32,772 indexed
CVECVE vulnerabilities
32,772 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 6,001–6,050 of 8,314 in Critical · page 121 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-3312 | CVE-2025-3312 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in PHPGurukul Men Salon Management System 1.0. This issue affects some unknown processing of … |
| CVE-2025-33117 | CVE-2025-33117 CVSS 9.1 | IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 could allow a privileged user to modify configuration files that would allow the upload of a malicious aut… |
| CVE-2025-3311 | CVE-2025-3311 CVSS 9.8 | A vulnerability classified as critical was found in PHPGurukul Men Salon Management System 1.0. This vulnerability affects unknown code of the file /admin/abou… |
| CVE-2025-3310 | CVE-2025-3310 CVSS 9.8 | A vulnerability classified as critical has been found in code-projects Blood Bank Management System 1.0. This affects an unknown part of the file /admin/delete… |
| CVE-2025-3309 | CVE-2025-3309 CVSS 9.8 | A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionalit… |
| CVE-2025-33089 | CVE-2025-33089 CVSS 9.8 | IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information or perform unauthorized actions due to the use of hard coded user… |
| CVE-2025-3308 | CVE-2025-3308 CVSS 9.8 | A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown fun… |
| CVE-2025-3307 | CVE-2025-3307 CVSS 9.8 | A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /r… |
| CVE-2025-3306 | CVE-2025-3306 CVSS 9.8 | A vulnerability was found in code-projects Blood Bank Management System 1.0 and classified as critical. This issue affects some unknown processing of the file … |
| CVE-2025-33025 | CVE-2025-33025 CVSS 9.9 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (Al… |
| CVE-2025-33024 | CVE-2025-33024 CVSS 9.9 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (Al… |
| CVE-2025-32991 | CVE-2025-32991 CVSS 9.0 | In N2WS Backup & Recovery before 4.4.0, a two-step attack against the RESTful API results in remote code execution. |
| CVE-2025-32985 | CVE-2025-32985 CVSS 9.8 | NETSCOUT nGeniusONE before 6.4.0 b2350 has Hardcoded Credentials that can be obtained from JAR files. |
| CVE-2025-32980 | CVE-2025-32980 CVSS 9.8 | NETSCOUT nGeniusONE before 6.4.0 P11 b3245 has a Weak Sudo Configuration. |
| CVE-2025-32977 | CVE-2025-32977 CVSS 9.6 | Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1… |
| CVE-2025-32975 | Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability KEVCVSS 10.0Quest | Quest KACE Systems Management Appliance (SMA) contains an improper authentication vulnerability that could allow attackers to impersonate legitimate users with… |
| CVE-2025-32974 | CVE-2025-32974 CVSS 9.0 | XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.8 and from 16.0.0-rc-1 to before 16.2.0, the required rights analysis doe… |
| CVE-2025-32973 | CVE-2025-32973 CVSS 9.0 | XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.… |
| CVE-2025-32969 | CVE-2025-32969 CVSS 9.8 | XWiki is a generic wiki platform. In versions starting from 1.8 and prior to 15.10.16, 16.4.6, and 16.10.1, it is possible for a remote unauthenticated user to… |
| CVE-2025-32966 | CVE-2025-32966 CVSS 9.8 | DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.8, authenticated users can complete RCE through the backend JDBC link. This is… |
| CVE-2025-32958 | CVE-2025-32958 CVSS 9.8 | Adept is a language for general purpose programming. Prior to commit a1a41b7, the remoteBuild.yml workflow file uses actions/upload-artifact@v4 to upload the m… |
| CVE-2025-32931 | CVE-2025-32931 CVSS 9.1 | DevDojo Voyager 1.4.0 through 1.8.0, when Laravel 8 or later is used, allows authenticated administrators to execute arbitrary OS commands via a specific php a… |
| CVE-2025-32928 | CVE-2025-32928 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in ThemeGoods Altair altair allows Object Injection.This issue affects Altair: from n/a through <= 5.2.2. |
| CVE-2025-32927 | CVE-2025-32927 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in Chimpstudio FoodBakery wp-foodbakery allows Object Injection.This issue affects FoodBakery: from n/a through… |
| CVE-2025-32926 | CVE-2025-32926 CVSS 9.8 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Path Travers… |
| CVE-2025-32925 | CVE-2025-32925 CVSS 9.8 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in FantasticPlugins SUMO Reward Points re… |
| CVE-2025-32911 | CVE-2025-32911 CVSS 9.0 | A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP cli… |
