32,772 indexed
CVECVE vulnerabilities
32,772 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 6,051–6,100 of 8,314 in Critical · page 122 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-32648 | CVE-2025-32648 CVSS 9.8 | Incorrect Privilege Assignment vulnerability in Projectopia Projectopia projectopia-core allows Privilege Escalation.This issue affects Projectopia: from n/a t… |
| CVE-2025-32643 | CVE-2025-32643 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla WPGYM allows Blind SQL Injection. This issue aff… |
| CVE-2025-32642 | CVE-2025-32642 CVSS 10.0 | Cross-Site Request Forgery (CSRF) vulnerability in appsbd Vite Coupon vite-coupon allows Remote Code Inclusion.This issue affects Vite Coupon: from n/a through… |
| CVE-2025-32641 | CVE-2025-32641 CVSS 9.6 | Cross-Site Request Forgery (CSRF) vulnerability in anantaddons Anant Addons for Elementor anant-addons-for-elementor allows Cross Site Request Forgery.This iss… |
| CVE-2025-32636 | CVE-2025-32636 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in matthewrubin Local Magic local-magic allows SQL Injection… |
| CVE-2025-32626 | CVE-2025-32626 CVSS 9.8 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Job Manager js-jobs allows SQL Injection.This … |
| CVE-2025-32607 | CVE-2025-32607 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in magepeopleteam WpBookingly service-booking-manager allows Object Injection.This issue affects WpBookingly: f… |
| CVE-2025-32603 | CVE-2025-32603 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in HK WP Online Users Stats wp-online-users-stats allows Bli… |
| CVE-2025-32583 | CVE-2025-32583 CVSS 9.9 | Improper Control of Generation of Code ('Code Injection') vulnerability in termel PDF 2 Post pdf2post allows Remote Code Inclusion.This issue affects PDF 2 Pos… |
| CVE-2025-3258 | CVE-2025-3258 CVSS 9.8 | A vulnerability classified as critical was found in PHPGurukul Old Age Home Management System 1.0. This vulnerability affects unknown code of the file /search.… |
| CVE-2025-32579 | CVE-2025-32579 CVSS 9.9 | Unrestricted Upload of File with Dangerous Type vulnerability in SoftClever Limited Sync Posts sync-posts allows Upload a Web Shell to a Web Server.This issue … |
| CVE-2025-32577 | CVE-2025-32577 CVSS 9.8 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in hakeemnala Build App Online build-app-… |
| CVE-2025-32576 | CVE-2025-32576 CVSS 9.6 | Cross-Site Request Forgery (CSRF) vulnerability in Agence web Eoxia - Montpellier WP shop wpshop allows Upload a Web Shell to a Web Server.This issue affects W… |
| CVE-2025-32572 | CVE-2025-32572 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in Climax Themes Kata Plus kata-plus allows Object Injection.This issue affects Kata Plus: from n/a through <= … |
| CVE-2025-32569 | CVE-2025-32569 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in RealMag777 TableOn posts-table-filterable allows Object Injection.This issue affects TableOn: from n/a throu… |
| CVE-2025-32568 | CVE-2025-32568 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in empik EmpikPlace for Woocommerce empik-for-woocommerce allows Object Injection.This issue affects EmpikPlace… |
| CVE-2025-32565 | CVE-2025-32565 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in vertim Neon Product Designer neon-product-designer-for-wo… |
| CVE-2025-3254 | CVE-2025-3254 CVSS 9.8 | A vulnerability was found in xujiangfei admintwo 1.0. It has been classified as critical. Affected is an unknown function of the file /resource/add. The manipu… |
| CVE-2025-32519 | CVE-2025-32519 CVSS 9.8 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Foysal Imran IDonate idonate allows PH… |
| CVE-2025-32510 | CVE-2025-32510 CVSS 10.0 | Unrestricted Upload of File with Dangerous Type vulnerability in ovatheme Ovatheme Events Manager ova-events-manager allows Using Malicious Files.This issue af… |
| CVE-2025-32496 | CVE-2025-32496 CVSS 9.6 | Cross-Site Request Forgery (CSRF) vulnerability in Uncodethemes Ultra Demo Importer ut-demo-importer allows Upload a Web Shell to a Web Server.This issue affec… |
| CVE-2025-32491 | CVE-2025-32491 CVSS 9.8 | Incorrect Privilege Assignment vulnerability in Rankology Rankology SEO – On-site SEO rankology-seo-all-in-one-seo-analytics allows Privilege Escalation.This i… |
| CVE-2025-3249 | CVE-2025-3249 CVSS 9.8 | A vulnerability classified as critical was found in TOTOLINK A6000R 1.0.1-B20201211.2000. Affected by this vulnerability is the function apcli_cancel_wps of th… |
| CVE-2025-32486 | CVE-2025-32486 CVSS 9.8 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Hossein Material Dashboard material-dashboard.This issue affects Material Dashboard: f… |
