32,086 indexed
CVECVE vulnerabilities
32,086 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 5,101–5,150 of 8,314 in Critical · page 103 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-4711 | CVE-2025-4711 CVSS 9.8 | A vulnerability, which was classified as critical, was found in Campcodes Sales and Inventory System 1.0. This affects an unknown part of the file /pages/stock… |
| CVE-2025-4710 | CVE-2025-4710 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in Campcodes Sales and Inventory System 1.0. Affected by this issue is some unknown functiona… |
| CVE-2025-4709 | CVE-2025-4709 CVSS 9.8 | A vulnerability classified as critical was found in Campcodes Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the… |
| CVE-2025-4708 | CVE-2025-4708 CVSS 9.8 | A vulnerability classified as critical has been found in Campcodes Sales and Inventory System 1.0. Affected is an unknown function of the file /pages/sales_add… |
| CVE-2025-4707 | CVE-2025-4707 CVSS 9.8 | A vulnerability was found in Campcodes Sales and Inventory System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /p… |
| CVE-2025-4706 | CVE-2025-4706 CVSS 9.8 | A vulnerability was found in projectworlds Online Examination System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file… |
| CVE-2025-4705 | CVE-2025-4705 CVSS 9.8 | A vulnerability was found in PHPGurukul Vehicle Parking Management System 1.13. It has been classified as critical. This affects an unknown part of the file /a… |
| CVE-2025-4703 | CVE-2025-4703 CVSS 9.8 | A vulnerability has been found in PHPGurukul Vehicle Parking Management System 1.13 and classified as critical. Affected by this vulnerability is an unknown fu… |
| CVE-2025-4702 | CVE-2025-4702 CVSS 9.8 | A vulnerability, which was classified as critical, was found in PHPGurukul Vehicle Parking Management System 1.13. Affected is an unknown function of the file … |
| CVE-2025-4699 | CVE-2025-4699 CVSS 9.8 | A vulnerability classified as critical was found in PHPGurukul Apartment Visitors Management System 1.0. This vulnerability affects unknown code of the file /a… |
| CVE-2025-4698 | CVE-2025-4698 CVSS 9.8 | A vulnerability classified as critical has been found in PHPGurukul Directory Management System 2.0. This affects an unknown part of the file /admin/forget-pas… |
| CVE-2025-4697 | CVE-2025-4697 CVSS 9.8 | A vulnerability was found in PHPGurukul Directory Management System 2.0. It has been rated as critical. Affected by this issue is some unknown functionality of… |
| CVE-2025-4689 | CVE-2025-4689 CVSS 9.8 | The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Local File Inclusion which leads to Remote Code Executio… |
| CVE-2025-4688 | CVE-2025-4688 CVSS 9.8 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BGS Interactive SINAV.LINK Exam Result Module allows SQL … |
| CVE-2025-46828 | CVE-2025-46828 CVSS 9.8 | WeGIA is a web manager for charitable institutions. An unauthenticated SQL Injection vulnerability was identified in versions up to and including 3.3.0 in the… |
| CVE-2025-46816 | CVE-2025-46816 CVSS 9.4 | goshs is a SimpleHTTPServer written in Go. Starting in version 0.3.4 and prior to version 1.0.5, running goshs without arguments makes it possible for anyone t… |
| CVE-2025-46811 | CVE-2025-46811 CVSS 9.8 | A Missing Authorization vulnerability in SUSE Linux Manager allows anyone with the ability to connect to port 443 of SUSE Manager is able to run any command as… |
| CVE-2025-46801 | CVE-2025-46801 CVSS 9.8 | Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by primary weakness vulnerability. if the vulnerability is exploited, a… |
| CVE-2025-46788 | CVE-2025-46788 CVSS 9.1 | Improper certificate validation in Zoom Workplace for Linux before version 6.4.13 may allow an unauthorized user to conduct an information disclosure via netwo… |
| CVE-2025-46783 | CVE-2025-46783 CVSS 9.8 | Path traversal vulnerability exists in RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.242.0. If this vulnerability is exploited, arbitrary code may be ex… |
| CVE-2025-46726 | CVE-2025-46726 CVSS 9.1 | Langroid is a framework for building large-language-model-powered applications. Prior to version 0.53.4, a LLM application leveraging `XMLToolMessage` class ma… |
| CVE-2025-46725 | CVE-2025-46725 CVSS 9.8 | Langroid is a Python framework to build large language model (LLM)-powered applications. Prior to version 0.53.15, `LanceDocChatAgent` uses pandas eval() throu… |
| CVE-2025-46724 | CVE-2025-46724 CVSS 9.8 | Langroid is a Python framework to build large language model (LLM)-powered applications. Prior to version 0.53.15, `TableChatAgent` uses `pandas eval()`. If fe… |
