32,086 indexed
CVECVE vulnerabilities
32,086 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 5,151–5,200 of 8,314 in Critical · page 104 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-4632 | Samsung MagicINFO 9 Server Path Traversal Vulnerability KEVCVSS 9.8Samsung | Samsung MagicINFO 9 Server contains a path traversal vulnerability that allows an attacker to write arbitrary file as system authority. |
| CVE-2025-4631 | CVE-2025-4631 CVSS 9.8 | The Profitori plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the stocktend_object endpoint in versions 2.0.6.0… |
| CVE-2025-46295 | CVE-2025-46295 CVSS 9.8 | Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted input into the text-substi… |
| CVE-2025-46275 | CVE-2025-46275 CVSS 9.8 | WGS-80HPT-V2 and WGS-4215-8T2S are missing authentication that could allow an attacker to create an administrator account without knowing any existing creden… |
| CVE-2025-46274 | CVE-2025-46274 CVSS 9.8 | UNI-NMS-Lite uses hard-coded credentials that could allow an unauthenticated attacker to read, manipulate and create entries in the managed database. |
| CVE-2025-46273 | CVE-2025-46273 CVSS 9.8 | UNI-NMS-Lite uses hard-coded credentials that could allow an unauthenticated attacker to gain administrative privileges to all UNI-NMS managed devices. |
| CVE-2025-46272 | CVE-2025-46272 CVSS 9.1 | WGS-80HPT-V2 and WGS-4215-8T2S are vulnerable to a command injection attack that could allow an unauthenticated attacker to execute OS commands on the host s… |
| CVE-2025-46271 | CVE-2025-46271 CVSS 9.1 | UNI-NMS-Lite is vulnerable to a command injection attack that could allow an unauthenticated attacker to read or manipulate device data. |
| CVE-2025-46264 | CVE-2025-46264 CVSS 9.9 | Unrestricted Upload of File with Dangerous Type vulnerability in blubrry PowerPress Podcasting powerpress allows Upload a Web Shell to a Web Server.This issue … |
| CVE-2025-46248 | CVE-2025-46248 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in M A Vinoth Kumar Frontend Dashboard frontend-dashboard al… |
| CVE-2025-46247 | CVE-2025-46247 CVSS 9.8 | Missing Authorization vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows Accessing Functionality Not Properly Constra… |
| CVE-2025-46244 | CVE-2025-46244 CVSS 9.8 | Missing Authorization vulnerability in Dotstore Advanced Linked Variations for Woocommerce linked-variation allows Exploiting Incorrectly Configured Access Con… |
| CVE-2025-46199 | CVE-2025-46199 CVSS 9.8 | Cross Site Scripting vulnerability in grav v.1.7.48 and before allows an attacker to execute arbitrary code via a crafted script to the form fields |
| CVE-2025-46193 | CVE-2025-46193 CVSS 9.8 | SourceCodester Client Database Management System 1.0 is vulnerable to Remote code execution via Arbitrary file upload in user_proposal_update_order.php. |
| CVE-2025-46192 | CVE-2025-46192 CVSS 9.8 | SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in user_payment_update.php via the order_id POST parameter. |
| CVE-2025-46191 | CVE-2025-46191 CVSS 9.8 | Arbitrary File Upload in user_payment_update.php in SourceCodester Client Database Management System 1.0 allows unauthenticated users to upload arbitrary files… |
| CVE-2025-46190 | CVE-2025-46190 CVSS 9.8 | SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in user_delivery_update.php via the order_id POST parameter. |
| CVE-2025-46189 | CVE-2025-46189 CVSS 9.8 | SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in user_order_customer_update.php via the order_id POST parameter. |
| CVE-2025-46188 | CVE-2025-46188 CVSS 9.8 | SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in superadmin_phpmyadmin.php. |
| CVE-2025-46179 | CVE-2025-46179 CVSS 9.8 | A SQL Injection vulnerability was discovered in the askquery.php file of CloudClassroom-PHP Project v1.0. The squeryx parameter accepts unsanitized input, whic… |
| CVE-2025-46157 | CVE-2025-46157 CVSS 9.9 | An issue in EfroTech Time Trax v.1.0 allows a remote attacker to execute arbitrary code via the file attachment function in the leave request form |
| CVE-2025-46122 | CVE-2025-46122 CVSS 9.1 | An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the authenticated diagnostics API endpoint `/admin/_cm… |
| CVE-2025-46121 | CVE-2025-46121 CVSS 9.8 | An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the functions `stamgr_cfg_adpt_addStaFavourite` and `s… |
