32,086 indexed
CVECVE vulnerabilities
32,086 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 4,951–5,000 of 8,314 in Critical · page 100 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-48340 | CVE-2025-48340 CVSS 9.8 | Cross-Site Request Forgery (CSRF) vulnerability in Danny Vink User Profile Meta Manager user-profile-meta allows Privilege Escalation.This issue affects User P… |
| CVE-2025-48336 | CVE-2025-48336 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in ThimPress Course Builder course-builder allows Object Injection.This issue affects Course Builder: from n/a … |
| CVE-2025-48300 | CVE-2025-48300 CVSS 9.1 | Unrestricted Upload of File with Dangerous Type vulnerability in Adrian Tobey Groundhogg groundhogg allows Upload a Web Shell to a Web Server.This issue affect… |
| CVE-2025-48293 | CVE-2025-48293 CVSS 9.8 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Dylan Kuhn Geo Mashup geo-mashup allo… |
| CVE-2025-48289 | CVE-2025-48289 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in AncoraThemes Kids Planet kidsplanet allows Object Injection.This issue affects Kids Planet: from n/a through… |
| CVE-2025-48287 | CVE-2025-48287 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in Pagaleve Pix 4x sem juros - Pagaleve wc-pagaleve allows Object Injection.This issue affects Pix 4x sem juros… |
| CVE-2025-48283 | CVE-2025-48283 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Majestic Support Majestic Support majestic-support allows… |
| CVE-2025-48281 | CVE-2025-48281 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mystyleplatform MyStyle Custom Product Designer mystyle-c… |
| CVE-2025-4828 | CVE-2025-4828 CVSS 9.8 | The Support Board plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the sb_file_delete function in all … |
| CVE-2025-48267 | CVE-2025-48267 CVSS 9.1 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThimPress WP Pipes allows Path Traversal. This issue affects WP… |
| CVE-2025-4822 | CVE-2025-4822 CVSS 9.8 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bayraktar Solar Energies ScadaWatt Otopilot allows SQL In… |
| CVE-2025-48200 | CVE-2025-48200 CVSS 10.0 | The sr_feuser_register extension through 12.4.8 for TYPO3 allows Remote Code Execution. |
| CVE-2025-48187 | CVE-2025-48187 CVSS 9.8 | RAGFlow through 0.18.1 allows account takeover because it is possible to conduct successful brute-force attacks against email verification codes to perform arb… |
| CVE-2025-4818 | CVE-2025-4818 CVSS 9.8 | A vulnerability was found in SourceCodester Doctor's Appointment System 1.0. It has been rated as critical. This issue affects some unknown processing of the f… |
| CVE-2025-48174 | CVE-2025-48174 CVSS 9.1 | In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream->offset+size. |
| CVE-2025-4817 | CVE-2025-4817 CVSS 9.8 | A vulnerability was found in Sourcecodester Doctor's Appointment System 1.0. It has been declared as critical. This vulnerability affects unknown code of the f… |
| CVE-2025-48169 | CVE-2025-48169 CVSS 9.9 | Improper Control of Generation of Code ('Code Injection') vulnerability in Jordy Meow Code Engine code-engine allows Remote Code Inclusion.This issue affects C… |
| CVE-2025-4816 | CVE-2025-4816 CVSS 9.8 | A vulnerability was found in SourceCodester Doctor's Appointment System 1.0. It has been classified as critical. This affects an unknown part of the file /admi… |
| CVE-2025-4815 | CVE-2025-4815 CVSS 9.8 | A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the f… |
| CVE-2025-48148 | CVE-2025-48148 CVSS 10.0 | Unrestricted Upload of File with Dangerous Type vulnerability in StoreKeeper B.V. StoreKeeper for WooCommerce storekeeper-for-woocommerce allows Using Maliciou… |
| CVE-2025-48141 | CVE-2025-48141 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alex Zaytseff Multi CryptoCurrency Payments multi-crypto-… |
| CVE-2025-48140 | CVE-2025-48140 CVSS 9.9 | Improper Control of Generation of Code ('Code Injection') vulnerability in metalpriceapi MetalpriceAPI metalpriceapi allows Code Injection.This issue affects M… |
| CVE-2025-4814 | CVE-2025-4814 CVSS 9.8 | A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionali… |
| CVE-2025-48133 | CVE-2025-48133 CVSS 9.8 | Missing Authorization vulnerability in Uncanny Owl Uncanny Automator uncanny-automator allows Exploiting Incorrectly Configured Access Control Security Levels.… |
