32,086 indexed
CVECVE vulnerabilities
32,086 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 5,001–5,050 of 8,314 in Critical · page 101 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-4791 | CVE-2025-4791 CVSS 9.8 | A vulnerability has been found in FreeFloat FTP Server 1.0 and classified as critical. This vulnerability affects unknown code of the component HASH Command Ha… |
| CVE-2025-4790 | CVE-2025-4790 CVSS 9.8 | A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. This affects an unknown part of the component GLOB Command Handler. T… |
| CVE-2025-4789 | CVE-2025-4789 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. Affected by this issue is some unknown functionality of the comp… |
| CVE-2025-47889 | CVE-2025-47889 CVSS 9.8 | In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims are accepted without validation by the "WSO2 Oauth" security realm, allowing unauthenticate… |
| CVE-2025-47884 | CVE-2025-47884 CVSS 9.1 | In Jenkins OpenID Connect Provider Plugin 96.vee8ed882ec4d and earlier the generation of build ID Tokens uses potentially overridden values of environment vari… |
| CVE-2025-4788 | CVE-2025-4788 CVSS 9.8 | A vulnerability classified as critical was found in FreeFloat FTP Server 1.0. Affected by this vulnerability is an unknown functionality of the component DELET… |
| CVE-2025-47869 | CVE-2025-47869 CVSS 9.8 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability was discovered in Apache NuttX RTOS apps/exapmles/xmlrpc application. In … |
| CVE-2025-47868 | CVE-2025-47868 CVSS 9.8 | Out-of-bounds Write resulting in possible Heap-based Buffer Overflow vulnerability was discovered in tools/bdf-converter font conversion utility that is part o… |
| CVE-2025-47867 | CVE-2025-47867 CVSS 9.8 | A Local File Inclusion vulnerability in a Trend Micro Apex Central widget in versions below 8.0.6955 could allow an attacker to include arbitrary files to exec… |
| CVE-2025-47865 | CVE-2025-47865 CVSS 9.8 | A Local File Inclusion vulnerability in a Trend Micro Apex Central widget below version 8.0.6955 could allow an attacker to gain remote code execution on affec… |
| CVE-2025-47855 | CVE-2025-47855 CVSS 9.8 | An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in Fortinet FortiFone 7.0.0 through 7.0.1, FortiFone 3.0.13 through 3.0.2… |
| CVE-2025-4785 | CVE-2025-4785 CVSS 9.8 | A vulnerability was found in PHPGurukul Daily Expense Tracker System 1.1. It has been rated as critical. Affected by this issue is some unknown functionality o… |
| CVE-2025-4784 | CVE-2025-4784 CVSS 9.8moderec | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Moderec Tourtella allows SQL Injection. This issue affec… |
| CVE-2025-47816 | CVE-2025-47816 CVSS 9.1 | libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause an spvxml-helpers.c spvxml_parse_attributes out-of-bounds read, related to extra content at … |
| CVE-2025-47815 | CVE-2025-47815 CVSS 9.8 | libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a heap-based buffer overflow in inflate_read (called indirectly from zip_member_read_all) in… |
| CVE-2025-47814 | CVE-2025-47814 CVSS 9.8 | libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a heap-based buffer overflow in inflate_read (called indirectly from spv_read_xml_member) in… |
| CVE-2025-47812 | Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability KEVCVSS 10.0Wing FTP Server | Wing FTP Server contains an improper neutralization of null byte or NUL character vulnerability that can allow injection of arbitrary Lua code into user sessio… |
| CVE-2025-4780 | CVE-2025-4780 CVSS 9.8 | A vulnerability was found in PHPGurukul Park Ticketing Management System 2.0. It has been rated as critical. This issue affects some unknown processing of the … |
| CVE-2025-47787 | CVE-2025-47787 CVSS 9.8 | Emlog is an open source website building system. Emlog Pro prior to version 2.5.10 contains a file upload vulnerability. The store.php component contains a cri… |
| CVE-2025-47784 | CVE-2025-47784 CVSS 9.8 | Emlog is an open source website building system. Versions 2.5.13 and prior have a deserialization vulnerability. A user who creates a carefully crafted nicknam… |
| CVE-2025-47781 | CVE-2025-47781 CVSS 9.8 | Rallly is an open-source scheduling and collaboration tool. Versions up to and including 3.22.1 of the application features token based authentication. When a … |
| CVE-2025-47777 | CVE-2025-47777 CVSS 9.6 | 5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Versions prior to 0.11.1 are vulnerable to stored cross-s… |
| CVE-2025-47776 | CVE-2025-47776 CVSS 9.1 | Mantis Bug Tracker (MantisBT) is an open source issue tracker. Due to incorrect use of loose (==) instead of strict (===) comparison in the authentication code… |
