Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2025-04-01 CVE-2025-31131 Path Traversal vulnerability in Yeswiki
YesWiki is a wiki system written in PHP.
network
low complexity
yeswiki CWE-22
7.5
7.5
2025-04-01 CVE-2025-1658 Out-of-bounds Read vulnerability in Autodesk Navisworks
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability.
local
low complexity
autodesk CWE-125
7.8
7.8
2025-04-01 CVE-2025-1659 Out-of-bounds Read vulnerability in Autodesk Navisworks
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability.
local
low complexity
autodesk CWE-125
7.8
7.8
2025-04-01 CVE-2025-1660 Out-of-bounds Write vulnerability in Autodesk Navisworks
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability.
local
low complexity
autodesk CWE-787
7.8
7.8
2025-04-01 CVE-2025-2891 The Real Estate 7 WordPress theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the 'template-submit-listing.php' file in all versions up to, and including, 3.5.4.
network
low complexity
CWE-434
8.8
8.8
2025-04-01 CVE-2024-13567 The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.3.1 via the 'awesome-support' directory.
network
low complexity
CWE-200
7.5
7.5
2025-04-01 CVE-2025-2007 The Import Export Suite for CSV and XML Datafeed plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteImage() function in all versions up to, and including, 7.19.
network
low complexity
CWE-23
8.1
8.1
2025-04-01 CVE-2025-2008 The Import Export Suite for CSV and XML Datafeed plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import_single_post_as_csv() function in all versions up to, and including, 7.19.
network
low complexity
CWE-434
8.8
8.8
2025-04-01 CVE-2025-21384 An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network.
network
low complexity
CWE-693
8.3
8.3
2025-03-31 CVE-2025-3038 Injection vulnerability in Fabian Payroll Management System 1.0
A vulnerability was found in code-projects Payroll Management System 1.0 and classified as critical.
network
low complexity
fabian CWE-74
8.8
8.8