32,086 indexed
CVECVE vulnerabilities
32,086 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 5,451–5,500 of 8,314 in Critical · page 110 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-43232 | CVE-2025-43232 CVSS 9.8 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app ma… |
| CVE-2025-43222 | CVE-2025-43222 CVSS 9.8 | A use-after-free issue was addressed by removing the vulnerable code. This issue is fixed in iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Vent… |
| CVE-2025-43220 | CVE-2025-43220 CVSS 9.8 | This issue was addressed with improved validation of symlinks. This issue is fixed in iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.… |
| CVE-2025-4322 | CVE-2025-4322 CVSS 9.8 | The Motors theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.6.67. This is due to the them… |
| CVE-2025-43209 | CVE-2025-43209 CVSS 9.8 | An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, … |
| CVE-2025-4320 | CVE-2025-4320 CVSS 10.0 | Authentication Bypass by Primary Weakness, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutio… |
| CVE-2025-43199 | CVE-2025-43199 CVSS 9.8 | A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. A mali… |
| CVE-2025-43198 | CVE-2025-43198 CVSS 9.8 | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7. An app may be able to access protecte… |
| CVE-2025-43194 | CVE-2025-43194 CVSS 9.8 | The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to modif… |
| CVE-2025-43193 | CVE-2025-43193 CVSS 9.8 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able… |
| CVE-2025-43192 | CVE-2025-43192 CVSS 9.8 | A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7. Account-driven User Enrollmen… |
| CVE-2025-4319 | CVE-2025-4319 CVSS 9.4 | Improper Restriction of Excessive Authentication Attempts, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Te… |
| CVE-2025-43189 | CVE-2025-43189 CVSS 9.8 | This issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7. A malicious app may be able to read ker… |
| CVE-2025-43186 | CVE-2025-43186 CVSS 9.8 | The issue was addressed with improved memory handling. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura … |
| CVE-2025-43184 | CVE-2025-43184 CVSS 9.8 | This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.7, macOS Ventura 13.7.7.… |
| CVE-2025-4314 | CVE-2025-4314 CVSS 9.8 | A vulnerability has been found in SourceCodester Advanced Web Store 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality … |
| CVE-2025-4313 | CVE-2025-4313 CVSS 9.8 | A vulnerability, which was classified as critical, was found in SourceCodester Advanced Web Store 1.0. Affected is an unknown function of the file /admin/admin… |
| CVE-2025-4312 | CVE-2025-4312 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in SourceCodester Advanced Web Store 1.0. This issue affects some unknown processing of the f… |
| CVE-2025-4311 | CVE-2025-4311 CVSS 9.8 | A vulnerability classified as critical was found in itsourcecode Content Management System 1.0. This vulnerability affects unknown code of the file /admin/upda… |
| CVE-2025-4309 | CVE-2025-4309 CVSS 9.8 | A vulnerability was found in PHPGurukul Art Gallery Management System 1.1. It has been rated as critical. Affected by this issue is some unknown functionality … |
| CVE-2025-4308 | CVE-2025-4308 CVSS 9.8 | A vulnerability was found in PHPGurukul Art Gallery Management System 1.1. It has been declared as critical. Affected by this vulnerability is an unknown funct… |
| CVE-2025-4307 | CVE-2025-4307 CVSS 9.8 | A vulnerability was found in PHPGurukul Art Gallery Management System 1.1. It has been classified as critical. Affected is an unknown function of the file /adm… |
| CVE-2025-4306 | CVE-2025-4306 CVSS 9.8 | A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0 and classified as critical. This issue affects some unknown processing of the… |
| CVE-2025-4304 | CVE-2025-4304 CVSS 9.8 | A vulnerability, which was classified as critical, was found in PHPGurukul Cyber Cafe Management System 1.0. This affects an unknown part of the file /adminpro… |
| CVE-2025-4303 | CVE-2025-4303 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. Affected by this issue is … |
| CVE-2025-43027 | CVE-2025-43027 CVSS 9.8 | A critical severity vulnerability has been identified in the ALPR Manager role of Security Center that could allow attackers to gain administrative access to t… |