| CVE-2025-47737 | CVE-2025-47737 CVSS 9.8 | lib.rs in the trailer crate through 0.1.2 for Rust mishandles allocating with a size of zero. |
| CVE-2025-47735 | CVE-2025-47735 CVSS 9.8 | inner::drop in inner.rs in the wgp crate through 0.2.0 for Rust lacks drop_slow thread synchronization. |
| CVE-2025-47732 | CVE-2025-47732 CVSS 9.8 | Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network. |
| CVE-2025-4773 | CVE-2025-4773 CVSS 9.8 | A vulnerability was found in PHPGurukul Online Course Registration 3.1 and classified as critical. Affected by this issue is some unknown functionality of the … |
| CVE-2025-4772 | CVE-2025-4772 CVSS 9.8 | A vulnerability has been found in PHPGurukul Online Course Registration 3.1 and classified as critical. Affected by this vulnerability is an unknown functional… |
| CVE-2025-4771 | CVE-2025-4771 CVSS 9.8 | A vulnerability, which was classified as critical, was found in PHPGurukul Online Course Registration 3.1. Affected is an unknown function of the file /admin/c… |
| CVE-2025-47699 | CVE-2025-47699 CVSS 9.9 | Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) in the Gallagher Morpho integration could allow an authenticated operator … |
| CVE-2025-47688 | CVE-2025-47688 CVSS 9.8 | Missing Authorization vulnerability in Saad Iqbal Advanced File Manager file-manager-advanced allows Exploiting Incorrectly Configured Access Control Security … |
| CVE-2025-47687 | CVE-2025-47687 CVSS 10.0 | Unrestricted Upload of File with Dangerous Type vulnerability in StoreKeeper B.V. StoreKeeper for WooCommerce storekeeper-for-woocommerce allows Upload a Web S… |
| CVE-2025-47682 | CVE-2025-47682 CVSS 9.8 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allow… |
| CVE-2025-47663 | CVE-2025-47663 CVSS 9.9 | Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla Hospital Management System allows Upload a Web Shell to a Web Server. This issue affe… |
| CVE-2025-4766 | CVE-2025-4766 CVSS 9.8 | A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality… |
| CVE-2025-47657 | CVE-2025-47657 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Productive Minds Productive Commerce productive-commerce … |
| CVE-2025-4765 | CVE-2025-4765 CVSS 9.8 | A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been classified as critical. Affected is an unknown function of the file /admin/conta… |
| CVE-2025-47646 | CVE-2025-47646 CVSS 9.8 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gilblas Ngunte Possi PSW Front-end Login & Registration psw-login-and-registration all… |
| CVE-2025-47642 | CVE-2025-47642 CVSS 10.0 | Unrestricted Upload of File with Dangerous Type vulnerability in Ajar Productions Ajar in5 Embed ajar-productions-in5-embed allows Upload a Web Shell to a Web … |
| CVE-2025-47641 | CVE-2025-47641 CVSS 10.0 | Unrestricted Upload of File with Dangerous Type vulnerability in printcart Printcart Web to Print Product Designer for WooCommerce printcart-integration allows… |
| CVE-2025-47640 | CVE-2025-47640 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in printcart Printcart Web to Print Product Designer for Woo… |
| CVE-2025-47637 | CVE-2025-47637 CVSS 10.0 | Unrestricted Upload of File with Dangerous Type vulnerability in STAGGS STAGGS staggs allows Upload a Web Shell to a Web Server.This issue affects STAGGS: from… |
| CVE-2025-47635 | CVE-2025-47635 CVSS 9.8 | Server-Side Request Forgery (SSRF) vulnerability in WPWebinarSystem WebinarPress wp-webinarsystem allows Server Side Request Forgery.This issue affects Webinar… |
| CVE-2025-4761 | CVE-2025-4761 CVSS 9.8 | A vulnerability has been found in PHPGurukul Complaint Management System 2.0 and classified as critical. This vulnerability affects unknown code of the file /a… |
| CVE-2025-47608 | CVE-2025-47608 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in sonalsinha21 Recover abandoned cart for WooCommerce recov… |
| CVE-2025-47599 | CVE-2025-47599 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in facturante Facturante facturante allows SQL Injection.Thi… |
| CVE-2025-47588 | CVE-2025-47588 CVSS 9.1 | Improper Control of Generation of Code ('Code Injection') vulnerability in acowebs Dynamic Pricing With Discount Rules for WooCommerce aco-woo-dynamic-pricing … |
| CVE-2025-47586 | CVE-2025-47586 CVSS 9.0 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Motors - Events stm-mot… |
| CVE-2025-47582 | CVE-2025-47582 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in QuantumCloud WPBot Pro Wordpress Chatbot allows Object Injection.This issue affects WPBot Pro Wordpress Chat… |
| CVE-2025-47581 | CVE-2025-47581 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in elbisnero WordPress Events Calendar Registration & Tickets wpeventplus allows Object Injection.This issue af… |