Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-13 | CVE-2025-25898 | Out-of-bounds Write vulnerability in Tp-Link Tl-Wr841Nd Firmware A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the pskSecret parameter at /userRpm/WlanSecurityRpm.htm. | 7.5 |
| 2025-02-13 | CVE-2025-25901 | Out-of-bounds Write vulnerability in Tp-Link Tl-Wr841Nd Firmware A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11, triggered by the dnsserver1 and dnsserver2 parameters at /userRpm/WanSlaacCfgRpm.htm. | 7.5 |
| 2025-02-13 | CVE-2024-13606 | Unspecified vulnerability in Wiselyhub JS Help Desk The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.8 via the 'jssupportticketdata' directory. | 7.5 |
| 2025-02-12 | CVE-2024-56940 | Unspecified vulnerability in Learndash 6.7.1 An issue in the profile image upload function of LearnDash v6.7.1 allows attackers to cause a Denial of Service (DoS) via excessive file uploads. | 7.5 |
| 2025-02-12 | CVE-2024-12673 | An improper privilege vulnerability was reported in a BIOS customization feature of Lenovo Vantage on SMB notebook devices which could allow a local attacker to elevate privileges on the system. This vulnerability only affects Vantage installed on these devices: * Lenovo V Series (Gen 5) * ThinkBook 14 (Gen 6, 7) * ThinkBook 16 (Gen 6, 7) * ThinkPad E Series (Gen 1) local low complexity | 7.8 |
| 2025-02-12 | CVE-2024-11628 | Unspecified vulnerability in Telerik Kendo UI for VUE In Progress® Telerik® Kendo UI for Vue versions v2.4.0 through v6.0.1, an attacker can introduce or modify properties within the global prototype chain which can result in denial of service or command injection. | 7.2 |
| 2025-02-12 | CVE-2025-1210 | SQL Injection vulnerability in Anisha Wazifa System 1.0 A vulnerability classified as critical was found in code-projects Wazifa System 1.0. | 8.8 |
| 2025-02-12 | CVE-2025-25743 | Command Injection vulnerability in Dlink Dir-853 Firmware 1.20B07 D-Link DIR-853 A1 FW1.20B07 was discovered to contain a command injection vulnerability in the SetVirtualServerSettings module. | 7.2 |
| 2025-02-12 | CVE-2024-11343 | Path Traversal vulnerability in Progress Telerik Document Processing Libraries In Progress® Telerik® Document Processing Libraries, versions prior to 2025 Q1 (2025.1.205), unzipping an archive can lead to arbitrary file system access. | 8.8 |
| 2025-02-12 | CVE-2024-12629 | Unspecified vulnerability in Telerik Kendoreact In Progress® Telerik® KendoReact versions v3.5.0 through v9.4.0, an attacker can introduce or modify properties within the global prototype chain which can result in denial of service or command injection. | 7.2 |