32,772 indexed
CVECVE vulnerabilities
32,772 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 5,751–5,800 of 8,314 in Critical · page 116 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-39436 | CVE-2025-39436 CVSS 9.1 | Unrestricted Upload of File with Dangerous Type vulnerability in aidraw I Draw idraw allows Using Malicious Files.This issue affects I Draw: from n/a through <… |
| CVE-2025-39410 | CVE-2025-39410 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in themegusta Smart Sections Theme Builder - WPBakery Page Builder Addon.This issue affects Smart Sections Them… |
| CVE-2025-3941 | CVE-2025-3941 CVSS 9.8 | Improper Handling of Windows ::DATA Alternate Data Stream vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows… |
| CVE-2025-39406 | CVE-2025-39406 CVSS 9.8 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in mojoomla WPAMS apartment-management al… |
| CVE-2025-39402 | CVE-2025-39402 CVSS 9.9 | Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla WPAMS apartment-management allows Upload a Web Shell to a Web Server.This issue affec… |
| CVE-2025-39401 | CVE-2025-39401 CVSS 10.0 | Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla WPAMS apartment-management allows Upload a Web Shell to a Web Server.This issue affec… |
| CVE-2025-3940 | CVE-2025-3940 CVSS 9.8 | Improper Use of Validation Framework vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, … |
| CVE-2025-39395 | CVE-2025-39395 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla WPAMS apartment-management allows SQL Injection.… |
| CVE-2025-39389 | CVE-2025-39389 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solid Plugins AnalyticsWP allows SQL Injection.This issue… |
| CVE-2025-39386 | CVE-2025-39386 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla Hospital Management System hospital-management a… |
| CVE-2025-39380 | CVE-2025-39380 CVSS 10.0 | Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla Hospital Management System hospital-management allows Upload a Web Shell to a Web Ser… |
| CVE-2025-3938 | CVE-2025-3938 CVSS 9.8 | Missing Cryptographic Step vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows… |
| CVE-2025-3937 | CVE-2025-3937 CVSS 9.8 | Use of Password Hash With Insufficient Computational Effort vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Secur… |
| CVE-2025-3936 | CVE-2025-3936 CVSS 9.8 | Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows all… |
| CVE-2025-39356 | CVE-2025-39356 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in Chimpstudio Foodbakery Sticky Cart foodbakery-sticky-cart allows Object Injection.This issue affects Foodbak… |
| CVE-2025-39354 | CVE-2025-39354 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Conference grandconference allows Object Injection.This issue affects Grand Conference: fro… |
| CVE-2025-39349 | CVE-2025-39349 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in Potenzaglobalsolutions CiyaShop ciyashop allows Object Injection.This issue affects CiyaShop: from n/a throu… |
| CVE-2025-39348 | CVE-2025-39348 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Object Injection.This issue affects Grand Restaurant: fro… |
| CVE-2025-3927 | CVE-2025-3927 CVSS 9.8 | Digigram's PYKO-OUT audio-over-IP (AoIP) web-server does not require a password by default, allowing any attacker with the target IP address to connect and com… |
| CVE-2025-3918 | CVE-2025-3918 CVSS 9.8 | The Job Listings plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization within the register_action() function in versions 0.1… |
| CVE-2025-3917 | CVE-2025-3917 CVSS 9.8 | The 百度站长SEO合集(支持百度/神马/Bing/头条推送) plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the download_remote_image_… |
| CVE-2025-3856 | CVE-2025-3856 CVSS 9.8 | A vulnerability was found in xxyopen Novel-Plus 5.1.0. It has been classified as critical. This affects the function searchByPage of the file /book/searchByPag… |
| CVE-2025-3847 | CVE-2025-3847 CVSS 9.8 | A vulnerability classified as critical has been found in markparticle WebServer up to 1.0. This affects an unknown part of the file code/http/httprequest.cpp o… |
| CVE-2025-3846 | CVE-2025-3846 CVSS 9.8 | A vulnerability was found in markparticle WebServer up to 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file … |
| CVE-2025-3845 | CVE-2025-3845 CVSS 9.8 | A vulnerability was found in markparticle WebServer up to 1.0. It has been declared as critical. Affected by this vulnerability is the function Buffer::HasWrit… |
