32,772 indexed
CVECVE vulnerabilities
32,772 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 6,151–6,200 of 8,314 in Critical · page 124 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-31715 | CVE-2025-31715 CVSS 9.8 | In vowifi service, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with no additional… |
| CVE-2025-3171 | CVE-2025-3171 CVSS 9.8 | A vulnerability classified as critical was found in Project Worlds Online Lawyer Management System 1.0. This vulnerability affects unknown code of the file /ap… |
| CVE-2025-3170 | CVE-2025-3170 CVSS 9.8 | A vulnerability classified as critical has been found in Project Worlds Online Lawyer Management System 1.0. This affects an unknown part of the file /admin_us… |
| CVE-2025-31691 | CVE-2025-31691 CVSS 9.8 | Missing Authorization vulnerability in Drupal OAuth2 Server allows Forceful Browsing.This issue affects OAuth2 Server: from 0.0.0 before 2.1.0. |
| CVE-2025-31685 | CVE-2025-31685 CVSS 9.1 | Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.This issue affects Open Social: from 0.0.0 before 12.3.11, from 12.4.0 befor… |
| CVE-2025-31681 | CVE-2025-31681 CVSS 9.8 | Missing Authorization vulnerability in Drupal Authenticator Login allows Forceful Browsing.This issue affects Authenticator Login: from 0.0.0 before 2.0.6. |
| CVE-2025-3168 | CVE-2025-3168 CVSS 9.8 | A vulnerability was found in PHPGurukul Time Table Generator System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functio… |
| CVE-2025-31651 | CVE-2025-31651 CVSS 9.8 | Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was poss… |
| CVE-2025-3164 | CVE-2025-3164 CVSS 9.8 | A vulnerability was found in Tencent Music Entertainment SuperSonic up to 0.9.8. It has been rated as critical. Affected by this issue is some unknown function… |
| CVE-2025-31631 | CVE-2025-31631 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in AncoraThemes Fish House fish-house allows Object Injection.This issue affects Fish House: from n/a through <… |
| CVE-2025-31612 | CVE-2025-31612 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in Sabuj Kundu CBX Poll cbxpoll allows Object Injection.This issue affects CBX Poll: from n/a through <= 2.0.4. |
| CVE-2025-31599 | CVE-2025-31599 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in N-Media Bulk Product Sync sync-wc-google allows SQL Injec… |
| CVE-2025-31579 | CVE-2025-31579 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in EXEIdeas International WP AutoKeyword wp-autokeyword allo… |
| CVE-2025-31565 | CVE-2025-31565 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lisandro Martinez WPSmartContracts wp-smart-contracts all… |
| CVE-2025-31553 | CVE-2025-31553 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFactory Advanced WooCommerce Product Sales Reporting we… |
| CVE-2025-31552 | CVE-2025-31552 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in davidfcarr RSVPMarker rsvpmaker allows SQL Injection.Thi… |
| CVE-2025-31551 | CVE-2025-31551 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Salesmate.io Salesmate Add-On for Gravity Forms gf-salesm… |
| CVE-2025-31534 | CVE-2025-31534 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shopperdotcom Shopper shopper allows SQL Injection.This i… |
| CVE-2025-31531 | CVE-2025-31531 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in click5 History Log by click5 history-log-by-click5 allows… |
| CVE-2025-3151 | CVE-2025-3151 CVSS 9.8 | A vulnerability was found in SourceCodester Gym Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of t… |
| CVE-2025-31493 | CVE-2025-31493 CVSS 9.1 | Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby sites that use the `coll… |
| CVE-2025-31480 | CVE-2025-31480 CVSS 9.1 | aiven-extras is a PostgreSQL extension. This is a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the … |
| CVE-2025-31477 | CVE-2025-31477 CVSS 9.8 | The Tauri shell plugin allows access to the system shell. Prior to 2.2.1, the Tauri shell plugin exposes functionality to execute code and open programs on the… |
| CVE-2025-3147 | CVE-2025-3147 CVSS 9.8 | A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /add-subad… |
| CVE-2025-3146 | CVE-2025-3146 CVSS 9.8 | A vulnerability, which was classified as critical, was found in PHPGurukul Bus Pass Management System 1.0. This affects an unknown part of the file /view-pass-… |
| CVE-2025-31430 | CVE-2025-31430 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in themeton The Business allows Object Injection. This issue affects The Business: from n/a through 1.6.1. |
