vulnerability was found in Fanli2012 native-php-cms 1.0 and classified as critical. | 7.5 |
| 2025-01-15 | CVE-2020-8094 | Untrusted Search Path vulnerability in Bitdefender Antivirus 2020 1.0.15.138 An untrusted search path vulnerability in testinitsigs.exe as used in Bitdefender Antivirus Free 2020 allows a low-privilege attacker to execute code as SYSTEM via a specially crafted DLL file. | 7.8 |
| 2025-01-15 | CVE-2024-57011 | OS Command Injection vulnerability in Totolink X5000R Firmware 9.1.0Cu.2350B20230313 TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "minute" parameters in setScheduleCfg. | 8.8 |