Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2025-04-01 CVE-2025-2891 The Real Estate 7 WordPress theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the 'template-submit-listing.php' file in all versions up to, and including, 3.5.4.
network
low complexity
CWE-434
8.8
8.8
2025-04-01 CVE-2024-13567 The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.3.1 via the 'awesome-support' directory.
network
low complexity
CWE-200
7.5
7.5
2025-04-01 CVE-2025-2007 The Import Export Suite for CSV and XML Datafeed plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteImage() function in all versions up to, and including, 7.19.
network
low complexity
CWE-23
8.1
8.1
2025-04-01 CVE-2025-2008 The Import Export Suite for CSV and XML Datafeed plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import_single_post_as_csv() function in all versions up to, and including, 7.19.
network
low complexity
CWE-434
8.8
8.8
2025-04-01 CVE-2025-21384 An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network.
network
low complexity
CWE-693
8.3
8.3
2025-03-31 CVE-2025-3038 Injection vulnerability in Fabian Payroll Management System 1.0
A vulnerability was found in code-projects Payroll Management System 1.0 and classified as critical.
network
low complexity
fabian CWE-74
8.8
8.8
2025-03-31 CVE-2025-3039 Injection vulnerability in Fabian Payroll Management System 1.0
A vulnerability was found in code-projects Payroll Management System 1.0.
network
low complexity
fabian CWE-74
8.8
8.8
2025-03-31 CVE-2025-26683 Improper authorization in Azure Playwright allows an unauthorized attacker to elevate privileges over a network.
network
high complexity
CWE-285
8.1
8.1
2025-03-31 CVE-2025-3018 SQL Injection vulnerability in Oretnom23 Online Eyewear Shop 1.0
A vulnerability, which was classified as critical, was found in SourceCodester Online Eyewear Shop 1.0.
network
low complexity
oretnom23 CWE-89
7.5
7.5
2025-03-31 CVE-2025-3015 Out-of-bounds Read vulnerability in Assimp 5.4.3
A vulnerability classified as critical has been found in Open Asset Import Library Assimp 5.4.3.
network
low complexity
assimp CWE-125
8.8
8.8