| CVE-2025-4813 | CVE-2025-4813 CVSS 9.8 | A vulnerability, which was classified as critical, was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. Affected is an unknown function… |
| CVE-2025-48129 | CVE-2025-48129 CVSS 9.8 | Incorrect Privilege Assignment vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light excel-like-price-change-… |
| CVE-2025-48126 | CVE-2025-48126 CVSS 9.8 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Essential Real Estate essentia… |
| CVE-2025-48123 | CVE-2025-48123 CVSS 10.0 | Improper Control of Generation of Code ('Code Injection') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Lig… |
| CVE-2025-48122 | CVE-2025-48122 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Holest Engineering Spreadsheet Price Changer for WooComme… |
| CVE-2025-4812 | CVE-2025-4812 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. This issue affects some un… |
| CVE-2025-4811 | CVE-2025-4811 CVSS 9.8 | A vulnerability was found in CodeAstro Pharmacy Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of t… |
| CVE-2025-48106 | CVE-2025-48106 CVSS 10.0 | Unrestricted Upload of File with Dangerous Type vulnerability in CMSSuperHeroes Clanora clanora allows Using Malicious Files.This issue affects Clanora: from n… |
| CVE-2025-48100 | CVE-2025-48100 CVSS 9.1 | Improper Control of Generation of Code ('Code Injection') vulnerability in extremeidea bidorbuy Store Integrator bidorbuystoreintegrator allows Remote Code Inc… |
| CVE-2025-48089 | CVE-2025-48089 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rainbow-Themes Education WordPress Theme | HiStudy histud… |
| CVE-2025-48072 | CVE-2025-48072 CVSS 9.1 | OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Version 3.3.2 … |
| CVE-2025-48057 | CVE-2025-48057 CVSS 9.8 | Icinga 2 is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Pr… |
| CVE-2025-48017 | CVE-2025-48017 CVSS 9.0 | Improper limitation of pathname in Circuit Provisioning and File Import applications allows modification and uploading of files |
| CVE-2025-48006 | CVE-2025-48006 CVSS 9.1 | Improper restriction of XML external entity reference issue exists in DataSpider Servista 4.4 and earlier. If a specially crafted request is processed, arbitra… |
| CVE-2025-48005 | CVE-2025-48005 CVSS 9.8 | A heap-based buffer overflow vulnerability exists in the RHS2000 parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A sp… |
| CVE-2025-47981 | CVE-2025-47981 CVSS 9.8 | Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network. |
| CVE-2025-4797 | CVE-2025-4797 CVSS 9.8 | The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and includin… |
| CVE-2025-47966 | CVE-2025-47966 CVSS 9.8 | Exposure of sensitive information to an unauthorized actor in Power Automate allows an unauthorized attacker to elevate privileges over a network. |
| CVE-2025-47952 | CVE-2025-47952 CVSS 9.1 | Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. Prior to versions 2.11.25 and 3.4.1, there is a potential vulnerability in Traefik man… |
| CVE-2025-47945 | CVE-2025-47945 CVSS 9.8 | Donetick an open-source app for managing tasks and chores. Prior to version 0.1.44, the application uses JSON Web Tokens (JWT) for authentication, but the sign… |
| CVE-2025-4794 | CVE-2025-4794 CVSS 9.8 | A vulnerability was found in PHPGurukul Online Course Registration 3.1. It has been declared as critical. Affected by this vulnerability is an unknown function… |
| CVE-2025-4793 | CVE-2025-4793 CVSS 9.8 | A vulnerability was found in PHPGurukul Online Course Registration 3.1. It has been classified as critical. Affected is an unknown function of the file /edit-s… |
| CVE-2025-47928 | CVE-2025-47928 CVSS 9.1 | Spotipy is a Python library for the Spotify Web API. As of commit 4f5759dbfb4506c7b6280572a4db1aabc1ac778d, using `pull_request_target` on `.github/workflows/i… |
| CVE-2025-4792 | CVE-2025-4792 CVSS 9.8 | A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. This issue affects some unknown processing of the component MDELETE Command H… |
| CVE-2025-47917 | CVE-2025-47917 CVSS 9.8 | Mbed TLS before 3.6.4 allows a use-after-free in certain situations of applications that are developed in accordance with the documentation. The function mbedt… |
| CVE-2025-47916 | CVE-2025-47916 CVSS 9.8 | Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The issue lies within the themeeditor contr… |