Latest CVE Feed
-
9.8
CRITICALCVE-2024-11613
The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution, Arbitrary File Read, and Arbitrary File Deletion in all versions up to, and including, 4.24.15 via the 'wfu_file_downloader.php' file. This is due to lack of proper san... Read more
Affected Products : wordpress_file_upload- Published: Jan. 08, 2025
- Modified: Apr. 17, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2024-57768
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component validRoleKey?sysRole.key.... Read more
Affected Products : jfinaloa- Published: Jan. 16, 2025
- Modified: May. 28, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-25674
Tenda AC10 V1.0 V15.03.06.23 is vulnerable to Buffer Overflow in form_fast_setting_wifi_set via the parameter ssid.... Read more
- Published: Feb. 20, 2025
- Modified: Mar. 17, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-1818
A vulnerability, which was classified as critical, has been found in zj1983 zz up to 2024-8. This issue affects some unknown processing of the file src/main/java/com/futvan/z/system/zfile/ZfileAction.upload. The manipulation of the argument file leads to ... Read more
Affected Products : zz- Published: Mar. 02, 2025
- Modified: May. 26, 2025
- Vuln Type: Misconfiguration
-
9.8
CRITICALCVE-2025-1906
A vulnerability has been found in PHPGurukul Restaurant Table Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/profile.php. The manipulation of the argument mobilenumber leads to sql injection. The ... Read more
Affected Products : restaurant_table_booking_system- Published: Mar. 04, 2025
- Modified: Mar. 04, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-2064
A vulnerability, which was classified as critical, has been found in projectworlds Life Insurance Management System 1.0. Affected by this issue is some unknown functionality of the file /deletePayment.php. The manipulation of the argument recipt_no leads ... Read more
Affected Products : life_insurance_management_system- Published: Mar. 07, 2025
- Modified: May. 14, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-3146
A vulnerability, which was classified as critical, was found in PHPGurukul Bus Pass Management System 1.0. This affects an unknown part of the file /view-pass-detail.php. The manipulation of the argument viewid leads to sql injection. It is possible to in... Read more
- Published: Apr. 03, 2025
- Modified: May. 07, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-3339
A vulnerability classified as critical was found in codeprojects Online Restaurant Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/user_update.php. The manipulation of the argument ID leads to sql injec... Read more
- Published: Apr. 07, 2025
- Modified: Apr. 29, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2024-54092
A vulnerability has been identified in Industrial Edge Device Kit - arm64 V1.17 (All versions), Industrial Edge Device Kit - arm64 V1.18 (All versions), Industrial Edge Device Kit - arm64 V1.19 (All versions), Industrial Edge Device Kit - arm64 V1.20 (All... Read more
Affected Products :- Published: Apr. 08, 2025
- Modified: Jul. 08, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2023-44755
Sacco Management system v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /sacco/ajax.php.... Read more
Affected Products : sacco_management_system- Published: Apr. 22, 2025
- Modified: Jun. 19, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-4147
A vulnerability has been found in Netgear EX6200 1.0.3.94 and classified as critical. Affected by this vulnerability is the function sub_47F7C. The manipulation of the argument host leads to buffer overflow. The attack can be launched remotely. The vendor... Read more
- Published: May. 01, 2025
- Modified: May. 12, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-4184
A vulnerability classified as critical was found in PCMan FTP Server 2.0.7. This vulnerability affects unknown code of the component QUOTE Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has be... Read more
- Published: May. 02, 2025
- Modified: May. 16, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-4354
A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02 and classified as critical. Affected by this issue is the function check_dws_cookie of the file /storage. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely... Read more
- Published: May. 06, 2025
- Modified: May. 13, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-4361
A vulnerability classified as critical has been found in PHPGurukul Company Visitor Management System 2.0. This affects an unknown part of the file /department.php. The manipulation of the argument departmentname leads to sql injection. It is possible to ... Read more
Affected Products : company_visitor_management_system- Published: May. 06, 2025
- Modified: May. 16, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-4502
A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. This vulnerability affects unknown code of the file /pages/creditor_add.php. The manipulation leads to sql injection. The attack can be initiated remote... Read more
Affected Products : sales_and_inventory_system- Published: May. 10, 2025
- Modified: May. 16, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2023-7116
A vulnerability, which was classified as critical, has been found in WeiYe-Jing datax-web 2.1.2. Affected by this issue is some unknown functionality of the file /api/log/killJob of the component HTTP POST Request Handler. The manipulation of the argument... Read more
Affected Products : datax-web- EPSS Score: %49.10
- Published: Dec. 27, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-0355
A vulnerability, which was classified as critical, was found in PHPGurukul Dairy Farm Shop Management System up to 1.1. Affected is an unknown function of the file add-category.php. The manipulation of the argument category leads to sql injection. The exp... Read more
Affected Products : dairy_farm_shop_management_system- EPSS Score: %0.08
- Published: Jan. 10, 2024
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-0603
A vulnerability classified as critical has been found in ZhiCms up to 4.0. This affects an unknown part of the file app/plug/controller/giftcontroller.php. The manipulation of the argument mylike leads to deserialization. It is possible to initiate the at... Read more
Affected Products : zhicms- EPSS Score: %0.20
- Published: Jan. 16, 2024
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-0733
A vulnerability was found in Smsot up to 2.12. It has been classified as critical. Affected is an unknown function of the file /api.php of the component HTTP POST Request Handler. The manipulation of the argument data[sign] leads to sql injection. It is p... Read more
Affected Products : smsot- EPSS Score: %0.05
- Published: Jan. 19, 2024
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-0338
A buffer overflow vulnerability has been found in XAMPP affecting version 8.2.4 and earlier. An attacker could execute arbitrary code through a long file debug argument that controls the Structured Exception Handler (SEH).... Read more
Affected Products : xampp- EPSS Score: %0.10
- Published: Feb. 02, 2024
- Modified: Nov. 21, 2024