32,086 indexed
CVECVE vulnerabilities
32,086 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 5,351–5,400 of 8,314 in Critical · page 108 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-44005 | CVE-2025-44005 CVSS 10.0 | An attacker can bypass authorization checks and force a Step CA ACME or SCEP provisioner to create certificates without completing certain protocol authorizati… |
| CVE-2025-43995 | CVE-2025-43995 CVSS 9.8 | Dell Storage Center - Dell Storage Manager, version(s) 20.1.21, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with remote ac… |
| CVE-2025-43986 | CVE-2025-43986 CVSS 9.8 | An issue was discovered on KuWFi GC111 GC111-GL-LM321_V3.0_20191211 devices. The TELNET service is enabled by default and exposed over the WAN interface withou… |
| CVE-2025-43984 | CVE-2025-43984 CVSS 9.8 | An issue was discovered on KuWFi GC111 devices (Hardware Version: CPE-LM321_V3.2, Software Version: GC111-GL-LM321_V3.0_20191211). They are vulnerable to unaut… |
| CVE-2025-43983 | CVE-2025-43983 CVSS 9.1 | KuWFi CPF908-CP5 WEB5.0_LCD_20210125 devices have multiple unauthenticated access control vulnerabilities within goform/goform_set_cmd_process and goform/gofor… |
| CVE-2025-43982 | CVE-2025-43982 CVSS 9.8 | Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices enable the SSH service by default. There is a hidden hard-coded root account that cannot be … |
| CVE-2025-43973 | CVE-2025-43973 CVSS 9.8 | An issue was discovered in GoBGP before 3.35.0. pkg/packet/rtr/rtr.go does not verify that the input length corresponds to a situation in which all bytes are a… |
| CVE-2025-43964 | CVE-2025-43964 CVSS 9.8 | In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values. |
| CVE-2025-43963 | CVE-2025-43963 CVSS 9.1 | In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_row values are not checked in 0… |
| CVE-2025-43962 | CVE-2025-43962 CVSS 9.1 | In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or t… |
| CVE-2025-43961 | CVE-2025-43961 CVSS 9.1 | In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser. |
| CVE-2025-43955 | CVE-2025-43955 CVSS 9.8 | TwsCachedXPathAPI in Convertigo through 8.3.4 does not restrict the use of commons-jxpath APIs. |
| CVE-2025-43951 | CVE-2025-43951 CVSS 9.8 | LabVantage before LV 8.8.0.13 HF6 allows local file inclusion. Authenticated users can retrieve arbitrary files from the environment via the objectname request… |
| CVE-2025-43949 | CVE-2025-43949 CVSS 9.8 | MuM (aka Mensch und Maschine) MapEdit (aka mapedit-web) 24.2.3 is vulnerable to SQL Injection that allows an attacker to execute malicious SQL statements that … |
| CVE-2025-43946 | CVE-2025-43946 CVSS 9.8 | TCPWave DDI 11.34P1C2 allows Remote Code Execution via Unrestricted File Upload (combined with Path Traversal). |
| CVE-2025-43933 | CVE-2025-43933 CVSS 9.8 | fblog through 983bede allows account takeover via the password reset feature because SERVER_NAME is not configured and thus a reset depends on the Host HTTP he… |
| CVE-2025-43932 | CVE-2025-43932 CVSS 9.8 | JobCenter through 7e7b0b2 allows account takeover via the password reset feature because SERVER_NAME is not configured and thus a reset depends on the Host HTT… |
| CVE-2025-43931 | CVE-2025-43931 CVSS 9.8 | flask-boilerplate through a170e7c allows account takeover via the password reset feature because SERVER_NAME is not configured and thus a reset depends on the … |
| CVE-2025-43930 | CVE-2025-43930 CVSS 9.8 | Hashview 0.8.1 allows account takeover via the password reset feature because SERVER_NAME is not configured and thus a reset depends on the Host HTTP header. |
| CVE-2025-43928 | CVE-2025-43928 CVSS 9.8 | In Infodraw Media Relay Service (MRS) 7.1.0.0, the MRS web server (on port 12654) allows reading arbitrary files via ../ directory traversal in the username fi… |
| CVE-2025-4391 | CVE-2025-4391 CVSS 9.8 | The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the echo_generate_featured… |
| CVE-2025-4389 | CVE-2025-4389 CVSS 9.8 | The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the crawlo… |
