Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2025-02-17 CVE-2025-1389 Orca HCM from Learning Digital has a SQL Injection vulnerability, allowing attackers with regular privileges to inject arbitrary SQL commands to read, modify, and delete database contents.
network
low complexity
CWE-89
8.8
8.8
2025-02-17 CVE-2025-1374 SQL Injection vulnerability in Fabianros Real Estate Property Management System 1.0
A vulnerability classified as critical has been found in code-projects Real Estate Property Management System 1.0.
network
low complexity
fabianros CWE-89
7.5
7.5
2025-02-17 CVE-2025-1388 Orca HCM from LEARNING DIGITAL has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privileges to upload and run web shells
network
low complexity
CWE-434
8.8
8.8
2025-02-16 CVE-2025-1356 SQL Injection vulnerability in Needyamin Library Card System 1.0
A vulnerability was found in needyamin Library Card System 1.0.
network
low complexity
needyamin CWE-89
7.5
7.5
2025-02-16 CVE-2025-1340 A vulnerability classified as critical has been found in TOTOLINK X18 9.1.0cu.2024_B20220329.
network
low complexity
CWE-121
8.8
8.8
2025-02-16 CVE-2025-1338 A vulnerability was found in NUUO Camera up to 20250203.
network
low complexity
CWE-74
7.3
7.3
2025-02-16 CVE-2025-1336 Path Traversal vulnerability in Cmseasy 7.7.7.9
A vulnerability has been found in CmsEasy 7.7.7.9 and classified as problematic.
network
low complexity
cmseasy CWE-22
8.1
8.1
2025-02-16 CVE-2025-1335 Path Traversal vulnerability in Cmseasy 7.7.7.9
A vulnerability, which was classified as problematic, was found in CmsEasy 7.7.7.9.
network
low complexity
cmseasy CWE-22
8.1
8.1
2025-02-15 CVE-2024-13488 SQL Injection vulnerability in Enituretechnology LTL Freight Quotes
The LTL Freight Quotes – Estes Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.3.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
enituretechnology CWE-89
7.5
7.5
2025-02-14 CVE-2024-12651 Exposed Dangerous Method or Function vulnerability in PTT Inc.
network
low complexity
CWE-749
8.5
8.5