Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-17 | CVE-2025-1388 | Orca HCM from LEARNING DIGITAL has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privileges to upload and run web shells | 8.8 |
| 2025-02-16 | CVE-2025-1356 | SQL Injection vulnerability in Needyamin Library Card System 1.0 A vulnerability was found in needyamin Library Card System 1.0. | 7.5 |
| 2025-02-16 | CVE-2025-1340 | Stack-based Buffer Overflow vulnerability in Totolink X18 Firmware 9.1.0Cu.2024B20220329 A vulnerability classified as critical has been found in TOTOLINK X18 9.1.0cu.2024_B20220329. | 8.8 |
| 2025-02-16 | CVE-2025-1339 | Command Injection vulnerability in Totolink X18 Firmware 9.1.0Cu.2024B20220329 A vulnerability was found in TOTOLINK X18 9.1.0cu.2024_B20220329. | 8.8 |
| 2025-02-16 | CVE-2025-1338 | A vulnerability was found in NUUO Camera up to 20250203. | 7.3 |
| 2025-02-16 | CVE-2025-1336 | Path Traversal vulnerability in Cmseasy 7.7.7.9 A vulnerability has been found in CmsEasy 7.7.7.9 and classified as problematic. | 8.1 |
| 2025-02-16 | CVE-2025-1335 | Path Traversal vulnerability in Cmseasy 7.7.7.9 A vulnerability, which was classified as problematic, was found in CmsEasy 7.7.7.9. | 8.1 |
| 2025-02-15 | CVE-2024-13488 | SQL Injection vulnerability in Enituretechnology LTL Freight Quotes The LTL Freight Quotes – Estes Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.3.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
| 2025-02-14 | CVE-2024-12651 | Exposed Dangerous Method or Function vulnerability in PTT Inc. | 8.5 |
| 2025-02-14 | CVE-2024-13641 | Unspecified vulnerability in Wpswings Return Refund and Exchange for Woocommerce The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.5 via the 'attachment' directory. | 7.5 |