Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2025-03-23 CVE-2025-29795 Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally.
local
low complexity
CWE-59
7.8
7.8
2025-03-23 CVE-2025-2652 Unspecified vulnerability in Oretnom23 Employee and Visitor Gate Pass Logging System 1.0
A vulnerability has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 and classified as problematic.
network
low complexity
oretnom23
7.5
7.5
2025-03-22 CVE-2025-2624 SQL Injection vulnerability in Westboy Cicadascms 1.0
A vulnerability was found in westboy CicadasCMS 1.0.
network
low complexity
westboy CWE-89
7.5
7.5
2025-03-22 CVE-2025-2622 Unspecified vulnerability in Aizuda Snail-Job 1.4.0
A vulnerability was found in aizuda snail-job 1.4.0.
network
low complexity
aizuda
8.8
8.8
2025-03-22 CVE-2025-2186 The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin for WordPress is vulnerable to SQL Injection via the ‘automationId’ parameter in all versions up to, and including, 3.5.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
7.5
7.5
2025-03-22 CVE-2025-1970 The Export and Import Users and Customers plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.6.2 via the validate_file() function.
network
low complexity
CWE-918
7.6
7.6
2025-03-22 CVE-2025-1971 The Export and Import Users and Customers plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.2 via deserialization of untrusted input from the 'form_data' parameter.
network
low complexity
CWE-502
7.2
7.2
2025-03-22 CVE-2025-2303 The Block Logic – Full Gutenberg Block Display Control plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.8 via the block_logic_check_logic function.
network
low complexity
CWE-94
8.8
8.8
2025-03-22 CVE-2025-0724 Deserialization of Untrusted Data vulnerability in Metagauss Profilegrid
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.9.4.5 via deserialization of untrusted input in the get_user_meta_fields_html function.
network
low complexity
metagauss CWE-502
8.8
8.8
2025-03-21 CVE-2025-2601 Injection vulnerability in Mayurik Advocate Office Management System 1.0
A vulnerability, which was classified as critical, was found in SourceCodester Kortex Lite Advocate Office Management System 1.0.
network
low complexity
mayurik CWE-74
8.8
8.8