| CVE-2025-46120 | CVE-2025-46120 CVSS 9.8 | An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where a pa… |
| CVE-2025-46117 | CVE-2025-46117 CVSS 9.1 | An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where a hi… |
| CVE-2025-46108 | CVE-2025-46108 CVSS 9.8 | D-link Dir-513 A1FW110 is vulnerable to Buffer Overflow in the function formTcpipSetup. |
| CVE-2025-46101 | CVE-2025-46101 CVSS 9.8 | SQL Injection vulnerability in Beakon Software Beakon Learning Management System Sharable Content Object Reference Model (SCORM) version before 5.4.3 allows a … |
| CVE-2025-4609 | CVE-2025-4609 CVSS 9.6 | Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 136.0.7103.113 allowed a remote attacker to potentially per… |
| CVE-2025-46070 | CVE-2025-46070 CVSS 9.8 | An issue in Automai BotManager v.25.2.0 allows a remote attacker to execute arbitrary code via the BotManager.exe component |
| CVE-2025-4607 | CVE-2025-4607 CVSS 9.8 | The PSW Front-end Login & Registration plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.12 via the customer_r… |
| CVE-2025-46066 | CVE-2025-46066 CVSS 9.9 | An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges |
| CVE-2025-46060 | CVE-2025-46060 CVSS 9.8 | Buffer Overflow vulnerability in TOTOLINK N600R v4.3.0cu.7866_B2022506 allows a remote attacker to execute arbitrary code via the UPLOAD_FILENAME component |
| CVE-2025-4606 | CVE-2025-4606 CVSS 9.8 | The Sala - Startup & SaaS WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, … |
| CVE-2025-46059 | CVE-2025-46059 CVSS 9.8 | langchain-ai v0.3.51 was discovered to contain an indirect prompt injection vulnerability in the GmailToolkit component. This vulnerability allows attackers to… |
| CVE-2025-46052 | CVE-2025-46052 CVSS 9.8 | An error-based SQL Injection (SQLi) vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL command and extract sensitive data by injecting a… |
| CVE-2025-4603 | CVE-2025-4603 CVSS 9.1 | The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delet… |
| CVE-2025-46001 | CVE-2025-46001 CVSS 9.8 | An arbitrary file upload vulnerability in the is_allowed_file_type() function of Filemanager v2.3.0 allows attackers to execute arbitrary code via uploading a … |
| CVE-2025-45988 | CVE-2025-45988 CVSS 9.8 | Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL… |
| CVE-2025-45987 | CVE-2025-45987 CVSS 9.8 | Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL… |
| CVE-2025-45986 | CVE-2025-45986 CVSS 9.8 | Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL… |
| CVE-2025-45985 | CVE-2025-45985 CVSS 9.8 | Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL… |
| CVE-2025-45984 | CVE-2025-45984 CVSS 9.8 | Blink routers BL-WR9000 V2.4.9, BL-AC1900 V1.0.2, BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 V1.0.5, BL-LTE300 V1.2.3, BL-F1200_AT1 V1.0.0, BL-X26_AC8 V1.2.8, BLAC450M_A… |
| CVE-2025-45968 | CVE-2025-45968 CVSS 9.8 | An issue in System PDV v1.0 allows a remote attacker to obtain sensitive information via the hash parameter in a URL. The application contains an Insecure Dire… |
| CVE-2025-45953 | CVE-2025-45953 CVSS 9.1 | A vulnerability was found in PHPGurukul Hostel Management System 2.1 in the /hostel/change-password.php file of the user panel - Change Password component. Imp… |
| CVE-2025-45949 | CVE-2025-45949 CVSS 9.8 | A critical vulnerability was found in PHPGurukul User Registration & Login and User Management System V3.3 in the /loginsystem/change-password.php file of the … |
| CVE-2025-45947 | CVE-2025-45947 CVSS 9.8 | An issue in phpgurukul Online Banquet Booking System V1.2 allows an attacker to execute arbitrary code via the /obbs/change-password.php file of the My Account… |
| CVE-2025-45931 | CVE-2025-45931 CVSS 9.8 | An issue D-Link DIR-816-A2 DIR-816A2_FWv1.10CNB05_R1B011D88210 allows a remote attacker to execute arbitrary code via system() function in the bin/goahead file |
| CVE-2025-45890 | CVE-2025-45890 CVSS 9.8 | Directory Traversal vulnerability in novel plus before v.5.1.0 allows a remote attacker to execute arbitrary code via the filePath parameter |
| CVE-2025-45887 | CVE-2025-45887 CVSS 9.1 | Yifang CMS v2.0.2 is vulnerable to Server-Side Request Forgery (SSRF) in /api/file/getRemoteContent. |
| CVE-2025-45885 | CVE-2025-45885 CVSS 9.8 | PHPGURUKUL Vehicle Parking Management System v1.13 is vulnerable to SQL injection in the /vpms/users/login.php file. Attackers can inject malicious code from t… |