32,086 indexed
CVECVE vulnerabilities
32,086 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 5,251–5,300 of 8,314 in Critical · page 106 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-45427 | CVE-2025-45427 CVSS 9.8 | In Tenda AC9 v1.0 with firmware V15.03.05.14_multi, the security parameter of /goform/WifiBasicSet has a stack overflow vulnerability, which can lead to remote… |
| CVE-2025-4538 | CVE-2025-4538 CVSS 9.8 | A vulnerability was found in kkFileView 4.4.0. It has been classified as critical. This affects an unknown part of the file /fileUpload. The manipulation of th… |
| CVE-2025-45378 | CVE-2025-45378 CVSS 9.1 | Dell CloudLink, versions 8.0 through 8.1.2, contain vulnerability on restricted shell. A Privileged user with known password can break into command shell of Cl… |
| CVE-2025-45343 | CVE-2025-45343 CVSS 9.8 | An issue in Tenda W18E v.2.0 v.16.01.0.11 allows an attacker to execute arbitrary code via the editing functionality of the account module in the goform/setmod… |
| CVE-2025-4528 | CVE-2025-4528 CVSS 9.8 | A vulnerability was found in Dígitro NGC Explorer up to 3.44.15 and classified as problematic. This issue affects some unknown processing. The manipulation lea… |
| CVE-2025-4524 | CVE-2025-4524 CVSS 9.8 | The Madara – Responsive and modern WordPress theme for manga sites theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and includi… |
| CVE-2025-45238 | CVE-2025-45238 CVSS 9.1 | foxcms v1.2.5 was discovered to contain an arbitrary file deletion vulnerability via the delRestoreSerie method. |
| CVE-2025-4517 | CVE-2025-4517 CVSS 9.4 | Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the… |
| CVE-2025-45150 | CVE-2025-45150 CVSS 9.8 | Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive files via supplying a crafted request. |
| CVE-2025-45146 | CVE-2025-45146 CVSS 9.8 | ModelCache for LLM through v0.2.0 was discovered to contain an deserialization vulnerability via the component /manager/data_manager.py. This vulnerability all… |
| CVE-2025-4514 | CVE-2025-4514 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in Zhengzhou Jiuhua Electronic Technology mayicms up to 5.8E. Affected by this issue is some … |
| CVE-2025-4509 | CVE-2025-4509 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in PHPGurukul e-Diary Management System 1.0. This issue affects some unknown processing of th… |
| CVE-2025-4508 | CVE-2025-4508 CVSS 9.8 | A vulnerability classified as critical was found in PHPGurukul e-Diary Management System 1.0. This vulnerability affects unknown code of the file /my-profile.p… |
| CVE-2025-4507 | CVE-2025-4507 CVSS 9.8 | A vulnerability classified as critical has been found in Campcodes Online Food Ordering System 1.0. This affects an unknown part of the file /routers/add-item.… |
| CVE-2025-45065 | CVE-2025-45065 CVSS 9.8 | employee record management system in php and mysql v1 was discovered to contain a SQL injection vulnerability via the loginerms.php endpoint. |
| CVE-2025-4506 | CVE-2025-4506 CVSS 9.8 | A vulnerability was found in Campcodes Online Food Ordering System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of … |
| CVE-2025-4505 | CVE-2025-4505 CVSS 9.8 | A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknow… |
| CVE-2025-45042 | CVE-2025-45042 CVSS 9.8 | Tenda AC9 v15.03.05.14 was discovered to contain a command injection vulnerability via the Telnet function. |
| CVE-2025-4504 | CVE-2025-4504 CVSS 9.8 | A vulnerability was found in SourceCodester Online College Library System 1.0. It has been classified as critical. Affected is an unknown function of the file … |
| CVE-2025-4503 | CVE-2025-4503 CVSS 9.8 | A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. This issue affects some unknown processing of the file /pages… |
| CVE-2025-4502 | CVE-2025-4502 CVSS 9.8 | A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. This vulnerability affects unknown code of the file /pag… |
| CVE-2025-45018 | CVE-2025-45018 CVSS 9.8 | A SQL Injection vulnerability was discovered in the foreigner-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulner… |
| CVE-2025-45017 | CVE-2025-45017 CVSS 9.8 | A SQL injection vulnerability was discovered in edit-ticket.php of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers… |
| CVE-2025-45006 | CVE-2025-45006 CVSS 9.1 | Improper mstatus.SUM bit retention (non-zero) in Open-Source RISC-V Processor commit f517abb violates privileged spec constraints, enabling potential physical … |
