Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-16 | CVE-2024-57775 | SQL Injection vulnerability in Jfinaloa Project Jfinaloa JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component getWorkFlowHis?insid. | 8.8 |
| 2025-01-16 | CVE-2024-57162 | SQL Injection vulnerability in Campcodes Cybercafe Management System 1.0 Campcodes Cybercafe Management System v1.0 is vulnerable to SQL Injection in /ccms/view-user-detail.php. | 7.2 |
| 2025-01-16 | CVE-2018-25108 | An unauthenticated remote attacker can cause a DoS in the controller due to uncontrolled resource consumption. | 7.5 |
| 2025-01-16 | CVE-2024-12613 | SQL Injection vulnerability in Hirewebxperts Passwords Manager The Passwords Manager plugin for WordPress is vulnerable to SQL Injection via the $wpdb->prefix value in several AJAX fuctions in all versions up to, and including, 1.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
| 2025-01-16 | CVE-2024-45331 | Unspecified vulnerability in Fortinet products A incorrect privilege assignment in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiManager versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiAnalyzer Cloud versions 7.4.1 through 7.4.2, 7.2.1 through 7.2.6, 7.0.1 through 7.0.13, 6.4.1 through 6.4.7 allows attacker to escalate privilege via specific shell commands | 7.8 |
| 2025-01-16 | CVE-2025-0457 | The airPASS from NetVision Information has an OS Command Injection vulnerability, allowing remote attackers with regular privileges to inject and execute arbitrary OS commands. | 8.8 |
| 2025-01-15 | CVE-2024-57727 | Path Traversal vulnerability in Simple-Help Simplehelp SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. | 7.5 |
| 2025-01-15 | CVE-2024-57728 | Link Following vulnerability in Simple-Help Simplehelp SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. | 7.2 |
| 2025-01-15 | CVE-2024-27856 | Code Injection vulnerability in Apple products The issue was addressed with improved checks. | 7.8 |
| 2025-01-15 | CVE-2024-40771 | Unspecified vulnerability in Apple products The issue was addressed with improved memory handling. | 7.8 |