32,086 indexed
CVECVE vulnerabilities
32,086 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 5,201–5,250 of 8,314 in Critical · page 105 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-45872 | CVE-2025-45872 CVSS 9.8 | zrlog v3.1.5 was discovered to contain a Server-Side Request Forgery (SSRF) via the downloadUrl parameter. |
| CVE-2025-45865 | CVE-2025-45865 CVSS 9.8 | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the dnsaddr parameter in the formDhcpv6s interface. |
| CVE-2025-45863 | CVE-2025-45863 CVSS 9.8 | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the macstr parameter in the formMapDelDevice interface. |
| CVE-2025-45861 | CVE-2025-45861 CVSS 9.8 | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the routername parameter in the formDnsv6 interface. |
| CVE-2025-45858 | CVE-2025-45858 CVSS 9.8 | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability via the FUN_00459fdc function. |
| CVE-2025-45857 | CVE-2025-45857 CVSS 9.8 | EDIMAX CV7428NS v1.20 was discovered to contain a remote code execution (RCE) vulnerability via the command parameter in the mp function. |
| CVE-2025-45854 | CVE-2025-45854 CVSS 10.0 | /server/executeExec of JEHC-BPM 2.0.1 allows attackers to execute arbitrary code via execParams. |
| CVE-2025-45841 | CVE-2025-45841 CVSS 9.8 | TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the text parameter in the setSmsCfg function. |
| CVE-2025-45814 | CVE-2025-45814 CVSS 9.8 | Missing authentication checks in the query.fcgi endpoint of NS3000 v8.1.1.125110 , v7.2.8.124852 , and v7.x and NS2000 v7.02.08 allows attackers to execute a s… |
| CVE-2025-45813 | CVE-2025-45813 CVSS 9.8 | ENENSYS IPGuard v2 2.10.0 was discovered to contain hardcoded credentials. |
| CVE-2025-45800 | CVE-2025-45800 CVSS 9.8 | TOTOLINK A950RG V4.1.2cu.5204_B20210112 contains a command execution vulnerability in the setDeviceName interface of the /lib/cste_modules/global.so library, s… |
| CVE-2025-45798 | CVE-2025-45798 CVSS 9.8 | A command execution vulnerability exists in the TOTOLINK A950RG V4.1.2cu.5204_B20210112. The vulnerability is located in the setNoticeCfg interface within the … |
| CVE-2025-45797 | CVE-2025-45797 CVSS 9.8 | TOTOlink A950RG V4.1.2cu.5204_B20210112 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the NoticeUrl … |
| CVE-2025-45790 | CVE-2025-45790 CVSS 9.8 | TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow via the priority parameter in the setMacQos interface of /lib/cste_modules/firewall.so. |
| CVE-2025-45789 | CVE-2025-45789 CVSS 9.8 | TOTOLINK A3100R V5.9c.1527 is vulnerable to buffer overflow via the urlKeyword parameter in setParentalRules. |
| CVE-2025-45788 | CVE-2025-45788 CVSS 9.8 | TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow via the comment parameter in setMacFilterRules. |
| CVE-2025-45787 | CVE-2025-45787 CVSS 9.8 | TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow viathe comment parameter in setIpPortFilterRules. |
| CVE-2025-45784 | CVE-2025-45784 CVSS 9.8 | D-Link DPH-400S/SE VoIP Phone v1.01 contains hardcoded provisioning variables, including PROVIS_USER_PASSWORD, which may expose sensitive user credentials. An … |
| CVE-2025-4578 | CVE-2025-4578 CVSS 9.8 | The File Provider WordPress plugin through 1.2.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action availa… |
| CVE-2025-45779 | CVE-2025-45779 CVSS 9.8 | Tenda AC10 V1.0re_V15.03.06.46 is vulnerable to Buffer Overflow in the formSetPPTPUserList handler via the list POST parameter. |
| CVE-2025-45777 | CVE-2025-45777 CVSS 9.8 | An issue in the OTP mechanism of Chavara Family Welfare Centre Chavara Matrimony Site v2.0 allows attackers to bypass authentication via supplying a crafted re… |
| CVE-2025-45765 | CVE-2025-45765 CVSS 9.1 | ruby-jwt v3.0.0.beta1 was discovered to contain weak encryption. NOTE: the Supplier's perspective is "keysize is not something that is enforced by this library… |
| CVE-2025-45746 | CVE-2025-45746 CVSS 9.8 | In ZKT ZKBio CVSecurity 6.4.1_R an unauthenticated attacker can craft JWT token using the hardcoded secret to authenticate to the service console. NOTE: the Su… |
| CVE-2025-4564 | CVE-2025-4564 CVSS 9.8 | The TicketBAI Facturas para WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation via the 'delpdf'… |
| CVE-2025-45616 | CVE-2025-45616 CVSS 9.8 | Incorrect access control in the /admin/** API of brcc v1.2.0 allows attackers to gain access to Admin rights via a crafted request. |
