Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-21 | CVE-2025-22716 | SQL Injection vulnerability in Taskbuilder Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Taskbuilder Team Taskbuilder allows SQL Injection. | 8.8 |
| 2025-01-21 | CVE-2024-57943 | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: exfat: fix the new buffer was not zeroed before writing Before writing, if a buffer_head marked as new, its data must be zeroed, otherwise uninitialized data in the page cache will be written. So this commit uses folio_zero_new_buffers() to zero the new buffers before ->write_end(). | 7.8 |
| 2025-01-21 | CVE-2024-43709 | Allocation of Resources Without Limits or Throttling vulnerability in Elastic Elasticsearch An allocation of resources without limits or throttling in Elasticsearch can lead to an OutOfMemoryError exception resulting in a crash via a specially crafted query using an SQL function. | 7.5 |
| 2025-01-21 | CVE-2024-12104 | Missing Authorization vulnerability in Atarim Visual Website Collaboration, Feedback & Project Management The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wpf_delete_file and wpf_delete_file functions in all versions up to, and including, 4.0.9. | 7.5 |
| 2025-01-21 | CVE-2025-23184 | Unspecified vulnerability in Apache CXF A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it applies to servers and clients). | 7.5 |
| 2025-01-21 | CVE-2024-10936 | Deserialization of Untrusted Data vulnerability in Instawp String Locator The String locator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.6 via deserialization of untrusted input in the 'recursive_unserialize_replace' function. | 8.8 |
| 2025-01-20 | CVE-2025-0579 | A vulnerability was found in Shiprocket Module 3/4 on OpenCart. | 7.3 |
| 2025-01-20 | CVE-2025-0582 | Unrestricted Upload of File with Dangerous Type vulnerability in Angeljudesuarez Tailoring Management System 1.0 A vulnerability classified as critical was found in itsourcecode Farm Management System up to 1.0. | 7.2 |
| 2025-01-20 | CVE-2025-0586 | The a+HRD from aEnrich Technology has an Insecure Deserialization vulnerability, allowing remote attackers with database modification privileges and regular system privileges to perform arbitrary code execution. | 7.2 |
| 2025-01-19 | CVE-2024-41742 | IBM TXSeries for Multiplatforms 10.1 is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. | 7.5 |