| CVE-2025-3248 | Langflow Missing Authentication Vulnerability KEVCVSS 9.8Langflow | Langflow contains a missing authentication vulnerability in the /api/v1/validate/code endpoint that allows a remote, unauthenticated attacker to execute arbitr… |
| CVE-2025-32469 | CVE-2025-32469 CVSS 9.9 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (Al… |
| CVE-2025-32461 | CVE-2025-32461 CVSS 9.9 | wikiplugin_includetpl in lib/wiki-plugins/wikiplugin_includetpl.php in Tiki before 28.3 mishandles input to an eval. The fixed versions are 21.12, 24.8, 27.2, … |
| CVE-2025-32460 | CVE-2025-32460 CVSS 9.1 | GraphicsMagick before 8e56520 has a heap-based buffer over-read in ReadJXLImage in coders/jxl.c, related to an ImportViewPixelArea call. |
| CVE-2025-3245 | CVE-2025-3245 CVSS 9.8 | A vulnerability was found in itsourcecode Library Management System 1.0. It has been rated as critical. Affected by this issue is the function Search of the fi… |
| CVE-2025-32445 | CVE-2025-32445 CVSS 9.9 | Argo Events is an event-driven workflow automation framework for Kubernetes. A user with permission to create/modify EventSource and Sensor custom resources ca… |
| CVE-2025-32444 | CVE-2025-32444 CVSS 9.8 | vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.6.5 and prior to 0.8.5, having vLLM integration … |
| CVE-2025-32440 | CVE-2025-32440 CVSS 9.8 | NetAlertX is a network, presence scanner and alert framework. Prior to version 25.4.14, it is possible to bypass the authentication mechanism of NetAlertX to u… |
| CVE-2025-32434 | CVE-2025-32434 CVSS 9.8 | PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In ve… |
| CVE-2025-32433 | Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerability KEVCVSS 10.0Erlang | Erlang Erlang/OTP SSH server contains a missing authentication for critical function vulnerability. This could allow an attacker to execute arbitrary commands … |
| CVE-2025-32432 | Craft CMS Code Injection Vulnerability KEVCVSS 10.0Craft CMS | Craft CMS contains a code injection vulnerability that allows a remote attacker to execute arbitrary code. |
| CVE-2025-32431 | CVE-2025-32431 CVSS 9.1 | Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. In versions prior to 2.11.24, 3.3.6, and 3.4.0-rc2. There is a potential vulnerability… |
| CVE-2025-32429 | CVE-2025-32429 CVSS 9.8 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 9.4-rc-1 through 16.10.5 and 17.0.0-rc-1 t… |
| CVE-2025-3242 | CVE-2025-3242 CVSS 9.8 | A vulnerability has been found in PHPGurukul e-Diary Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /sea… |
| CVE-2025-3241 | CVE-2025-3241 CVSS 9.8 | A vulnerability, which was classified as problematic, was found in zhangyanbo2007 youkefu up to 4.2.0. This affects an unknown part of the file src/main/java/c… |
| CVE-2025-32404 | CVE-2025-32404 CVSS 9.8 | An Out-of-bounds Write in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to corrupt the memory of IO devices that use the library by sending a malic… |
| CVE-2025-32403 | CVE-2025-32403 CVSS 9.8 | An Out-of-bounds Write in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to corrupt the memory of IO devices that use the library by sending a malic… |
| CVE-2025-32401 | CVE-2025-32401 CVSS 9.8 | An Heap-based Buffer Overflow in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to corrupt the memory of IO devices that use the library by sending … |
| CVE-2025-3240 | CVE-2025-3240 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in PHPGurukul Online Fire Reporting System 1.2. Affected by this issue is some unknown functi… |
| CVE-2025-3239 | CVE-2025-3239 CVSS 9.8 | A vulnerability classified as critical was found in PHPGurukul Online Fire Reporting System 1.2. Affected by this vulnerability is an unknown functionality of … |
| CVE-2025-3238 | CVE-2025-3238 CVSS 9.8 | A vulnerability classified as critical has been found in PHPGurukul Online Fire Reporting System 1.2. Affected is an unknown function of the file /search-reque… |
| CVE-2025-32375 | CVE-2025-32375 CVSS 9.8 | BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.8, there was an insecure deserializatio… |
| CVE-2025-32370 | CVE-2025-32370 CVSS 9.8 | Kentico Xperience before 13.0.178 has a specific set of allowed ContentUploader file extensions for unauthenticated uploads; however, because .zip is processed… |
| CVE-2025-32363 | CVE-2025-32363 CVSS 9.8 | mediDOK before 2.5.18.43 allows remote attackers to achieve remote code execution on a target system via deserialization of untrusted data. |
| CVE-2025-3235 | CVE-2025-3235 CVSS 9.8 | A vulnerability was found in PHPGurukul Old Age Home Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin… |
| CVE-2025-3231 | CVE-2025-3231 CVSS 9.8 | A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been rated as critical. This issue affects some unknown processing of the file /about… |