| CVE-2025-43879 | CVE-2025-43879 CVSS 9.8 | WRH-733GBK and WRH-733GWH contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in the telnet fun… |
| CVE-2025-43863 | CVE-2025-43863 CVSS 9.8 | vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. If … |
| CVE-2025-43859 | CVE-2025-43859 CVSS 9.1 | h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead … |
| CVE-2025-43858 | CVE-2025-43858 CVSS 9.2 | YoutubeDLSharp is a wrapper for the command-line video downloaders youtube-dl and yt-dlp. In versions starting from 1.0.0-beta4 and prior to 1.1.2, an unsafe c… |
| CVE-2025-43852 | CVE-2025-43852 CVSS 9.8 | Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The… |
| CVE-2025-43851 | CVE-2025-43851 CVSS 9.8 | Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The… |
| CVE-2025-43850 | CVE-2025-43850 CVSS 9.8 | Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The… |
| CVE-2025-43849 | CVE-2025-43849 CVSS 9.8 | Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The… |
| CVE-2025-43848 | CVE-2025-43848 CVSS 9.8 | Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The… |
| CVE-2025-43847 | CVE-2025-43847 CVSS 9.8 | Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The… |
| CVE-2025-43846 | CVE-2025-43846 CVSS 9.8 | Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The… |
| CVE-2025-43845 | CVE-2025-43845 CVSS 9.8 | Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to code injection. The ckpt_pa… |
| CVE-2025-43844 | CVE-2025-43844 CVSS 9.8 | Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to command injection. The vari… |
| CVE-2025-43843 | CVE-2025-43843 CVSS 9.8 | Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to command injection. The vari… |
| CVE-2025-43842 | CVE-2025-43842 CVSS 9.8 | Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to command injection. The vari… |
| CVE-2025-4383 | CVE-2025-4383 CVSS 9.3 | Improper Restriction of Excessive Authentication Attempts vulnerability in Art-in Bilişim Teknolojileri ve Yazılım Hizm. Tic. Ltd. Şti. Wi-Fi Cloud Hotspot all… |
| CVE-2025-4380 | CVE-2025-4380 CVSS 9.8 | The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and includin… |
| CVE-2025-4378 | CVE-2025-4378 CVSS 10.0 | Cleartext Transmission of Sensitive Information, Use of Hard-coded Credentials vulnerability in Ataturk University ATA-AOF Mobile Application allows Authentica… |
| CVE-2025-43773 | CVE-2025-43773 CVSS 9.1 | Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 20… |
| CVE-2025-43766 | CVE-2025-43766 CVSS 9.8 | The Liferay Portal 7.4.0 through 7.3.3.131, and Liferay DXP 2024.Q4.0, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12… |
| CVE-2025-43728 | CVE-2025-43728 CVSS 9.8 | Dell ThinOS 10, versions prior to 2508_10.0127, contain a Protection Mechanism Failure vulnerability. An unauthenticated attacker with remote access could pote… |
| CVE-2025-43698 | CVE-2025-43698 CVSS 9.1 | Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows bypass of field level security controls for Salesforce objects. … |
| CVE-2025-4368 | CVE-2025-4368 CVSS 9.8 | A vulnerability, which was classified as critical, was found in Tenda AC8 16.03.34.06. Affected is the function formGetRouterStatus of the file /goform/MtuSetM… |
| CVE-2025-4363 | CVE-2025-4363 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in itsourcecode Gym Management System 1.0. This issue affects some unknown processing of the … |
| CVE-2025-4362 | CVE-2025-4362 CVSS 9.8 | A vulnerability classified as critical was found in itsourcecode Gym Management System 1.0. This vulnerability affects unknown code of the file /ajax.php?actio… |
| CVE-2025-4361 | CVE-2025-4361 CVSS 9.8 | A vulnerability classified as critical has been found in PHPGurukul Company Visitor Management System 2.0. This affects an unknown part of the file /department… |
| CVE-2025-4360 | CVE-2025-4360 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in itsourcecode Gym Management System 1.0. Affected by this issue is some unknown functionali… |
| CVE-2025-43596 | CVE-2025-43596 CVSS 9.8 | An insecure file system permissions vulnerability in MSP360 Backup 8.0 allows a low privileged user to execute commands with SYSTEM level privileges using a sp… |