32,772 indexed
CVECVE vulnerabilities
32,772 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 5,801–5,850 of 8,314 in Critical · page 117 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-3723 | CVE-2025-3723 CVSS 9.8 | A vulnerability was found in PCMan FTP Server 2.0.7 and classified as critical. This issue affects some unknown processing of the component MDTM Command Handle… |
| CVE-2025-37184 | CVE-2025-37184 CVSS 9.8 | A vulnerability exists in an Orchestrator service that could allow an unauthenticated remote attacker to bypass multi-factor authentication requirements. Succe… |
| CVE-2025-37168 | CVE-2025-37168 CVSS 9.1 | Arbitrary file deletion vulnerability have been identified in a system function of mobility conductors running AOS-8 operating system. Successful exploitation … |
| CVE-2025-37164 | Hewlett Packard Enterprise (HPE) OneView Code Injection Vulnerability KEVCVSS 9.8Hewlett Packard Enterprise (HPE) | Hewlett Packard Enterprise (HPE) OneView contains a code injection vulnerability that allows a remote unauthenticated user to perform remote code execution. |
| CVE-2025-3714 | CVE-2025-3714 CVSS 9.8 | The LCD KVM over IP Switch CL5708IM has a Stack-based Buffer Overflow vulnerability in firmware versions prior to v2.2.215, allowing unauthenticated remote att… |
| CVE-2025-3711 | CVE-2025-3711 CVSS 9.8 | The LCD KVM over IP Switch CL5708IM has a Stack-based Buffer Overflow vulnerability in firmware versions prior to v2.2.215, allowing unauthenticated remote att… |
| CVE-2025-37107 | CVE-2025-37107 CVSS 9.8 | An authentication bypass vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18. |
| CVE-2025-37106 | CVE-2025-37106 CVSS 9.8 | An authentication bypass and disclosure of information vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18. |
| CVE-2025-37105 | CVE-2025-37105 CVSS 9.8 | An hsqldb-related remote code execution vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18. |
| CVE-2025-37103 | CVE-2025-37103 CVSS 9.8 | Hard-coded login credentials were found in HPE Networking Instant On Access Points, allowing anyone with knowledge of it to bypass normal device authenticati… |
| CVE-2025-3710 | CVE-2025-3710 CVSS 9.8 | The LCD KVM over IP Switch CL5708IM has a Stack-based Buffer Overflow vulnerability in firmware versions prior to v2.2.215, allowing unauthenticated remote att… |
| CVE-2025-37099 | CVE-2025-37099 CVSS 9.8 | A remote code execution vulnerability exists in HPE Insight Remote Support (IRS) prior to v7.15.0.646. |
| CVE-2025-37096 | CVE-2025-37096 CVSS 9.8 | A command injection remote code execution vulnerability exists in HPE StoreOnce Software. |
| CVE-2025-37095 | CVE-2025-37095 CVSS 9.8 | A directory traversal information disclosure vulnerability exists in HPE StoreOnce Software. |
| CVE-2025-37094 | CVE-2025-37094 CVSS 9.1 | A directory traversal arbitrary file deletion vulnerability exists in HPE StoreOnce Software. |
| CVE-2025-37093 | CVE-2025-37093 CVSS 9.8 | An authentication bypass vulnerability exists in HPE StoreOnce Software. |
| CVE-2025-37092 | CVE-2025-37092 CVSS 9.8 | A command injection remote code execution vulnerability exists in HPE StoreOnce Software. |
| CVE-2025-37091 | CVE-2025-37091 CVSS 9.8 | A command injection remote code execution vulnerability exists in HPE StoreOnce Software. |
| CVE-2025-37090 | CVE-2025-37090 CVSS 9.8 | A server-side request forgery vulnerability exists in HPE StoreOnce Software. |
| CVE-2025-3709 | CVE-2025-3709 CVSS 9.8 | Agentflow from Flowring Technology has an Account Lockout Bypass vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to perf… |
| CVE-2025-37089 | CVE-2025-37089 CVSS 9.8 | A command injection remote code execution vulnerability exists in HPE StoreOnce Software. |
| CVE-2025-37087 | CVE-2025-37087 CVSS 9.8 | A vulnerability in the cmdb service of the HPE Performance Cluster Manager (HPCM) could allow an attacker to gain access to an arbitrary file on the server hos… |
| CVE-2025-3708 | CVE-2025-3708 CVSS 9.8 | Le-show medical practice management system from Le-yan has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL com… |
| CVE-2025-3699 | CVE-2025-3699 CVSS 9.8 | Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation G-50 all versions, G-50-W all versions, G-50A all versions, GB-50… |
| CVE-2025-3694 | CVE-2025-3694 CVSS 9.8 | A vulnerability classified as critical has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown part of the c… |
