32,086 indexed
CVECVE vulnerabilities
32,086 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 5,301–5,350 of 8,314 in Critical · page 107 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-44872 | CVE-2025-44872 CVSS 9.8 | Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formsetUsbUnload function via the deviceName parameter. This vulnera… |
| CVE-2025-4487 | CVE-2025-4487 CVSS 9.8 | A vulnerability was found in itsourcecode Gym Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /ajax.php?… |
| CVE-2025-44868 | CVE-2025-44868 CVSS 9.8 | Wavlink WL-WN530H4 20220801 was found to contain a command injection vulnerability in the ping_test function of the adm.cgi via the pingIp parameter. This vuln… |
| CVE-2025-4486 | CVE-2025-4486 CVSS 9.8 | A vulnerability was found in itsourcecode Gym Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /ajax.ph… |
| CVE-2025-4485 | CVE-2025-4485 CVSS 9.8 | A vulnerability has been found in itsourcecode Gym Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /ajax.… |
| CVE-2025-4484 | CVE-2025-4484 CVSS 9.8 | A vulnerability, which was classified as critical, was found in itsourcecode Gym Management System 1.0. This affects an unknown part of the file /ajax.php?acti… |
| CVE-2025-44831 | CVE-2025-44831 CVSS 9.8 | EngineerCMS v1.02 through v2.0.5 has a SQL injection vulnerability in the /project/addproject interface. |
| CVE-2025-44830 | CVE-2025-44830 CVSS 9.8 | EngineerCMS v1.02 through v.2.0.5 has a SQL injection vulnerability in the /project/addprojtemplet interface. |
| CVE-2025-4483 | CVE-2025-4483 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in itsourcecode Gym Management System 1.0. Affected by this issue is some unknown functionali… |
| CVE-2025-4482 | CVE-2025-4482 CVSS 9.8 | A vulnerability classified as critical was found in Project Worlds Student Project Allocation System 1.0. Affected by this vulnerability is an unknown function… |
| CVE-2025-4481 | CVE-2025-4481 CVSS 9.8 | A vulnerability was found in SourceCodester Apartment Visitor Management System 1.0. It has been rated as critical. This issue affects some unknown processing … |
| CVE-2025-4468 | CVE-2025-4468 CVSS 9.8 | A vulnerability was found in SourceCodester Online Student Clearance System 1.0. It has been rated as critical. This issue affects some unknown processing of t… |
| CVE-2025-4467 | CVE-2025-4467 CVSS 9.8 | A vulnerability was found in SourceCodester Online Student Clearance System 1.0. It has been declared as critical. This vulnerability affects unknown code of t… |
| CVE-2025-4466 | CVE-2025-4466 CVSS 9.8 | A vulnerability was found in itsourcecode Gym Management System 1.0. It has been classified as critical. This affects an unknown part of the file /ajax.php?act… |
| CVE-2025-44658 | CVE-2025-44658 CVSS 9.8 | In Netgear RAX30 V1.0.10.94, a PHP-FPM misconfiguration vulnerability is caused by not following the specification to only limit FPM to .php extensions. An att… |
| CVE-2025-44655 | CVE-2025-44655 CVSS 9.8 | In TOTOLink A7100RU V7.4, A950RG V5.9, and T10 V5.9, the chroot_local_user option is enabled in the vsftpd.conf. This could lead to unauthorized access to syst… |
| CVE-2025-44654 | CVE-2025-44654 CVSS 9.8 | In Linksys E2500 3.0.04.002, the chroot_local_user option is enabled in the vsftpd configuration file. This could lead to unauthorized access to system files, … |
| CVE-2025-4465 | CVE-2025-4465 CVSS 9.8 | A vulnerability was found in itsourcecode Gym Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the fil… |
| CVE-2025-4464 | CVE-2025-4464 CVSS 9.8 | A vulnerability has been found in itsourcecode Gym Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality… |
| CVE-2025-44635 | CVE-2025-44635 CVSS 9.8 | There are multiple unauthorized remote command execution vulnerabilities in the H3C ER2200G2, ERG2-450W, ERG2-1200W, ERG2-1350W, NR1200W series routers before … |
| CVE-2025-4463 | CVE-2025-4463 CVSS 9.8 | A vulnerability, which was classified as critical, was found in itsourcecode Gym Management System 1.0. Affected is an unknown function of the file /ajax.php?a… |
| CVE-2025-44619 | CVE-2025-44619 CVSS 9.1 | Tinxy WiFi Lock Controller v1 RF was discovered to be configured to transmit on an open Wi-Fi network, allowing attackers to join the network without authentic… |
| CVE-2025-44594 | CVE-2025-44594 CVSS 9.1 | halo v2.20.17 and before is vulnerable to server-side request forgery (SSRF) in /apis/uc.api.storage.halo.run/v1alpha1/attachments/-/upload-from-url. |
| CVE-2025-4457 | CVE-2025-4457 CVSS 9.8 | A vulnerability classified as critical was found in Project Worlds Car Rental Project 1.0. Affected by this vulnerability is an unknown functionality of the fi… |
