Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2025-02-24 CVE-2024-12917 Files or Directories Accessible to External Parties vulnerability in Agito Computer Health4All allows Exploiting Incorrectly Configured Access Control Security Levels, Authentication Abuse.This issue affects Health4All: before 10.01.2025.
network
low complexity
CWE-552
8.3
8.3
2025-02-24 CVE-2024-12918 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Agito Computer Health4All allows SQL Injection.This issue affects Health4All: before 10.01.2025.
network
low complexity
CWE-89
8.8
8.8
2025-02-24 CVE-2024-55898 IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due to an unqualified library call.
network
high complexity
CWE-427
8.5
8.5
2025-02-24 CVE-2025-1606 Improper Access Control vulnerability in Mayurik Best Employee Management System 1.0
A vulnerability classified as problematic was found in SourceCodester Best Employee Management System 1.0.
network
low complexity
mayurik CWE-284
7.5
7.5
2025-02-23 CVE-2025-1590 Unrestricted Upload of File with Dangerous Type vulnerability in Janobe E-Learning System 1.0
A vulnerability was found in SourceCodester E-Learning System 1.0.
network
low complexity
janobe CWE-434
7.2
7.2
2025-02-23 CVE-2025-1578 Injection vulnerability in PHPgurukul Online Shopping Portal 2.1
A vulnerability, which was classified as critical, was found in PHPGurukul Online Shopping Portal 2.1.
network
low complexity
phpgurukul CWE-74
7.5
7.5
2025-02-22 CVE-2025-0957 The SMTP for Amazon SES – YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
7.2
7.2
2025-02-22 CVE-2024-13474 The LTL Freight Quotes – Purolator Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 2.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
7.5
7.5
2025-02-22 CVE-2024-13899 The Mambo Importer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0 via deserialization of untrusted input via the $data parameter in the fImportMenu function.
network
low complexity
CWE-502
7.2
7.2
2025-02-21 CVE-2025-1536 A vulnerability was found in Raisecom Multi-Service Intelligent Gateway up to 20250208.
network
low complexity
CWE-77
7.3
7.3