32,772 indexed
CVECVE vulnerabilities
32,772 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 5,901–5,950 of 8,314 in Critical · page 119 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-34468 | CVE-2025-34468 CVSS 9.8 | libcoap versions up to and including 4.3.5, prior to commit 30db3ea, contain a stack-based buffer overflow in address resolution when attacker-controlled hostn… |
| CVE-2025-34449 | CVE-2025-34449 CVSS 9.1 | Genymobile/scrcpy versions up to and including 3.3.3, prior to commit 3e40b24, contain a buffer overflow vulnerability in the sc_device_msg_deserialize() funct… |
| CVE-2025-34434 | CVE-2025-34434 CVSS 9.1 | AVideo versions prior to 20.1 with the ImageGallery plugin enabled is vulnerable to unauthenticated file upload and deletion. Plugin endpoints responsible for … |
| CVE-2025-34394 | CVE-2025-34394 CVSS 9.8 | Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, exposes a .NET Remoting service that is insufficiently protected a… |
| CVE-2025-34393 | CVE-2025-34393 CVSS 9.8 | Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not correctly verify the name of an attacker-controlled WSDL … |
| CVE-2025-34392 | CVE-2025-34392 CVSS 9.8 | Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not verify the URL defined in an attacker-controlled WSDL tha… |
| CVE-2025-3439 | CVE-2025-3439 CVSS 9.8 | The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in a… |
| CVE-2025-34329 | CVE-2025-34329 CVSS 9.8 | AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 expose an unauthenticated backup upload endpoint at AudioCodes_file… |
| CVE-2025-34328 | CVE-2025-34328 CVSS 9.8 | AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component (F2MAdmin) that exposes an u… |
| CVE-2025-34299 | CVE-2025-34299 CVSS 9.8 | Monsta FTP versions 2.11 and earlier contain a vulnerability that allows unauthenticated arbitrary file uploads. This flaw enables attackers to execute arbitra… |
| CVE-2025-34282 | CVE-2025-34282 CVSS 9.1 | ThingsBoard versions < 4.2.1 contain a server-side request forgery (SSRF) vulnerability in the dashboard's Image Upload Gallery feature. An attacker can upload… |
| CVE-2025-34277 | CVE-2025-34277 CVSS 9.8 | Nagios Log Server versions prior to 2024R1.3.1 contain a code injection vulnerability where malformed dashboard ID values are not properly validated before bei… |
| CVE-2025-34274 | CVE-2025-34274 CVSS 9.8 | Nagios Log Server versions prior to 2024R2.0.3 contain an execution with unnecessary privileges vulnerability as it runs its embedded Logstash process as the r… |
| CVE-2025-34271 | CVE-2025-34271 CVSS 9.8 | Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the cluster manager component when requesting sensitive credentials from peer nodes o… |
| CVE-2025-34267 | CVE-2025-34267 CVSS 9.9 | Flowise v3.0.1 < 3.0.8 and all versions after with 'ALLOW_BUILTIN_DEP' enabled contain an authenticated remote code execution vulnerability and node VM sandbox… |
| CVE-2025-34256 | CVE-2025-34256 CVSS 9.8 | Advantech WISE-DeviceOn Server versions prior to 5.4 contain a hard-coded cryptographic key vulnerability. The product uses a static HS512 HMAC secret for sign… |
| CVE-2025-34224 | CVE-2025-34224 CVSS 9.1 | Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) expose … |
| CVE-2025-34223 | CVE-2025-34223 CVSS 9.8 | Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) contain… |
| CVE-2025-34222 | CVE-2025-34222 CVSS 9.1 | Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) expose … |
| CVE-2025-34221 | CVE-2025-34221 CVSS 9.8 | Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169 and Application prior to version 25.2.1518 (VA/SaaS deployments) expose e… |
| CVE-2025-34218 | CVE-2025-34218 CVSS 9.8 | Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) expose … |
| CVE-2025-34217 | CVE-2025-34217 CVSS 9.8 | Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments) contain an undocumented 'printerlogic' user with a hardcoded … |
| CVE-2025-34216 | CVE-2025-34216 CVSS 9.8 | Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1026 and Application prior to version 20.0.2702 (VA deployments only) expose … |
| CVE-2025-34215 | CVE-2025-34215 CVSS 9.8 | Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1026 and Application prior to version 20.0.2702 (only VA deployments) expose … |
| CVE-2025-34212 | CVE-2025-34212 CVSS 9.8 | Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.843 and Application prior to version 20.0.1923 (VA/SaaS deployments) possess … |
| CVE-2025-34207 | CVE-2025-34207 CVSS 9.8 | Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 22.0.1049 and Application prior to 20.0.2786 (VA and SaaS deployments) configure the SSH c… |