| CVE-2025-44560 | CVE-2025-44560 CVSS 9.8 | owntone-server 2ca10d9 is vulnerable to Buffer Overflow due to lack of recursive checking. |
| CVE-2025-4456 | CVE-2025-4456 CVSS 9.8 | A vulnerability classified as critical has been found in Project Worlds Car Rental Project 1.0. Affected is an unknown function of the file /signup.php. The ma… |
| CVE-2025-4454 | CVE-2025-4454 CVSS 9.8 | A vulnerability was found in D-Link DIR-619L 2.04B04. It has been declared as critical. This vulnerability affects the function wake_on_lan. The manipulation o… |
| CVE-2025-4453 | CVE-2025-4453 CVSS 9.8 | A vulnerability was found in D-Link DIR-619L 2.04B04. It has been classified as critical. This affects the function formSysCmd. The manipulation of the argumen… |
| CVE-2025-4452 | CVE-2025-4452 CVSS 9.8 | A vulnerability was found in D-Link DIR-619L 2.04B04 and classified as critical. Affected by this issue is the function formSetWizard2. The manipulation of the… |
| CVE-2025-4451 | CVE-2025-4451 CVSS 9.8 | A vulnerability has been found in D-Link DIR-619L 2.04B04 and classified as critical. Affected by this vulnerability is the function formSetWAN_Wizard52. The m… |
| CVE-2025-4450 | CVE-2025-4450 CVSS 9.8 | A vulnerability, which was classified as critical, was found in D-Link DIR-619L 2.04B04. Affected is the function formSetEasy_Wizard. The manipulation of the a… |
| CVE-2025-4449 | CVE-2025-4449 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in D-Link DIR-619L 2.04B04. This issue affects the function formEasySetupWizard3. The manipul… |
| CVE-2025-4448 | CVE-2025-4448 CVSS 9.8 | A vulnerability classified as critical was found in D-Link DIR-619L 2.04B04. This vulnerability affects the function formEasySetupWizard. The manipulation of t… |
| CVE-2025-4445 | CVE-2025-4445 CVSS 9.8 | A vulnerability classified as critical has been found in D-Link DIR-605L 2.13B01. Affected is the function wake_on_lan. The manipulation of the argument mac le… |
| CVE-2025-4443 | CVE-2025-4443 CVSS 9.8 | A vulnerability was found in D-Link DIR-605L 2.13B01. It has been rated as critical. This issue affects the function sub_454F2C. The manipulation of the argume… |
| CVE-2025-4442 | CVE-2025-4442 CVSS 9.8 | A vulnerability was found in D-Link DIR-605L 2.13B01. It has been declared as critical. This vulnerability affects the function formSetWAN_Wizard55. The manipu… |
| CVE-2025-4441 | CVE-2025-4441 CVSS 9.8 | A vulnerability was found in D-Link DIR-605L 2.13B01. It has been classified as critical. This affects the function formSetWAN_Wizard534. The manipulation of t… |
| CVE-2025-44192 | CVE-2025-44192 CVSS 9.8 | SourceCodester Simple Barangay Management System v1.0 has a SQL injection vulnerability in /barangay_management/admin/?page=view_clearance. |
| CVE-2025-44148 | CVE-2025-44148 CVSS 9.8 | Cross Site Scripting (XSS) vulnerability in MailEnable before v10 allows a remote attacker to execute arbitrary code via the failure.aspx component |
| CVE-2025-44136 | CVE-2025-44136 CVSS 9.8 | MapTiler Tileserver-php v2.0 is vulnerable to Cross Site Scripting (XSS). The GET parameter "layer" is reflected in an error message without html encoding. Thi… |
| CVE-2025-44084 | CVE-2025-44084 CVSS 9.8 | D-link DI-8100 16.07.26A1 is vulnerable to Command Injection. An attacker can exploit this vulnerability by crafting specific HTTP requests, triggering the com… |
| CVE-2025-44083 | CVE-2025-44083 CVSS 9.8 | An issue in D-Link DI-8100 16.07.26A1 allows a remote attacker to bypass administrator login authentication |
| CVE-2025-44074 | CVE-2025-44074 CVSS 9.8 | SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_topic.php. |
| CVE-2025-44073 | CVE-2025-44073 CVSS 9.8 | SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_comment_news.php. |
| CVE-2025-44072 | CVE-2025-44072 CVSS 9.8 | SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_manager.php. |
| CVE-2025-44071 | CVE-2025-44071 CVSS 9.8 | SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component phomebak.php. This vulnerability allows attackers to execu… |
| CVE-2025-4404 | CVE-2025-4404 CVSS 9.1 | A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the `krbCano… |
| CVE-2025-44033 | CVE-2025-44033 CVSS 9.8 | SQL injection vulnerability in oa_system oasys v.1.1 allows a remote attacker to execute arbitrary code via the allDirector() method declaration in src/main/ja… |
| CVE-2025-4403 | CVE-2025-4403 CVSS 9.8 | The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.1.6… |
| CVE-2025-44022 | CVE-2025-44022 CVSS 9.8 | An issue in vvveb CMS v.1.0.6 allows a remote attacker to execute arbitrary code via the Plugin mechanism. |