| CVE-2025-36937 | CVE-2025-36937 CVSS 9.8 | In AudioDecoder::HandleProduceRequest of audio_decoder.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote … |
| CVE-2025-3693 | CVE-2025-3693 CVSS 9.8 | A vulnerability was found in Tenda W12 3.0.0.5. It has been rated as critical. Affected by this issue is the function cgiWifiRadioSet of the file /bin/httpd. T… |
| CVE-2025-36904 | CVE-2025-36904 CVSS 9.8 | WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-396458384. |
| CVE-2025-3690 | CVE-2025-3690 CVSS 9.8 | A vulnerability was found in PHPGurukul Men Salon Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /adm… |
| CVE-2025-36897 | CVE-2025-36897 CVSS 9.8 | In unknown of cd_CnMsgCodecUserApi.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no… |
| CVE-2025-36896 | CVE-2025-36896 CVSS 9.8 | WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-394765106. |
| CVE-2025-36890 | CVE-2025-36890 CVSS 9.8 | Elevation of Privilege |
| CVE-2025-3689 | CVE-2025-3689 CVSS 9.8 | A vulnerability has been found in PHPGurukul Men Salon Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /a… |
| CVE-2025-36846 | CVE-2025-36846 CVSS 9.8 | An issue was discovered in Eveo URVE Web Manager 27.02.2025. The application exposes a /_internal/pc/vpro.php localhost endpoint to unauthenticated users that … |
| CVE-2025-3684 | CVE-2025-3684 CVSS 9.8 | A vulnerability was found in Xianqi Kindergarten Management System 2.0 Bulid 20190808. It has been rated as critical. This issue affects some unknown processin… |
| CVE-2025-3683 | CVE-2025-3683 CVSS 9.8 | A vulnerability was found in PCMan FTP Server 2.0.7. It has been declared as critical. This vulnerability affects unknown code of the component SIZE Command Ha… |
| CVE-2025-3682 | CVE-2025-3682 CVSS 9.8 | A vulnerability was found in PCMan FTP Server 2.0.7. It has been classified as critical. This affects an unknown part of the component PASV Command Handler. Th… |
| CVE-2025-3681 | CVE-2025-3681 CVSS 9.8 | A vulnerability was found in PCMan FTP Server 2.0.7 and classified as critical. Affected by this issue is some unknown functionality of the component MODE Comm… |
| CVE-2025-3680 | CVE-2025-3680 CVSS 9.8 | A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as critical. Affected by this vulnerability is an unknown functionality of the componen… |
| CVE-2025-3679 | CVE-2025-3679 CVSS 9.8 | A vulnerability, which was classified as critical, was found in PCMan FTP Server 2.0.7. Affected is an unknown function of the component HOST Command Handler. … |
| CVE-2025-3678 | CVE-2025-3678 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. This issue affects some unknown processing of the component HELP C… |
| CVE-2025-3676 | CVE-2025-3676 CVSS 9.8 | A vulnerability classified as critical has been found in xxyopen Novel-Plus 3.5.0. This affects an unknown part of the file /api/front/search/books. The manipu… |
| CVE-2025-36753 | CVE-2025-36753 CVSS 9.8 | The SWD debug interface on the Growatt ShineLan-X communication dongle is available by default, allowing an attacker to attain debug access to the device and t… |
| CVE-2025-36752 | CVE-2025-36752 CVSS 9.8 | Growatt ShineLan-X communication dongle has an undocumented backup account with undocumented credentials which allows significant level access to the device, s… |
| CVE-2025-36747 | CVE-2025-36747 CVSS 9.8 | ShineLan-X contains a set of credentials for an FTP server was found within the firmware, allowing testers to establish an insecure FTP connection with the ser… |
| CVE-2025-36604 | CVE-2025-36604 CVSS 9.8 | Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A… |
| CVE-2025-36594 | CVE-2025-36594 CVSS 9.8 | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2024 release Versions 7.13.1.0… |
| CVE-2025-36548 | CVE-2025-36548 CVSS 9.6 | A cross-site scripting (xss) vulnerability exists in the LoginWordPress loginForm cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8… |
| CVE-2025-3654 | CVE-2025-3654 CVSS 9.8 | Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnerability that allows unauthorized access to device hardware in… |
| CVE-2025-36535 | CVE-2025-36535 CVSS 10.0 | The embedded web server lacks authentication and access controls, allowing unrestricted remote access. This could lead to configuration changes, operational di… |