| CVE-2025-46674 | CVE-2025-46674 CVSS 9.9 | NASA CryptoLib before 1.3.2 uses Extended Procedures that are a Work in Progress (not intended for use during flight), potentially leading to a keystream oracl… |
| CVE-2025-46673 | CVE-2025-46673 CVSS 9.9 | NASA CryptoLib before 1.3.2 does not check whether the SA is in an operational state before use, possibly leading to a bypass of the Space Data Link Security p… |
| CVE-2025-46661 | CVE-2025-46661 CVSS 9.8 | IPW Systems Metazo through 8.1.3 allows unauthenticated Remote Code Execution because smartyValidator.php enables the attacker to provide template expressions,… |
| CVE-2025-46658 | CVE-2025-46658 CVSS 9.8 | An issue was discovered in ExonautWeb in 4C Strategies Exonaut 21.6. There are verbose error messages. |
| CVE-2025-4665 | CVE-2025-4665 CVSS 9.6 | WordPress plugin Contact Form CFDB7 versions up to and including 1.3.2 are affected by a pre-authentication SQL injection vulnerability that cascades into inse… |
| CVE-2025-46616 | CVE-2025-46616 CVSS 9.9 | Quantum StorNext Web GUI API before 7.2.4 allows potential Arbitrary Remote Code Execution (RCE) via upload of a file. This affects StorNext RYO before 7.2.4, … |
| CVE-2025-4660 | CVE-2025-4660 CVSS 9.8 | A remote code execution vulnerability exists in the Windows agent component of SecureConnector due to improper access controls on a named pipe. The pipe is acc… |
| CVE-2025-46581 | CVE-2025-46581 CVSS 9.8 | ZTE's ZXCDN product is affected by a Struts remote code execution (RCE) vulnerability. An unauthenticated attacker can remotely execute commands with non-root… |
| CVE-2025-4658 | CVE-2025-4658 CVSS 9.8 | Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification. As OPKSSH … |
| CVE-2025-46566 | CVE-2025-46566 CVSS 9.8 | DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.9, authenticated users can complete RCE through the backend JDBC link. This is… |
| CVE-2025-46558 | CVE-2025-46558 CVSS 9.0 | XWiki Contrib's Syntax Markdown allows importing Markdown content into wiki pages and creating wiki content in Markdown. In versions starting from 8.2 to befor… |
| CVE-2025-46557 | CVE-2025-46557 CVSS 9.8 | XWiki is a generic wiki platform. In versions starting from 15.3-rc-1 to before 15.10.14, from 16.0.0-rc-1 to before 16.4.6, and from 16.5.0-rc-1 to before 16.… |
| CVE-2025-46539 | CVE-2025-46539 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFable Fable Extra fable-extra allows Blind SQL Injectio… |
| CVE-2025-46490 | CVE-2025-46490 CVSS 9.9 | Unrestricted Upload of File with Dangerous Type vulnerability in wordwebsoftware Crossword Compiler Puzzles crossword-compiler-puzzles allows Upload a Web Shel… |
| CVE-2025-46468 | CVE-2025-46468 CVSS 9.8 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WPFable Fable Extra fable-extra allows… |
| CVE-2025-46460 | CVE-2025-46460 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Detheme Easy Guide wp-easy-guide allows SQL Injection.Thi… |
| CVE-2025-46455 | CVE-2025-46455 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in IndigoThemes WP HRM LITE wp-hrm-lite-human-resource-manag… |
| CVE-2025-46433 | CVE-2025-46433 CVSS 9.8 | In JetBrains TeamCity before 2025.03.1 improper path validation in loggingPreset parameter was possible |
| CVE-2025-46412 | CVE-2025-46412 CVSS 9.8 | Affected Vertiv products do not properly protect webserver functions that could allow an attacker to bypass authentication. |
| CVE-2025-46411 | CVE-2025-46411 CVSS 9.8 | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A spec… |
| CVE-2025-46408 | CVE-2025-46408 CVSS 9.8 | An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.Push_HttpService.getNewHttpClient in AVTECH Eag… |
| CVE-2025-4638 | CVE-2025-4638 CVSS 9.8 | A vulnerability exists in the inftrees.c component of the zlib library, which is bundled within the PointCloudLibrary (PCL). This issue may allow context-depen… |
| CVE-2025-46352 | CVE-2025-46352 CVSS 9.8 | The CS5000 Fire Panel is vulnerable due to a hard-coded password that runs on a VNC server and is visible as a string in the binary responsible for running V… |
| CVE-2025-46348 | CVE-2025-46348 CVSS 9.8 | YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the request to commence a site backup can be performed and downloaded without authentication. … |
| CVE-2025-46347 | CVE-2025-46347 CVSS 9.8 | YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki vulnerable to remote code execution. An arbitrary file write can be used to write a fi… |
| CVE-2025-46337 | CVE-2025-46337 CVSS 10.0 | ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. Prior to version 5.22.9, improper escaping of a… |
| CVE-2025-46331 | CVE-2025-46331 CVSS 9.8 | OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.10 to v1.3.6 (Hel… |