| CVE-2025-32897 | CVE-2025-32897 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in Apache Seata (incubating). This security vulnerability is the same as CVE-2024-47552, but the version range… |
| CVE-2025-32880 | CVE-2025-32880 CVSS 9.8 | An issue was discovered on COROS PACE 3 devices through 3.0808.0. It implements a function to connect the watch to a WLAN. With WLAN access, the COROS Pace 3 d… |
| CVE-2025-32878 | CVE-2025-32878 CVSS 9.8 | An issue was discovered on COROS PACE 3 devices through 3.0808.0. It implements a function to connect the watch to a WLAN. This function is mainly for download… |
| CVE-2025-32877 | CVE-2025-32877 CVSS 9.8 | An issue was discovered on COROS PACE 3 devices through 3.0808.0. It identifies itself as a device without input or output capabilities, which results in the u… |
| CVE-2025-32814 | CVE-2025-32814 CVSS 9.8 | An issue was discovered in Infoblox NETMRI before 7.6.1. Unauthenticated SQL Injection can occur. |
| CVE-2025-32800 | CVE-2025-32800 CVSS 9.8 | Conda-build contains commands and tools to build conda packages. Prior to version 25.3.0, the pyproject.toml lists conda-index as a Python dependency. This pac… |
| CVE-2025-32799 | CVE-2025-32799 CVSS 9.8 | Conda-build contains commands and tools to build conda packages. Prior to version 25.4.0, the conda-build processing logic is vulnerable to path traversal (Tar… |
| CVE-2025-32798 | CVE-2025-32798 CVSS 9.8 | Conda-build contains commands and tools to build conda packages. Prior to version 25.4.0, the conda-build recipe processing logic has been found to be vulnerab… |
| CVE-2025-3278 | CVE-2025-3278 CVSS 9.8 | The UrbanGo Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.0.4. This is due to the plugin allowing u… |
| CVE-2025-3277 | CVE-2025-3277 CVSS 9.8 | An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then w… |
| CVE-2025-32756 | Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability KEVCVSS 9.8Fortinet | Fortinet FortiFone, FortiVoice, FortiNDR and FortiMail contain a stack-based overflow vulnerability that may allow a remote unauthenticated attacker to execute… |
| CVE-2025-32755 | CVE-2025-32755 CVSS 9.1 | In jenkins/ssh-slave Docker images based on Debian, SSH host keys are generated on image creation for images based on Debian, causing all containers based on i… |
| CVE-2025-32754 | CVE-2025-32754 CVSS 9.1 | In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys are generated on image creation for images based on Debian, causing all containers based o… |
| CVE-2025-32743 | CVE-2025-32743 CVSS 9.0 | In ConnMan through 1.44, the lookup string in ns_resolv in dnsproxy.c can be NULL or an empty string when the TC (Truncated) bit is set in a DNS response. This… |
| CVE-2025-32695 | CVE-2025-32695 CVSS 9.8 | Incorrect Privilege Assignment vulnerability in Mestres do WP Checkout Mestres WP checkout-mestres-wp allows Privilege Escalation.This issue affects Checkout M… |
| CVE-2025-32682 | CVE-2025-32682 CVSS 9.9 | Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG mapsvg-lite-interactive-vector-maps allows Upload a Web Shell to a Web Server… |
| CVE-2025-3268 | CVE-2025-3268 CVSS 9.8 | A vulnerability has been found in qinguoyi TinyWebServer up to 1.0 and classified as critical. This vulnerability affects unknown code of the file http/http_co… |
| CVE-2025-32665 | CVE-2025-32665 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WebbyTemplate Office Locator office-locator allows SQL In… |
| CVE-2025-32660 | CVE-2025-32660 CVSS 9.8 | Unrestricted Upload of File with Dangerous Type vulnerability in JoomSky JS Job Manager js-jobs allows Upload a Web Shell to a Web Server.This issue affects JS… |
| CVE-2025-3266 | CVE-2025-3266 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in qinguoyi TinyWebServer up to 1.0. Affected by this issue is some unknown functionality of … |
| CVE-2025-32658 | CVE-2025-32658 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in wpWax HelpGent helpgent allows Object Injection.This issue affects HelpGent: from n/a through <= 2.2.5. |
| CVE-2025-32652 | CVE-2025-32652 CVSS 9.9 | Unrestricted Upload of File with Dangerous Type vulnerability in solacewp Solace Extra solace-extra allows Using Malicious Files.This issue affects Solace Extr… |
| CVE-2025-3265 | CVE-2025-3265 CVSS 9.8 | A vulnerability classified as critical was found in PHPGurukul e-Diary Management System 1.0. Affected by this vulnerability is an unknown functionality of the… |