32,772 indexed
CVECVE vulnerabilities
32,772 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 5,601–5,650 of 8,314 in Critical · page 113 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-4121 | CVE-2025-4121 CVSS 9.8 | A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been declared as critical. Affected by this vulnerability is the function cmd_wireless. The ma… |
| CVE-2025-4120 | CVE-2025-4120 CVSS 9.8 | A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been classified as critical. Affected is the function sub_4238E8. The manipulation of the argu… |
| CVE-2025-4118 | CVE-2025-4118 CVSS 9.1 | A vulnerability classified as critical has been found in Weitong Mall 1.0.0. This affects an unknown part of the file /historyList of the component Product His… |
| CVE-2025-4117 | CVE-2025-4117 CVSS 9.8 | A vulnerability, which was classified as critical, was found in Netgear JWNR2000v2 1.0.0.11. This affects the function sub_41A914. The manipulation of the argu… |
| CVE-2025-4116 | CVE-2025-4116 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in Netgear JWNR2000v2 1.0.0.11. Affected by this issue is the function get_cur_lang_ver. The … |
| CVE-2025-4115 | CVE-2025-4115 CVSS 9.8 | A vulnerability classified as critical was found in Netgear JWNR2000v2 1.0.0.11. Affected by this vulnerability is the function default_version_is_new. The man… |
| CVE-2025-4114 | CVE-2025-4114 CVSS 9.8 | A vulnerability classified as critical has been found in Netgear JWNR2000v2 1.0.0.11. Affected is the function check_language_file. The manipulation of the arg… |
| CVE-2025-4112 | CVE-2025-4112 CVSS 9.8 | A vulnerability was found in PHPGurukul Student Record System 3.20. It has been declared as critical. This vulnerability affects unknown code of the file /add-… |
| CVE-2025-41118 | CVE-2025-41118 CVSS 9.1 | Pyroscope is an open-source continuous profiling database. The database supports various storage backends, including Tencent Cloud Object Storage (COS). If th… |
| CVE-2025-41115 | CVE-2025-41115 CVSS 9.8 | SCIM provisioning was introduced in Grafana Enterprise and Grafana Cloud in April to improve how organizations manage users and teams in Grafana by introducing… |
| CVE-2025-41108 | CVE-2025-41108 CVSS 9.8 | The communication protocol implemented in Ghost Robotics Vision 60 v0.27.2 could allow an attacker to send commands to the robot from an external attack statio… |
| CVE-2025-4108 | CVE-2025-4108 CVSS 9.8 | A vulnerability, which was classified as critical, was found in PHPGurukul Student Record System 3.20. Affected is an unknown function of the file /add-subject… |
| CVE-2025-4104 | CVE-2025-4104 CVSS 9.8 | The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the fed_wp_ajax_fed_login_form_post() fu… |
| CVE-2025-41034 | CVE-2025-41034 CVSS 9.8 | An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database,… |
| CVE-2025-41033 | CVE-2025-41033 CVSS 9.8 | An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database,… |
| CVE-2025-41032 | CVE-2025-41032 CVSS 9.8 | An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database,… |
| CVE-2025-41018 | CVE-2025-41018 CVSS 9.8 | SQL injection in Sergestec's Exito v8.0. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'cat' parameter in… |
| CVE-2025-41013 | CVE-2025-41013 CVSS 9.8 | SQL injection vulnerability in TCMAN GIM v11 in version 20250304. This vulnerability allows an attacker to retrieve, create, update, and delete databases by se… |
| CVE-2025-40949 | CVE-2025-40949 CVSS 9.1 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (Al… |
| CVE-2025-40943 | CVE-2025-40943 CVSS 9.6 | Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering an authorized user… |
| CVE-2025-4094 | CVE-2025-4094 CVSS 9.8 | The DIGITS: WordPress Mobile Number Signup and Login WordPress plugin before 8.4.6.1 does not rate limit OTP validation attempts, making it straightforward for… |
| CVE-2025-40938 | CVE-2025-40938 CVSS 9.8 | A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected device stores sensitive information in the firmware. This could al… |
| CVE-2025-40934 | CVE-2025-40934 CVSS 9.3 | XML-Sig versions 0.27 through 0.67 for Perl incorrectly validates XML files if signatures are omitted. An attacker can remove the signature from the XML docum… |