| CVE-2025-45615 | CVE-2025-45615 CVSS 9.8 | Incorrect access control in the /admin/ API of yaoqishan v0.0.1-SNAPSHOT allows attackers to gain access to Admin rights via a crafted request. |
| CVE-2025-45612 | CVE-2025-45612 CVSS 9.8 | Incorrect access control in xmall v1.1 allows attackers to bypass authentication via a crafted GET request to /index. |
| CVE-2025-45611 | CVE-2025-45611 CVSS 9.8 | Incorrect access control in the /user/edit/ component of hope-boot v1.0.0 allows attackers to bypass authentication via a crafted GET request. |
| CVE-2025-45607 | CVE-2025-45607 CVSS 9.8 | An issue in the component /manage/ of itranswarp v2.19 allows attackers to bypass authentication via a crafted request. |
| CVE-2025-4559 | CVE-2025-4559 CVSS 9.8 | The ISOinsight from Netvision has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, an… |
| CVE-2025-45583 | CVE-2025-45583 CVSS 9.1 | Incorrect access control in the FTP protocol of Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to authenticate into the service using any combina… |
| CVE-2025-4558 | CVE-2025-4558 CVSS 9.8 | The GPM from WormHole Tech has an Unverified Password Change vulnerability, allowing unauthenticated remote attackers to change any user's password and use the… |
| CVE-2025-4557 | CVE-2025-4557 CVSS 9.1 | The specific APIs of Parking Management System from ZONG YU has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access spe… |
| CVE-2025-4556 | CVE-2025-4556 CVSS 9.8 | The web management interface of Okcat Parking Management Platform from ZONG YU has an Arbitrary File Upload vulnerability, allowing unauthenticated remote atta… |
| CVE-2025-4555 | CVE-2025-4555 CVSS 9.8 | The web management interface of Okcat Parking Management Platform from ZONG YU has a Missing Authentication vulnerability, allowing unauthenticated remote atta… |
| CVE-2025-4554 | CVE-2025-4554 CVSS 9.8 | A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. It has been classified as critical. This affects an unknown part of the file … |
| CVE-2025-4553 | CVE-2025-4553 CVSS 9.8 | A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0 and classified as critical. Affected by this issue is some unknown functionali… |
| CVE-2025-45513 | CVE-2025-45513 CVSS 9.8 | Tenda FH451 V1.0.0.9 has a stack overflow vulnerability in the function.P2pListFilter. |
| CVE-2025-4550 | CVE-2025-4550 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in PHPGurukul Apartment Visitors Management System 1.0. This issue affects some unknown proce… |
| CVE-2025-45492 | CVE-2025-45492 CVSS 9.8 | Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the Iface parameter in the action_wireless function. |
| CVE-2025-45491 | CVE-2025-45491 CVSS 9.8 | Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the username parameter. |
| CVE-2025-45490 | CVE-2025-45490 CVSS 9.8 | Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the password parameter. |
| CVE-2025-4549 | CVE-2025-4549 CVSS 9.8 | A vulnerability classified as critical was found in Campcodes Online Food Ordering System 1.0. This vulnerability affects unknown code of the file /routers/reg… |
| CVE-2025-45489 | CVE-2025-45489 CVSS 9.8 | Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the hostname parameter. |
| CVE-2025-45488 | CVE-2025-45488 CVSS 9.8 | Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the mailex parameter. |
| CVE-2025-45487 | CVE-2025-45487 CVSS 9.8 | Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.InternetConnection function. |
| CVE-2025-4548 | CVE-2025-4548 CVSS 9.8 | A vulnerability classified as critical has been found in Campcodes Online Food Ordering System 1.0. This affects an unknown part of the file /routers/router.ph… |
| CVE-2025-45479 | CVE-2025-45479 CVSS 9.8 | Insufficient security mechanisms for created containers in educoder challenges v1.0 allow attackers to execute arbitrary code via injecting crafted content int… |
| CVE-2025-45429 | CVE-2025-45429 CVSS 9.8 | In the Tenda ac9 v1.0 router with firmware V15.03.05.14_multi, there is a stack overflow vulnerability in /goform/WifiWpsStart, which may lead to remote arbitr… |
| CVE-2025-45428 | CVE-2025-45428 CVSS 9.8 | In Tenda ac9 v1.0 with firmware V15.03.05.14_multi, the rebootTime parameter of /goform/SetSysAutoRebbotCfg has a stack overflow vulnerability, which can lead … |