32,772 indexed
CVECVE vulnerabilities
32,772 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 5,551–5,600 of 8,314 in Critical · page 112 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-41732 | CVE-2025-41732 CVSS 9.8 | An unauthenticated remote attacker can abuse unsafe sscanf calls within the check_cookie() function to write arbitrary data into fixed-size stack buffers which… |
| CVE-2025-41730 | CVE-2025-41730 CVSS 9.8 | An unauthenticated remote attacker can abuse unsafe sscanf calls within the check_account() function to write arbitrary data into fixed-size stack buffers whic… |
| CVE-2025-41723 | CVE-2025-41723 CVSS 9.8 | The importFile SOAP method is vulnerable to a directory traversal attack. An unauthenticated remote attacker bypass the path restriction and upload files to ar… |
| CVE-2025-41715 | CVE-2025-41715 CVSS 9.8 | The database for the web application is exposed without authentication, allowing an unauthenticated remote attacker to gain unauthorized access and potentially… |
| CVE-2025-41709 | CVE-2025-41709 CVSS 9.8 | An unauthenticated remote attacker can perform a command injection via Modbus-TCP or Modbus-RTU to gain read and write access on the affected device. |
| CVE-2025-41702 | CVE-2025-41702 CVSS 9.8 | The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 toke… |
| CVE-2025-41687 | CVE-2025-41687 CVSS 9.8 | An unauthenticated remote attacker may use a stack based buffer overflow in the u-link Management API to gain full access on the affected devices. |
| CVE-2025-41672 | CVE-2025-41672 CVSS 10.0 | A remote unauthenticated attacker may use default certificates to generate JWT Tokens and gain full access to the tool and all connected devices. |
| CVE-2025-41663 | CVE-2025-41663 CVSS 9.8 | For u-link Management API an unauthenticated remote attacker in a man-in-the-middle position can inject arbitrary commands in responses returned by WWH servers… |
| CVE-2025-41656 | CVE-2025-41656 CVSS 10.0 | An unauthenticated remote attacker can run arbitrary commands on the affected devices with high privileges because the authentication for the Node_RED server i… |
| CVE-2025-41652 | CVE-2025-41652 CVSS 9.8 | The devices are vulnerable to an authentication bypass due to flaws in the authorization mechanism. An unauthenticated remote attacker could exploit this weakn… |
| CVE-2025-41651 | CVE-2025-41651 CVSS 9.8 | Due to missing authentication on a critical function of the devices an unauthenticated remote attacker can execute arbitrary commands, potentially enabling una… |
| CVE-2025-41648 | CVE-2025-41648 CVSS 9.8 | An unauthenticated remote attacker can bypass the login to the web application of the affected devices making it possible to access and change all available se… |
| CVE-2025-41646 | CVE-2025-41646 CVSS 9.8 | An unauthorized remote attacker can bypass the authentication of the affected software package by misusing an incorrect type conversion. This leads to full com… |
| CVE-2025-4164 | CVE-2025-4164 CVSS 9.8 | A vulnerability, which was classified as critical, was found in PHPGurukul Employee Record Management System 1.3. Affected is an unknown function of the file c… |
| CVE-2025-4163 | CVE-2025-4163 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in PHPGurukul Land Record System 1.0. This issue affects some unknown processing of the file … |
| CVE-2025-4162 | CVE-2025-4162 CVSS 9.8 | A vulnerability classified as critical was found in PCMan FTP Server up to 2.0.7. This vulnerability affects unknown code of the component ASCII Command Handle… |
| CVE-2025-4161 | CVE-2025-4161 CVSS 9.8 | A vulnerability classified as critical has been found in PCMan FTP Server up to 2.0.7. This affects an unknown part of the component VERBOSE Command Handler. T… |
| CVE-2025-4160 | CVE-2025-4160 CVSS 9.8 | A vulnerability was found in PCMan FTP Server up to 2.0.7. It has been rated as critical. Affected by this issue is some unknown functionality of the component… |
| CVE-2025-4159 | CVE-2025-4159 CVSS 9.8 | A vulnerability was found in PCMan FTP Server up to 2.0.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the … |
| CVE-2025-4158 | CVE-2025-4158 CVSS 9.8 | A vulnerability was found in PCMan FTP Server up to 2.0.7. It has been classified as critical. Affected is an unknown function of the component PROMPT Command … |
| CVE-2025-4153 | CVE-2025-4153 CVSS 9.8 | A vulnerability classified as critical was found in PHPGurukul Park Ticketing Management System 2.0. Affected by this vulnerability is an unknown functionality… |
| CVE-2025-4152 | CVE-2025-4152 CVSS 9.8 | A vulnerability classified as critical has been found in PHPGurukul Online Birth Certificate System 1.0. Affected is an unknown function of the file /admin/bwd… |
| CVE-2025-4151 | CVE-2025-4151 CVSS 9.8 | A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the f… |