| CVE-2025-31429 | CVE-2025-31429 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in themeton PressGrid - Frontend Publish Reaction & Multimedia Theme allows Object Injection. This issue affect… |
| CVE-2025-31424 | CVE-2025-31424 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav WP Lead Capturing Pages leadcapture allows B… |
| CVE-2025-31423 | CVE-2025-31423 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in AncoraThemes Umberto umberto allows Object Injection.This issue affects Umberto: from n/a through <= 1.2.8. |
| CVE-2025-3141 | CVE-2025-3141 CVSS 9.8 | A vulnerability was found in SourceCodester Online Medicine Ordering System 1.0. It has been declared as critical. This vulnerability affects unknown code of t… |
| CVE-2025-31403 | CVE-2025-31403 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shiptrack Booking Calendar and Notification booking-calen… |
| CVE-2025-3140 | CVE-2025-3140 CVSS 9.8 | A vulnerability was found in SourceCodester Online Medicine Ordering System 1.0. It has been classified as critical. This affects an unknown part of the file /… |
| CVE-2025-31398 | CVE-2025-31398 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in themeton PIMP - Creative MultiPurpose allows Object Injection. This issue affects PIMP - Creative MultiPurpo… |
| CVE-2025-31397 | CVE-2025-31397 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in smartcms Bus Ticket Booking with Seat Reservation for Woo… |
| CVE-2025-31396 | CVE-2025-31396 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in themeton FLAP - Business WordPress Theme allows Object Injection. This issue affects FLAP - Business WordPre… |
| CVE-2025-31380 | CVE-2025-31380 CVSS 9.8 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in videowhisper Paid Videochat Turnkey Site ppv-live-webcams allows Password Recovery Exp… |
| CVE-2025-3138 | CVE-2025-3138 CVSS 9.8 | A vulnerability has been found in PHPGurukul Online Security Guards Hiring System 1.0 and classified as critical. Affected by this vulnerability is an unknown … |
| CVE-2025-3137 | CVE-2025-3137 CVSS 9.8 | A vulnerability, which was classified as critical, was found in PHPGurukul Online Security Guards Hiring System 1.0. Affected is an unknown function of the fil… |
| CVE-2025-31355 | CVE-2025-31355 CVSS 9.8 | A firmware update vulnerability exists in the Firmware Signature Validation functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted malicious file c… |
| CVE-2025-3135 | CVE-2025-3135 CVSS 9.8 | A vulnerability classified as critical was found in fcba_zzm ics-park Smart Park Management System 2.1. This vulnerability affects unknown code of the file /ap… |
| CVE-2025-31330 | CVE-2025-31330 CVSS 9.9 | SAP Landscape Transformation (SLT) allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables… |
| CVE-2025-31324 | SAP NetWeaver Unrestricted File Upload Vulnerability KEVCVSS 9.8SAP | SAP NetWeaver Visual Composer Metadata Uploader contains an unrestricted file upload vulnerability that allows an unauthenticated agent to upload potentially m… |
| CVE-2025-31286 | CVE-2025-31286 CVSS 9.0 | An HTML injection vulnerability previously discovered in Trend Vision One could have allowed a malicious user to execute arbitrary code. Please note: this i… |
| CVE-2025-31281 | CVE-2025-31281 CVSS 9.1 | An input validation issue was addressed with improved memory handling. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS… |
| CVE-2025-3128 | CVE-2025-3128 CVSS 9.8 | A remote unauthenticated attacker who has bypassed authentication could execute arbitrary OS commands to disclose, tamper with, destroy or delete information… |
| CVE-2025-31279 | CVE-2025-31279 CVSS 9.8 | A permissions issue was addressed with additional restrictions. This issue is fixed in iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13… |
| CVE-2025-31263 | CVE-2025-31263 CVSS 9.1 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4. An app may be able to corrupt coprocessor memory. |
| CVE-2025-31255 | CVE-2025-31255 CVSS 9.8 | An authorization issue was addressed with improved state management. This issue is fixed in iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS … |
| CVE-2025-31229 | CVE-2025-31229 CVSS 9.1 | A logic issue was addressed with improved checks. This issue is fixed in iOS 18.6 and iPadOS 18.6. Passcode may be read aloud by VoiceOver. |
| CVE-2025-31201 | Apple Multiple Products Arbitrary Read and Write Vulnerability KEVCVSS 9.8Apple | Apple iOS, iPadOS, macOS, and other Apple products contain an arbitrary read and write vulnerability that allows an attacker to bypass Pointer Authentication. |