| CVE-2025-40931 | CVE-2025-40931 CVSS 9.1 | Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache::Session::Generate::MD5 generates session ids insecurely. The… |
| CVE-2025-40926 | CVE-2025-40926 CVSS 9.8 | Plack::Middleware::Session::Simple versions before 0.05 for Perl generates session ids insecurely. The default session id generator returns a SHA-1 hash seede… |
| CVE-2025-40925 | CVE-2025-40925 CVSS 9.1 | Starch versions 0.14 and earlier generate session ids insecurely. The default session id generator returns a SHA-1 hash seeded with a counter, the epoch time,… |
| CVE-2025-40916 | CVE-2025-40916 CVSS 9.1 | Mojolicious::Plugin::CaptchaPNG version 1.05 for Perl uses a weak random number source for generating the captcha. That version uses the built-in rand() funct… |
| CVE-2025-40914 | CVE-2025-40914 CVSS 9.8 | Perl CryptX before version 0.087 contains a dependency that may be susceptible to an integer overflow. CryptX embeds a version of the libtommath library that … |
| CVE-2025-40912 | CVE-2025-40912 CVSS 9.8 | CryptX for Perl before version 0.065 contains a dependency that may be susceptible to malformed unicode. CryptX embeds the tomcrypt library. The versions of t… |
| CVE-2025-40908 | CVE-2025-40908 CVSS 9.1 | YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified |
| CVE-2025-40906 | CVE-2025-40906 CVSS 9.8 | BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, which has several vulnerabilities. Those include CVE-2017-14227, CVE-2018-16790… |
| CVE-2025-40836 | CVE-2025-40836 CVSS 9.8 | Ericsson Indoor Connect 8855 contains an improper input validation vulnerability which if exploited can allow an attacker to execute commands with escalated pr… |
| CVE-2025-4083 | CVE-2025-4083 CVSS 9.1 | A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level docu… |
| CVE-2025-40805 | CVE-2025-40805 CVSS 10.0 | Affected devices do not properly enforce user authentication on specific API endpoints. This could facilitate an unauthenticated remote attacker to circumvent … |
| CVE-2025-40804 | CVE-2025-40804 CVSS 9.1 | A vulnerability has been identified in SIMATIC Virtualization as a Service (SIVaaS) (All versions). The affected application exposes a network share without an… |
| CVE-2025-40795 | CVE-2025-40795 CVSS 9.8siemens | A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions < V6.0 SP1 … |
| CVE-2025-4079 | CVE-2025-4079 CVSS 9.8 | A vulnerability, which was classified as critical, was found in PCMan FTP Server up to 2.0.7. Affected is an unknown function of the component RENAME Command H… |
| CVE-2025-40771 | CVE-2025-40771 CVSS 9.8 | A vulnerability has been identified in SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.4.24), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All ver… |
| CVE-2025-40765 | CVE-2025-40765 CVSS 9.8 | A vulnerability has been identified in TeleControl Server Basic V3.1 (All versions >= V3.1.2.2 < V3.1.2.3). The affected application contains an information di… |
| CVE-2025-4074 | CVE-2025-4074 CVSS 9.8 | A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown fun… |
| CVE-2025-40736 | CVE-2025-40736 CVSS 9.8 | A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application exposes an endpoint that allows an unauthorized modification o… |
| CVE-2025-40731 | CVE-2025-40731 CVSS 9.8 | SQL injection vulnerability in Daily Expense Manager v1.0. This vulnerability allows an attacker to retrieve, create, update and delete databases through the p… |
| CVE-2025-4073 | CVE-2025-4073 CVSS 9.8 | A vulnerability was found in PHPGurukul Student Record System 3.20. It has been classified as critical. Affected is an unknown function of the file /change-pas… |
| CVE-2025-40717 | CVE-2025-40717 CVSS 9.8 | SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delet… |
| CVE-2025-40716 | CVE-2025-40716 CVSS 9.8 | SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delet… |
| CVE-2025-40715 | CVE-2025-40715 CVSS 9.8 | SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delet… |
| CVE-2025-40714 | CVE-2025-40714 CVSS 9.8 | SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delet… |
| CVE-2025-40713 | CVE-2025-40713 CVSS 9.8 | SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delet… |
| CVE-2025-40712 | CVE-2025-40712 CVSS 9.8 | SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delet… |
| CVE-2025-40711 | CVE-2025-40711 CVSS 9.8 | SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delet… |