Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2025-02-24 CVE-2024-55898 IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due to an unqualified library call.
network
high complexity
CWE-427
8.5
2025-02-24 CVE-2025-1606 Improper Access Control vulnerability in Mayurik Best Employee Management System 1.0
A vulnerability classified as problematic was found in SourceCodester Best Employee Management System 1.0.
network
low complexity
mayurik CWE-284
7.5
2025-02-23 CVE-2025-1590 Unrestricted Upload of File with Dangerous Type vulnerability in Janobe E-Learning System 1.0
A vulnerability was found in SourceCodester E-Learning System 1.0.
network
low complexity
janobe CWE-434
7.2
2025-02-23 CVE-2025-1578 Injection vulnerability in PHPgurukul Online Shopping Portal 2.1
A vulnerability, which was classified as critical, was found in PHPGurukul Online Shopping Portal 2.1.
network
low complexity
phpgurukul CWE-74
7.5
2025-02-22 CVE-2025-0957 The SMTP for Amazon SES – YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
7.2
2025-02-22 CVE-2024-13474 The LTL Freight Quotes – Purolator Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 2.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
7.5
2025-02-22 CVE-2024-13899 The Mambo Importer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0 via deserialization of untrusted input via the $data parameter in the fImportMenu function.
network
low complexity
CWE-502
7.2
2025-02-21 CVE-2025-1536 A vulnerability was found in Raisecom Multi-Service Intelligent Gateway up to 20250208.
network
low complexity
CWE-77
7.3
2025-02-21 CVE-2025-1538 Out-of-bounds Write vulnerability in Dlink Dap-1320 Firmware 1.0
A vulnerability classified as critical was found in D-Link DAP-1320 1.00.
network
low complexity
dlink CWE-787
8.8
2025-02-21 CVE-2024-13900 Code Injection vulnerability in Satollo Head, Footer, and Post Injections
The Head, Footer and Post Injections plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 3.3.0.
network
low complexity
satollo CWE-94
7.2