| CVE-2025-4150 | CVE-2025-4150 CVSS 9.8 | A vulnerability was found in Netgear EX6200 1.0.3.94. It has been declared as critical. This vulnerability affects the function sub_54340. The manipulation of … |
| CVE-2025-4149 | CVE-2025-4149 CVSS 9.8 | A vulnerability was found in Netgear EX6200 1.0.3.94. It has been classified as critical. This affects the function sub_54014. The manipulation of the argument… |
| CVE-2025-4148 | CVE-2025-4148 CVSS 9.8 | A vulnerability was found in Netgear EX6200 1.0.3.94 and classified as critical. Affected by this issue is the function sub_503FC. The manipulation of the argu… |
| CVE-2025-4147 | CVE-2025-4147 CVSS 9.8 | A vulnerability has been found in Netgear EX6200 1.0.3.94 and classified as critical. Affected by this vulnerability is the function sub_47F7C. The manipulatio… |
| CVE-2025-4146 | CVE-2025-4146 CVSS 9.8 | A vulnerability, which was classified as critical, was found in Netgear EX6200 1.0.3.94. Affected is the function sub_41940. The manipulation of the argument h… |
| CVE-2025-4145 | CVE-2025-4145 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in Netgear EX6200 1.0.3.94. This issue affects the function sub_3D0BC. The manipulation of th… |
| CVE-2025-4144 | CVE-2025-4144 CVSS 9.8 | PKCE was implemented in the OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp . However, … |
| CVE-2025-41438 | CVE-2025-41438 CVSS 9.8 | The CS5000 Fire Panel is vulnerable due to a default account that exists on the panel. Even though it is possible to change this by SSHing into the device, i… |
| CVE-2025-41429 | CVE-2025-41429 CVSS 9.8 | a-blog cms multiple versions neutralize logs improperly. If this vulnerability is exploited with CVE-2025-36560, a remote unauthenticated attacker may hijack a… |
| CVE-2025-41426 | CVE-2025-41426 CVSS 9.8 | Affected Vertiv products contain a stack based buffer overflow vulnerability. An attacker could exploit this vulnerability to gain code execution on the device. |
| CVE-2025-41420 | CVE-2025-41420 CVSS 9.6 | A cross-site scripting (xss) vulnerability exists in the userLogin cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A spec… |
| CVE-2025-4142 | CVE-2025-4142 CVSS 9.8 | A vulnerability has been found in Netgear EX6200 1.0.3.94 and classified as critical. This vulnerability affects the function sub_3C8EC. The manipulation of th… |
| CVE-2025-4141 | CVE-2025-4141 CVSS 9.8 | A vulnerability, which was classified as critical, was found in Netgear EX6200 1.0.3.94. This affects the function sub_3C03C. The manipulation of the argument … |
| CVE-2025-4140 | CVE-2025-4140 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in Netgear EX6120 1.0.3.94. Affected by this issue is the function sub_30394. The manipulatio… |
| CVE-2025-41375 | CVE-2025-41375 CVSS 9.8 | SQL Injection vulnerability in Limesurvey v2.65.1+170522. This vulnerability allows an attacker to retrieve, create, update and delete database via 'token' par… |
| CVE-2025-41348 | CVE-2025-41348 CVSS 9.8 | SQL injection vulnerability in WinPlus v24.11.27 by Informática del Este. This vulnerability allows an attacker recover, create, update an delete databases by … |
| CVE-2025-41347 | CVE-2025-41347 CVSS 9.8 | Unlimited upload vulnerability for dangerous file types in WinPlus v24.11.27 from Informática del Este. This vulnerability allows an attacker to upload a 'web… |
| CVE-2025-41346 | CVE-2025-41346 CVSS 9.8 | Faulty authorization control in software WinPlus v24.11.27 by Informática del Este that allows another user to be impersonated simply by knowing their 'numeric… |
| CVE-2025-4125 | CVE-2025-4125 CVSS 9.8 | Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsin… |
| CVE-2025-41243 | CVE-2025-41243 CVSS 10.0 | Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification. An application should be considered vulnerable when all the… |
| CVE-2025-41240 | CVE-2025-41240 CVSS 10.0 | Three Bitnami Helm charts mount Kubernetes Secrets under a predictable path (/opt/bitnami/*/secrets) that is located within the web server document root. In af… |
| CVE-2025-4124 | CVE-2025-4124 CVSS 9.8 | Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsin… |
| CVE-2025-41238 | CVE-2025-41238 CVSS 9.3 | VMware ESXi, Workstation, and Fusion contain a heap-overflow vulnerability in the PVSCSI (Paravirtualized SCSI) controller that leads to an out of-bounds write… |
| CVE-2025-41237 | CVE-2025-41237 CVSS 9.3 | VMware ESXi, Workstation, and Fusion contain an integer-underflow in VMCI (Virtual Machine Communication Interface) that leads to an out-of-bounds write. A mal… |
| CVE-2025-41236 | CVE-2025-41236 CVSS 9.3 | VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter. A malicious actor with local administrat… |
| CVE-2025-41232 | CVE-2025-41232 CVSS 9.1 | Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass. Your application may … |