| CVE-2025-43023 | CVE-2025-43023 CVSS 9.1 | A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software documentation. This potential vulnerability is due to the … |
| CVE-2025-43017 | CVE-2025-43017 CVSS 9.8 | HP ThinPro 8.1 System management application failed to verify user's true id. HP has released HP ThinPro 8.1 SP8, which includes updates to mitigate potential … |
| CVE-2025-43012 | CVE-2025-43012 CVSS 9.8 | In JetBrains Toolbox App before 2.6 command injection in SSH plugin was possible |
| CVE-2025-4301 | CVE-2025-4301 CVSS 9.8 | A vulnerability classified as critical was found in itsourcecode Content Management System 1.0. Affected by this vulnerability is an unknown functionality of t… |
| CVE-2025-4300 | CVE-2025-4300 CVSS 9.8 | A vulnerability classified as critical has been found in itsourcecode Content Management System 1.0. Affected is an unknown function of the file /search_list.p… |
| CVE-2025-42999 | SAP NetWeaver Deserialization Vulnerability KEVCVSS 9.1SAP | SAP NetWeaver Visual Composer Metadata Uploader contains a deserialization vulnerability that allows a privileged attacker to compromise the confidentiality, i… |
| CVE-2025-4299 | CVE-2025-4299 CVSS 9.8 | A vulnerability was found in Tenda AC1206 up to 15.03.06.23. It has been rated as critical. This issue affects the function setSchedWifi of the file /goform/op… |
| CVE-2025-42989 | CVE-2025-42989 CVSS 9.6 | RFC inbound processing�does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploita… |
| CVE-2025-42980 | CVE-2025-42980 CVSS 9.1 | SAP NetWeaver Enterprise Portal Federated Portal Network is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialize… |
| CVE-2025-4298 | CVE-2025-4298 CVSS 9.8 | A vulnerability was found in Tenda AC1206 up to 15.03.06.23. It has been declared as critical. This vulnerability affects the function formSetCfm of the file /… |
| CVE-2025-4297 | CVE-2025-4297 CVSS 9.8 | A vulnerability was found in PHPGurukul Men Salon Management System 2.0. It has been classified as critical. This affects an unknown part of the file /admin/ch… |
| CVE-2025-42967 | CVE-2025-42967 CVSS 9.9 | SAP S/4HANA and SAP SCM Characteristic Propagation has remote code execution vulnerability. This allows an attacker with user level privileges to create a new … |
| CVE-2025-42966 | CVE-2025-42966 CVSS 9.1 | SAP NetWeaver XML Data Archiving Service allows an authenticated attacker with administrative privileges to exploit an insecure Java deserialization vulnerabil… |
| CVE-2025-42964 | CVE-2025-42964 CVSS 9.1 | SAP NetWeaver Enterprise Portal Administration is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could p… |
| CVE-2025-42963 | CVE-2025-42963 CVSS 9.1 | A critical vulnerability in SAP NetWeaver Application server for Java Log Viewer enables authenticated administrator users to exploit unsafe Java object deseri… |
| CVE-2025-42958 | CVE-2025-42958 CVSS 9.1 | Due to a missing authentication check in the SAP NetWeaver application on IBM i-series, the application allows high privileged unauthorized users to read, modi… |
| CVE-2025-42957 | CVE-2025-42957 CVSS 9.9 | SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbit… |
| CVE-2025-42950 | CVE-2025-42950 CVSS 9.9 | SAP Landscape Transformation (SLT) allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables… |
| CVE-2025-42944 | CVE-2025-42944 CVSS 10.0 | Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting malicious… |
| CVE-2025-42937 | CVE-2025-42937 CVSS 9.8 | SAP Print Service (SAPSprint) performs insufficient validation of path information provided by users. An unauthenticated attacker could traverse to the parent … |
| CVE-2025-42928 | CVE-2025-42928 CVSS 9.1 | Under certain conditions, a high privileged user could exploit a deserialization vulnerability in SAP jConnect to launch remote code execution. The system may … |
| CVE-2025-42922 | CVE-2025-42922 CVSS 9.9 | SAP NetWeaver AS Java allows an attacker authenticated as a non-administrative user to use a flaw in an available service to upload an arbitrary file. This fil… |
| CVE-2025-42910 | CVE-2025-42910 CVSS 9.0 | Due to missing verification of file type or content, SAP Supplier Relationship Management allows an authenticated attacker to upload arbitrary files. These fil… |
| CVE-2025-4291 | CVE-2025-4291 CVSS 9.8 | A vulnerability, which was classified as critical, was found in IdeaCMS up to 1.6. Affected is the function saveUpload. The manipulation leads to unrestricted … |