32,086 indexed
CVECVE vulnerabilities
32,086 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 5,051–5,100 of 8,314 in Critical · page 102 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-47580 | CVE-2025-47580 CVSS 9.8 | Missing Authorization vulnerability in Rustaurius Front End Users front-end-only-users allows Exploiting Incorrectly Configured Access Control Security Levels.… |
| CVE-2025-4758 | CVE-2025-4758 CVSS 9.8 | A vulnerability classified as critical has been found in PHPGurukul Beauty Parlour Management System 1.1. Affected is an unknown function of the file /contact.… |
| CVE-2025-47577 | CVE-2025-47577 CVSS 10.0 | Unrestricted Upload of File with Dangerous Type vulnerability in templateinvaders TI WooCommerce Wishlist ti-woocommerce-wishlist allows Upload a Web Shell to … |
| CVE-2025-47573 | CVE-2025-47573 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla School Management allows Blind SQL Injection. Th… |
| CVE-2025-4757 | CVE-2025-4757 CVSS 9.8 | A vulnerability was found in PHPGurukul Beauty Parlour Management System 1.1. It has been rated as critical. This issue affects some unknown processing of the … |
| CVE-2025-47569 | CVE-2025-47569 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPSwings WooCommerce Ultimate Gift Card woocommerce-ultim… |
| CVE-2025-47568 | CVE-2025-47568 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in ZoomIt ZoomSounds dzs-zoomsounds allows Object Injection.This issue affects ZoomSounds: from n/a through <= … |
| CVE-2025-47559 | CVE-2025-47559 CVSS 9.9 | Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG mapsvg allows Upload a Web Shell to a Web Server.This issue affects MapSVG: f… |
| CVE-2025-47552 | CVE-2025-47552 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in Digital zoom studio DZS Video Gallery allows Object Injection.This issue affects DZS Video Gallery: from n/a… |
| CVE-2025-47548 | CVE-2025-47548 CVSS 9.8 | Server-Side Request Forgery (SSRF) vulnerability in Varun Dubey Wbcom Designs - Activity Link Preview For BuddyPress activity-link-preview-for-buddypress allow… |
| CVE-2025-47539 | CVE-2025-47539 CVSS 9.8 | Incorrect Privilege Assignment vulnerability in Arraytics Eventin wp-event-solution allows Privilege Escalation.This issue affects Eventin: from n/a through <=… |
| CVE-2025-47532 | CVE-2025-47532 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in CoinPayments CoinPayments.net Payment Gateway for WooCommerce coinpayments-payment-gateway-for-woocommerce a… |
| CVE-2025-47530 | CVE-2025-47530 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in WPFunnels WPFunnels wpfunnels allows Object Injection.This issue affects WPFunnels: from n/a through <= 3.5.… |
| CVE-2025-47479 | CVE-2025-47479 CVSS 9.8 | Weak Authentication vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Authentication Abuse.This issue affects WP Compress: from n/a throug… |
| CVE-2025-4746 | CVE-2025-4746 CVSS 9.8 | A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. This vulnerability affects unknown code of the file /pag… |
| CVE-2025-47453 | CVE-2025-47453 CVSS 9.8 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Xylus Themes WP Smart Import wp-smart-… |
| CVE-2025-47452 | CVE-2025-47452 CVSS 9.9 | Unrestricted Upload of File with Dangerous Type vulnerability in RexTheme WP VR wpvr allows Upload a Web Shell to a Web Server.This issue affects WP VR: from n… |
| CVE-2025-47445 | CVE-2025-47445 CVSS 9.8 | Relative Path Traversal vulnerability in Arraytics Eventin wp-event-solution allows Path Traversal.This issue affects Eventin: from n/a through <= 4.0.26. |
| CVE-2025-47438 | CVE-2025-47438 CVSS 9.8 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpjobportal WP Job Portal wp-job-porta… |
| CVE-2025-47436 | CVE-2025-47436 CVSS 9.8 | Heap-based Buffer Overflow vulnerability in Apache ORC. A vulnerability has been identified in the ORC C++ LZO decompression logic, where specially crafted ma… |
| CVE-2025-4741 | CVE-2025-4741 CVSS 9.8 | A vulnerability was found in Campcodes Sales and Inventory System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /p… |
| CVE-2025-4739 | CVE-2025-4739 CVSS 9.8 | A vulnerability was found in projectworlds Hospital Database Management System 1.0. It has been classified as critical. This affects an unknown part of the fil… |
| CVE-2025-4738 | CVE-2025-4738 CVSS 9.8 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yirmibes Software MY ERP allows SQL Injection. This issu… |
| CVE-2025-4736 | CVE-2025-4736 CVSS 9.8 | A vulnerability was found in PHPGurukul Daily Expense Tracker 1.1 and classified as critical. Affected by this issue is some unknown functionality of the file … |