| CVE-2025-3844 | CVE-2025-3844 CVSS 9.8 | The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to Authentication Bypass in versions 1.9.1 to 7.5.2. This is due to handel_ajax_req(… |
| CVE-2025-3842 | CVE-2025-3842 CVSS 9.8 | A vulnerability was found in panhainan DS-Java 1.0 and classified as critical. This issue affects the function uploadUserPic.action of the file src/com/phn/act… |
| CVE-2025-3841 | CVE-2025-3841 CVSS 9.8 | A vulnerability, which was classified as problematic, was found in wix-incubator jam up to e87a6fd85cf8fb5ff37b62b2d68f917219d07ae9. This affects an unknown pa… |
| CVE-2025-3835 | CVE-2025-3835 CVSS 9.6 | Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code execution in the Content Search module. |
| CVE-2025-3831 | CVE-2025-3831 CVSS 9.8 | Log files uploaded during troubleshooting by the Harmony SASE agent may have been accessible to unauthorized parties. |
| CVE-2025-3830 | CVE-2025-3830 CVSS 9.8 | A vulnerability was found in kuangstudy KuangSimpleBBS 1.0. It has been declared as critical. Affected by this vulnerability is the function fileUpload of the … |
| CVE-2025-3829 | CVE-2025-3829 CVSS 9.8 | A vulnerability was found in PHPGurukul Men Salon Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin… |
| CVE-2025-3828 | CVE-2025-3828 CVSS 9.8 | A vulnerability was found in PHPGurukul Men Salon Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /adm… |
| CVE-2025-3827 | CVE-2025-3827 CVSS 9.8 | A vulnerability has been found in PHPGurukul Men Salon Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /a… |
| CVE-2025-3819 | CVE-2025-3819 CVSS 9.8 | A vulnerability has been found in PHPGurukul Men Salon Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functiona… |
| CVE-2025-3811 | CVE-2025-3811 CVSS 9.8 | The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. This is due to the pl… |
| CVE-2025-3810 | CVE-2025-3810 CVSS 9.8 | The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. This is due to the pl… |
| CVE-2025-3807 | CVE-2025-3807 CVSS 9.8 | A vulnerability, which was classified as critical, was found in zhenfeng13 My-BBS 1.0. This affects the function Upload of the file src/main/java/com/my/bbs/co… |
| CVE-2025-3800 | CVE-2025-3800 CVSS 9.8 | A vulnerability has been found in WCMS 11 and classified as critical. Affected by this vulnerability is an unknown functionality of the file app/controllers/An… |
| CVE-2025-3799 | CVE-2025-3799 CVSS 9.8 | A vulnerability, which was classified as critical, was found in WCMS 11. Affected is an unknown function of the file app/controllers/AnonymousController.php. T… |
| CVE-2025-3783 | CVE-2025-3783 CVSS 9.8 | A vulnerability classified as critical was found in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected by this vulnerability is an unkno… |
| CVE-2025-3762 | CVE-2025-3762 CVSS 9.8 | A vulnerability was found in PCMan FTP Server 2.0.7. It has been rated as critical. Affected by this issue is some unknown functionality of the component MPUT … |
| CVE-2025-3757 | CVE-2025-3757 CVSS 9.8 | Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification. |
| CVE-2025-3755 | CVE-2025-3755 CVSS 9.1 | Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a r… |
| CVE-2025-3746 | CVE-2025-3746 CVSS 9.8 | The OTP-less one tap Sign in plugin for WordPress is vulnerable to privilege escalation via account takeover in versions 2.0.14 to 2.0.59. This is due to the p… |
| CVE-2025-3729 | CVE-2025-3729 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. This issue affects some u… |
| CVE-2025-3727 | CVE-2025-3727 CVSS 9.8 | A vulnerability classified as critical has been found in PCMan FTP Server 2.0.7. This affects an unknown part of the component STATUS Command Handler. The mani… |
| CVE-2025-3726 | CVE-2025-3726 CVSS 9.8 | A vulnerability was found in PCMan FTP Server 2.0.7. It has been rated as critical. Affected by this issue is some unknown functionality of the component CD Co… |
| CVE-2025-3725 | CVE-2025-3725 CVSS 9.8 | A vulnerability was found in PCMan FTP Server 2.0.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the compon… |
| CVE-2025-3724 | CVE-2025-3724 CVSS 9.8 | A vulnerability was found in PCMan FTP Server 2.0.7. It has been classified as critical. Affected is an unknown function of the component DIR Command Handler. … |