| CVE-2025-4496 | CVE-2025-4496 CVSS 9.8 | A vulnerability was found in TOTOLINK T10, A3100R, A950RG, A800R, N600R, A3000RU and A810R 4.1.8cu.5241_B20210927. It has been declared as critical. This vulne… |
| CVE-2025-44954 | CVE-2025-44954 CVSS 9.8 | RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build has a hardcoded SSH private key for a root-equivalent user account. |
| CVE-2025-4494 | CVE-2025-4494 CVSS 9.8 | A vulnerability, which was classified as critical, was found in JAdmin-JAVA JAdmin 1.0. Affected is the function toLogin of the file NoNeedLoginController.java… |
| CVE-2025-4492 | CVE-2025-4492 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in Campcodes Online Food Ordering System 1.0. This issue affects some unknown processing of t… |
| CVE-2025-4491 | CVE-2025-4491 CVSS 9.8 | A vulnerability classified as critical was found in Campcodes Online Food Ordering System 1.0. This vulnerability affects unknown code of the file /routers/tic… |
| CVE-2025-4490 | CVE-2025-4490 CVSS 9.8 | A vulnerability classified as critical has been found in Campcodes Online Food Ordering System 1.0. This affects an unknown part of the file /view-ticket-admin… |
| CVE-2025-44899 | CVE-2025-44899 CVSS 9.8 | There is a stack overflow vulnerability in Tenda RX3 V1.0br_V16.03.13.11 In the fromSetWifiGusetBasic function of the web url /goform/ WifiGuestSet, the manipu… |
| CVE-2025-44898 | CVE-2025-44898 CVSS 9.8 | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the theauthName parameter in the web_aaa_loginAuthlistEdit function. |
| CVE-2025-44897 | CVE-2025-44897 CVSS 9.8 | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the bytftp_srvip parameter in the web_tool_upgradeManager_post function. |
| CVE-2025-44896 | CVE-2025-44896 CVSS 9.8 | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the bindEditMACName parameter in the web_acl_bindEdit_post function. |
| CVE-2025-44894 | CVE-2025-44894 CVSS 9.8 | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the radDftParamKey parameter in the web_radiusSrv_dftParam_post function. |
| CVE-2025-44893 | CVE-2025-44893 CVSS 9.8 | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the ruleNamekey parameter in the web_acl_mgmt_Rules_Apply_post function. |
| CVE-2025-44891 | CVE-2025-44891 CVSS 9.8 | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the host_ip parameter in the web_snmp_v3host_add_post function. |
| CVE-2025-44890 | CVE-2025-44890 CVSS 9.8 | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the host_ip parameter in the web_snmp_notifyv3_add_post function. |
| CVE-2025-4489 | CVE-2025-4489 CVSS 9.8 | A vulnerability was found in Campcodes Online Food Ordering System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of … |
| CVE-2025-44888 | CVE-2025-44888 CVSS 9.8 | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the stp_conf_name parameter in the web_stp_globalSetting_post function. |
| CVE-2025-44887 | CVE-2025-44887 CVSS 9.8 | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the radIpkey parameter in the web_radiusSrv_post function. |
| CVE-2025-44886 | CVE-2025-44886 CVSS 9.8 | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the byruleEditName parameter in the web_acl_mgmt_Rules_Edit_postcontains function. |
| CVE-2025-44885 | CVE-2025-44885 CVSS 9.8 | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the remote_ip parameter in the web_snmpv3_remote_engineId_add_post function. |
| CVE-2025-44884 | CVE-2025-44884 CVSS 9.8 | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the web_sys_infoContact_post function. |
| CVE-2025-44883 | CVE-2025-44883 CVSS 9.8 | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the tacIp parameter in the web_tacplus_serverEdit_post function. |
| CVE-2025-44882 | CVE-2025-44882 CVSS 9.8 | A command injection vulnerability in the component /cgi-bin/firewall.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafte… |
| CVE-2025-44881 | CVE-2025-44881 CVSS 9.8 | A command injection vulnerability in the component /cgi-bin/qos.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted inp… |
| CVE-2025-44880 | CVE-2025-44880 CVSS 9.8 | A command injection vulnerability in the component /cgi-bin/adm.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted inp… |
| CVE-2025-4488 | CVE-2025-4488 CVSS 9.8 | A vulnerability was found in itsourcecode Gym Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionali… |
| CVE-2025-44877 | CVE-2025-44877 CVSS 9.8 | Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formSetSambaConf function via the usbname parameter. This vulnerabil… |