| CVE-2025-4734 | CVE-2025-4734 CVSS 9.8 | A vulnerability, which was classified as critical, was found in Campcodes Sales and Inventory System 1.0. Affected is an unknown function of the file /pages/ci… |
| CVE-2025-47289 | CVE-2025-47289 CVSS 9.0 | CE Phoenix is a free, open-source eCommerce platform. A stored cross-site scripting (XSS) vulnerability was discovered in CE Phoenix versions 1.0.9.9 through 1… |
| CVE-2025-47284 | CVE-2025-47284 CVSS 9.9 | Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in the `gardenlet` comp… |
| CVE-2025-47283 | CVE-2025-47283 CVSS 9.9 | Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in Gardener prior to ve… |
| CVE-2025-47282 | CVE-2025-47282 CVSS 9.9 | Gardener External DNS Management is an environment to manage external DNS entries for a kubernetes cluster. A security vulnerability was discovered in Gardener… |
| CVE-2025-4728 | CVE-2025-4728 CVSS 9.8 | A vulnerability was found in SourceCodester Best Online News Portal 1.0. It has been classified as critical. Affected is an unknown function of the file /searc… |
| CVE-2025-47277 | CVE-2025-47277 CVSS 9.8 | vLLM, an inference and serving engine for large language models (LLMs), has an issue in versions 0.6.5 through 0.8.4 that ONLY impacts environments using the `… |
| CVE-2025-47275 | CVE-2025-47275 CVSS 9.1 | Auth0-PHP provides the PHP SDK for Auth0 Authentication and Management APIs. Starting in version 8.0.0-BETA1 and prior to version 8.14.0, session cookies of ap… |
| CVE-2025-4726 | CVE-2025-4726 CVSS 9.8 | A vulnerability has been found in itsourcecode Placement Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file … |
| CVE-2025-4725 | CVE-2025-4725 CVSS 9.8 | A vulnerability, which was classified as critical, was found in itsourcecode Placement Management System 1.0. This affects an unknown part of the file /view_dr… |
| CVE-2025-4724 | CVE-2025-4724 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in itsourcecode Placement Management System 1.0. Affected by this issue is some unknown funct… |
| CVE-2025-4723 | CVE-2025-4723 CVSS 9.8 | A vulnerability classified as critical was found in itsourcecode Placement Management System 1.0. Affected by this vulnerability is an unknown functionality of… |
| CVE-2025-4722 | CVE-2025-4722 CVSS 9.8 | A vulnerability classified as critical has been found in itsourcecode Placement Management System 1.0. Affected is an unknown function of the file /edit_profil… |
| CVE-2025-4721 | CVE-2025-4721 CVSS 9.8 | A vulnerability was found in itsourcecode Placement Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the fil… |
| CVE-2025-47202 | CVE-2025-47202 CVSS 9.1 | In RRC in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 9110, W920, W930,… |
| CVE-2025-4719 | CVE-2025-4719 CVSS 9.8 | A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the f… |
| CVE-2025-4718 | CVE-2025-4718 CVSS 9.8 | A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionali… |
| CVE-2025-4717 | CVE-2025-4717 CVSS 9.8 | A vulnerability, which was classified as critical, was found in PHPGurukul Company Visitor Management System 2.0. Affected is an unknown function of the file /… |
| CVE-2025-4716 | CVE-2025-4716 CVSS 9.8 | A vulnerability was found in Campcodes Sales and Inventory System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of t… |
| CVE-2025-47158 | CVE-2025-47158 CVSS 9.0 | Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network. |
| CVE-2025-47154 | CVE-2025-47154 CVSS 9.0 | LibJS in Ladybird before f5a6704 mishandles the freeing of the vector that arguments_list references, leading to a use-after-free, and allowing remote attacker… |
| CVE-2025-47151 | CVE-2025-47151 CVSS 9.8 | A type confusion vulnerability exists in the lasso_node_impl_init_from_xml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML res… |
| CVE-2025-4715 | CVE-2025-4715 CVSS 9.8 | A vulnerability was found in Campcodes Sales and Inventory System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functiona… |
| CVE-2025-4714 | CVE-2025-4714 CVSS 9.8 | A vulnerability was found in Campcodes Sales and Inventory System 1.0. It has been classified as critical. Affected is an unknown function of the file /pages/r… |
| CVE-2025-4713 | CVE-2025-4713 CVSS 9.8 | A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. This issue affects some unknown processing of the file /pages… |
| CVE-2025-4712 | CVE-2025-4712 CVSS 9.8 | A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. This vulnerability affects unknown code of the file /pag… |