| CVE-2025-34206 | CVE-2025-34206 CVSS 9.8 | Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) mount host configuration and secret material under /var/w… |
| CVE-2025-34205 | CVE-2025-34205 CVSS 9.8 | Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.843 and Application prior to 20.0.1923 (VA and SaaS deployments) contains da… |
| CVE-2025-34204 | CVE-2025-34204 CVSS 9.8 | Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) contains multiple Docker containers that run primary appl… |
| CVE-2025-34203 | CVE-2025-34203 CVSS 9.8 | Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.1002 and Application versions prior to 20.0.2614 (VA and SaaS deployments) c… |
| CVE-2025-34198 | CVE-2025-34198 CVSS 9.8 | Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.951 and Application prior to 20.0.2368 (VA and SaaS deployments) contain sha… |
| CVE-2025-34196 | CVE-2025-34196 CVSS 9.8 | Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Application prior to 25.1.1413 (Windows client deployments) contain … |
| CVE-2025-34195 | CVE-2025-34195 CVSS 9.8 | Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application prior to 20.0.1330 (Windows client deployments) contain a… |
| CVE-2025-34193 | CVE-2025-34193 CVSS 9.8 | Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Application versions prior to 25.1.1413 include Windows client compo… |
| CVE-2025-34192 | CVE-2025-34192 CVSS 9.8 | Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.893 and Application versions prior to 20.0.2140 (macOS/Linux client deployme… |
| CVE-2025-34186 | CVE-2025-34186 CVSS 9.8 | Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a vulnerability in its authentication mechanism. Unsanitized input is passed to a system() call for au… |
| CVE-2025-34184 | CVE-2025-34184 CVSS 9.8 | Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains an unauthenticated OS command injection vulnerability in the /ajax/php/login.php script. Remote attackers… |
| CVE-2025-34157 | CVE-2025-34157 CVSS 9.0 | Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a stored cross-site scripting (XSS) attack in the project creation workflow. An authenticated use… |
| CVE-2025-34111 | CVE-2025-34111 CVSS 9.8 | An unauthenticated arbitrary file upload vulnerability exists in Tiki Wiki CMS Groupware version 15.1 and earlier via the ELFinder component's default connecto… |
| CVE-2025-34071 | CVE-2025-34071 CVSS 9.8 | A remote code execution vulnerability in GFI Kerio Control 9.4.5 allows attackers with administrative access to upload and execute arbitrary code through the f… |
| CVE-2025-34070 | CVE-2025-34070 CVSS 9.8 | A missing authentication vulnerability in the GFIAgent component of GFI Kerio Control 9.4.5 allows unauthenticated remote attackers to perform privileged opera… |
| CVE-2025-34069 | CVE-2025-34069 CVSS 9.8 | An authentication bypass vulnerability exists in GFI Kerio Control 9.4.5 due to insecure default proxy configuration and weak access control in the GFIAgent se… |
| CVE-2025-34036 | CVE-2025-34036 CVSS 9.8 | An OS command injection vulnerability exists in white-labeled DVRs manufactured by TVT, affecting a custom HTTP service called "Cross Web Server" that listens … |
| CVE-2025-34035 | CVE-2025-34035 CVSS 9.8 | An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and earlier. The usbinteract.cgi script fails to properly sanitiz… |
| CVE-2025-34028 | Commvault Command Center Path Traversal Vulnerability KEVCVSS 10.0Commvault | Commvault Command Center contains a path traversal vulnerability that allows a remote, unauthenticated attacker to execute arbitrary code. |
| CVE-2025-3401 | CVE-2025-3401 CVSS 9.8 | A vulnerability has been found in ESAFENET CDG 5.6.3.154.205_20250114 and classified as critical. This vulnerability affects unknown code of the file /paramete… |
| CVE-2025-3400 | CVE-2025-3400 CVSS 9.8 | A vulnerability, which was classified as critical, was found in ESAFENET CDG 5.6.3.154.205_20250114. This affects an unknown part of the file /client/UnChkMail… |
| CVE-2025-3399 | CVE-2025-3399 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in ESAFENET CDG 5.6.3.154.205_20250114. Affected by this issue is some unknown functionality … |
| CVE-2025-3398 | CVE-2025-3398 CVSS 9.8 | A vulnerability classified as critical was found in lenve VBlog up to 1.0.0. Affected by this vulnerability is the function configure of the file blogserver/sr… |
| CVE-2025-3384 | CVE-2025-3384 CVSS 9.8 | A vulnerability was found in 1000 Projects Human Resource Management System 1.0. It has been classified as critical. Affected is an unknown function of the fil… |