Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2025-03-27 CVE-2025-2855 Deserialization of Untrusted Data vulnerability in Eladmin
A vulnerability, which was classified as problematic, has been found in elunez eladmin up to 2.7.
network
low complexity
eladmin CWE-502
7.2
7.2
2025-03-27 CVE-2025-2854 Unspecified vulnerability in Fabian Payroll Management System 1.0
A vulnerability classified as critical was found in code-projects Payroll Management System 1.0.
network
low complexity
fabian
8.8
8.8
2025-03-27 CVE-2025-31141 Information Exposure Through an Error Message vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2025.03 exception could lead to credential leakage on Cloud Profiles page
network
low complexity
jetbrains CWE-209
7.5
7.5
2025-03-26 CVE-2025-20229 In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.104, 9.2.2406.108, 9.2.2403.114, and 9.1.2312.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) through a file upload to the "$SPLUNK_HOME/var/run/splunk/apptemp" directory due to missing authorization checks.
network
low complexity
CWE-284
8.0
8.0
2025-03-26 CVE-2025-20231 In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a search using the permissions of a higher-privileged user that could lead to disclosure of sensitive information.<br><br>The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser.
network
high complexity
CWE-532
7.1
7.1
2025-03-26 CVE-2024-13889 The WordPress Importer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.8.3 via deserialization of untrusted input in the 'maybe_unserialize' function.
network
low complexity
CWE-502
7.2
7.2
2025-03-26 CVE-2025-1912 The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.0 via the validate_file() Function.
network
low complexity
CWE-918
7.6
7.6
2025-03-26 CVE-2025-1913 The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.5.0 via deserialization of untrusted input from the 'form_data' parameter This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object.
network
low complexity
CWE-502
7.2
7.2
2025-03-26 CVE-2025-2110 The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to missing capability checks on its on its AJAX functions in all versions up to, and including, 6.30.15.
network
low complexity
CWE-862
8.8
8.8
2025-03-26 CVE-2024-13801 The BWL Advanced FAQ Manager plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'baf_set_notice_status' AJAX action in all versions up to, and including, 2.1.4.
network
low complexity
CWE-862
8.1
8.1