Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2025-03-27 CVE-2025-22783 SQL Injection vulnerability in Squirrly SEO Plugin BY Squirrly SEO
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SEO Squirrly SEO Plugin by Squirrly SEO allows SQL Injection.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.4.03.
network
low complexity
squirrly CWE-89
8.8
8.8
2025-03-27 CVE-2025-2855 Deserialization of Untrusted Data vulnerability in Eladmin
A vulnerability, which was classified as problematic, has been found in elunez eladmin up to 2.7.
network
low complexity
eladmin CWE-502
7.2
7.2
2025-03-27 CVE-2025-2854 Unspecified vulnerability in Fabian Payroll Management System 1.0
A vulnerability classified as critical was found in code-projects Payroll Management System 1.0.
network
low complexity
fabian
8.8
8.8
2025-03-27 CVE-2025-2847 Injection vulnerability in Codezips GYM Management System 1.0
A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0.
network
low complexity
codezips CWE-74
8.8
8.8
2025-03-27 CVE-2025-31141 Information Exposure Through an Error Message vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2025.03 exception could lead to credential leakage on Cloud Profiles page
network
low complexity
jetbrains CWE-209
7.5
7.5
2025-03-26 CVE-2025-20229 In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.104, 9.2.2406.108, 9.2.2403.114, and 9.1.2312.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) through a file upload to the "$SPLUNK_HOME/var/run/splunk/apptemp" directory due to missing authorization checks.
network
low complexity
CWE-284
8.0
8.0
2025-03-26 CVE-2025-20231 In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a search using the permissions of a higher-privileged user that could lead to disclosure of sensitive information.<br><br>The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser.
network
high complexity
CWE-532
7.1
7.1
2025-03-26 CVE-2024-13889 The WordPress Importer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.8.3 via deserialization of untrusted input in the 'maybe_unserialize' function.
network
low complexity
CWE-502
7.2
7.2
2025-03-26 CVE-2025-1912 The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.0 via the validate_file() Function.
network
low complexity
CWE-918
7.6
7.6
2025-03-26 CVE-2025-1913 The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.5.0 via deserialization of untrusted input from the 'form_data' parameter This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object.
network
low complexity
CWE-502
7.2
7.2