Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2025-02-11 CVE-2025-24868 The User Account and Authentication service (UAA) for SAP HANA extended application services, advanced model (SAP HANA XS advanced model) allows an unauthenticated attacker to craft a malicious link, that, when clicked by a victim, redirects the browser to a malicious site due to insufficient redirect URL validation.
network
low complexity
CWE-601
7.1
2025-02-10 CVE-2025-1156 A vulnerability has been found in Pix Software Vivaz 6.0.10 and classified as critical.
network
low complexity
CWE-74
7.3
2025-02-10 CVE-2024-27859 Unspecified vulnerability in Apple products
The issue was addressed with improved memory handling.
network
low complexity
apple
8.8
2025-02-10 CVE-2025-21687 Out-of-bounds Write vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: vfio/platform: check the bounds of read/write syscalls count and offset are passed from user space and not checked, only offset is capped to 40 bits, which can be used to read/write out of bounds of the device.
local
low complexity
linux CWE-787
7.8
2025-02-10 CVE-2025-21692 Improper Validation of Array Index vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ets qdisc OOB Indexing Haowei Yan <[email protected]> found that ets_class_from_arg() can index an Out-Of-Bound class in ets_class_from_arg() when passed clid of 0.
local
low complexity
linux CWE-129
7.8
2025-02-09 CVE-2024-13440 Unspecified vulnerability in Superstorefinder Super Store Finder
The Super Store Finder plugin for WordPress is vulnerable to SQL Injection via the ‘ssf_wp_user_name’ parameter in all versions up to, and including, 7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
superstorefinder
8.2
2025-02-08 CVE-2025-1117 A vulnerability, which was classified as critical, was found in CoinRemitter 0.0.1/0.0.2 on OpenCart.
network
low complexity
CWE-74
7.3
2025-02-08 CVE-2025-1116 A vulnerability, which was classified as critical, has been found in Dreamvention Live AJAX Search Free up to 1.0.6 on OpenCart.
network
low complexity
CWE-74
7.3
2025-02-07 CVE-2024-7425 Code Injection vulnerability in Soflyy WP ALL Export 1.7.9/1.8.6
The WP ALL Export Pro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to improper user input validation and sanitization in all versions up to, and including, 1.9.1.
network
low complexity
soflyy CWE-94
7.2
2025-02-07 CVE-2025-1104 A vulnerability has been found in D-Link DHP-W310AV 1.04 and classified as critical.
network
low complexity
CWE-290
7.3