Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-11 | CVE-2025-24868 | The User Account and Authentication service (UAA) for SAP HANA extended application services, advanced model (SAP HANA XS advanced model) allows an unauthenticated attacker to craft a malicious link, that, when clicked by a victim, redirects the browser to a malicious site due to insufficient redirect URL validation. | 7.1 |
| 2025-02-10 | CVE-2025-1156 | A vulnerability has been found in Pix Software Vivaz 6.0.10 and classified as critical. | 7.3 |
| 2025-02-10 | CVE-2024-27859 | Unspecified vulnerability in Apple products The issue was addressed with improved memory handling. | 8.8 |
| 2025-02-10 | CVE-2025-21687 | Out-of-bounds Write vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: vfio/platform: check the bounds of read/write syscalls count and offset are passed from user space and not checked, only offset is capped to 40 bits, which can be used to read/write out of bounds of the device. | 7.8 |
| 2025-02-10 | CVE-2025-21692 | Improper Validation of Array Index vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ets qdisc OOB Indexing Haowei Yan <[email protected]> found that ets_class_from_arg() can index an Out-Of-Bound class in ets_class_from_arg() when passed clid of 0. | 7.8 |
| 2025-02-09 | CVE-2024-13440 | Unspecified vulnerability in Superstorefinder Super Store Finder The Super Store Finder plugin for WordPress is vulnerable to SQL Injection via the ‘ssf_wp_user_name’ parameter in all versions up to, and including, 7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 8.2 |
| 2025-02-08 | CVE-2025-1117 | A vulnerability, which was classified as critical, was found in CoinRemitter 0.0.1/0.0.2 on OpenCart. | 7.3 |
| 2025-02-08 | CVE-2025-1116 | A vulnerability, which was classified as critical, has been found in Dreamvention Live AJAX Search Free up to 1.0.6 on OpenCart. | 7.3 |
| 2025-02-07 | CVE-2024-7425 | Code Injection vulnerability in Soflyy WP ALL Export 1.7.9/1.8.6 The WP ALL Export Pro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to improper user input validation and sanitization in all versions up to, and including, 1.9.1. | 7.2 |
| 2025-02-07 | CVE-2025-1104 | A vulnerability has been found in D-Link DHP-W310AV 1.04 and classified as critical. | 7.3 |