Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-20 | CVE-2025-23120 | Unspecified vulnerability in Veeam Backup & Replication A vulnerability allowing remote code execution (RCE) for domain users. | 8.8 |
| 2025-03-20 | CVE-2024-13921 | Deserialization of Untrusted Data vulnerability in Webtoffee Order Export & Order Import for Woocommerce The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.0 via deserialization of untrusted input from the 'form_data' parameter. | 7.2 |
| 2025-03-20 | CVE-2025-2539 | The File Away plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax() function in all versions up to, and including, 3.9.9.0.1. | 7.5 |
| 2025-03-20 | CVE-2024-11822 | Unspecified vulnerability in Dify 0.9.1 langgenius/dify version 0.9.1 contains a Server-Side Request Forgery (SSRF) vulnerability. | 7.5 |
| 2025-03-20 | CVE-2024-12055 | Out-of-bounds Read vulnerability in Ollama A vulnerability in Ollama versions <=0.3.14 allows a malicious user to create a customized gguf model file that can be uploaded to the public Ollama server. | 7.5 |
| 2025-03-20 | CVE-2024-12537 | Allocation of Resources Without Limits or Throttling vulnerability in Openwebui Open Webui 0.3.32 In version 0.3.32 of open-webui/open-webui, the absence of authentication mechanisms allows any unauthenticated attacker to access the `api/v1/utils/code/format` endpoint. | 7.5 |
| 2025-03-20 | CVE-2024-12779 | Unspecified vulnerability in Infiniflow Ragflow 0.12.0 A Server-Side Request Forgery (SSRF) vulnerability exists in infiniflow/ragflow version 0.12.0. | 7.5 |
| 2025-03-20 | CVE-2024-7765 | Unspecified vulnerability in H2O 3.46.0.2 In h2oai/h2o-3 version 3.46.0.2, a vulnerability exists where uploading and repeatedly parsing a large GZIP file can cause a denial of service. | 7.5 |
| 2025-03-20 | CVE-2024-7767 | Unspecified vulnerability in Onyx 0.3.94 An improper access control vulnerability exists in danswer-ai/danswer version v0.3.94. | 8.1 |
| 2025-03-20 | CVE-2024-7806 | Unspecified vulnerability in Openwebui Open Webui A vulnerability in open-webui/open-webui versions <= 0.3.8 allows remote code execution by non-admin users via Cross-Site Request Forgery (CSRF). | 8.8 |