32,772 indexed
CVECVE vulnerabilities
32,772 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 6,201–6,250 of 8,314 in Critical · page 125 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-31200 | Apple Multiple Products Memory Corruption Vulnerability KEVCVSS 9.8Apple | Apple iOS, iPadOS, macOS, and other Apple products contain a memory corruption vulnerability that allows for code execution when processing an audio stream in … |
| CVE-2025-3120 | CVE-2025-3120 CVSS 9.8 | A vulnerability was found in SourceCodester Apartment Visitors Management System 1.0. It has been rated as critical. This issue affects some unknown processing… |
| CVE-2025-31194 | CVE-2025-31194 CVSS 9.8 | An authentication issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A S… |
| CVE-2025-3119 | CVE-2025-3119 CVSS 9.8 | A vulnerability was found in SourceCodester Online Tutor Portal 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /tut… |
| CVE-2025-31183 | CVE-2025-31183 CVSS 9.8 | The issue was addressed with improved restriction of data container access. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 1… |
| CVE-2025-31182 | CVE-2025-31182 CVSS 9.8 | This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ve… |
| CVE-2025-3118 | CVE-2025-3118 CVSS 9.8 | A vulnerability was found in SourceCodester Online Tutor Portal 1.0. It has been classified as critical. This affects an unknown part of the file /tutor/course… |
| CVE-2025-31170 | CVE-2025-31170 CVSS 9.1 | Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentialit… |
| CVE-2025-31161 | CrushFTP Authentication Bypass Vulnerability KEVCVSS 9.8CrushFTP | CrushFTP contains an authentication bypass vulnerability in the HTTP authorization header that allows a remote unauthenticated attacker to authenticate to any … |
| CVE-2025-3115 | CVE-2025-3115 CVSS 9.8 | Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions. Additionally, insufficie… |
| CVE-2025-31116 | CVE-2025-31116 CVSS 9.8 | Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The m… |
| CVE-2025-31100 | CVE-2025-31100 CVSS 9.9 | Unrestricted Upload of File with Dangerous Type vulnerability in Mojoomla School Management allows Upload a Web Shell to a Web Server.This issue affects School… |
| CVE-2025-31095 | CVE-2025-31095 CVSS 9.8 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Hossein Material Dashboard material-dashboard allows Authentication Bypass.This issue… |
| CVE-2025-31087 | CVE-2025-31087 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in silverplugins217 Multiple Shipping And Billing Address For Woocommerce different-shipping-and-billing-addres… |
| CVE-2025-31084 | CVE-2025-31084 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Object Injection.This issue affects Sunshin… |
| CVE-2025-31069 | CVE-2025-31069 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in themeton HotStar – Multi-Purpose Business Theme allows Object Injection. This issue affects HotStar – Multi-… |
| CVE-2025-31059 | CVE-2025-31059 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in woobewoo WBW Product Table PRO woo-producttables-pro allo… |
| CVE-2025-31056 | CVE-2025-31056 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Techspawn WhatsCart - Whatsapp Abandoned Cart Recovery, O… |
| CVE-2025-31052 | CVE-2025-31052 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in themeton The Fashion - Model Agency One Page Beauty Theme nrgfashion allows Object Injection.This issue affe… |
| CVE-2025-31049 | CVE-2025-31049 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in themeton Dash allows Object Injection. This issue affects Dash: from n/a through 1.3. |
| CVE-2025-31048 | CVE-2025-31048 CVSS 9.9 | Unrestricted Upload of File with Dangerous Type vulnerability in Themify Shopo allows Upload a Web Shell to a Web Server.This issue affects Shopo: from n/a thr… |
| CVE-2025-31039 | CVE-2025-31039 CVSS 9.1 | Improper Restriction of XML External Entity Reference vulnerability in pixelgrade Category Icon category-icon allows XML Entity Linking.This issue affects Cate… |
| CVE-2025-31033 | CVE-2025-31033 CVSS 9.8 | Cross-Site Request Forgery (CSRF) vulnerability in Adam Nowak Buddypress Humanity buddypress-humanity allows Cross Site Request Forgery.This issue affects Budd… |
| CVE-2025-31022 | CVE-2025-31022 CVSS 9.8 | Authentication Bypass Using an Alternate Path or Channel vulnerability in PayU India PayU India payu-india allows Authentication Abuse.This issue affects PayU … |
| CVE-2025-31002 | CVE-2025-31002 CVSS 9.1 | Unrestricted Upload of File with Dangerous Type vulnerability in Bogdan Bendziukov Squeeze squeeze allows Using Malicious Files.This issue affects Squeeze: fro… |
| CVE-2025-30996 | CVE-2025-30996 CVSS 9.9 | Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Sidepane WordPress Theme, Themify Themify Newsy, Themify Themify Folo, Themify… |
| CVE-2025-30985 | CVE-2025-30985 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in kagla GNUCommerce gnucommerce allows Object Injection.This issue affects GNUCommerce: from n/a through <= 1.… |
| CVE-2025-30973 | CVE-2025-30973 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in Codexpert, Inc CoSchool LMS coschool allows Object Injection.This issue affects CoSchool LMS: from n/a throu… |
| CVE-2025-30971 | CVE-2025-30971 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xavi Ivars XV Random Quotes xv-random-quotes allows SQL I… |
| CVE-2025-30967 | CVE-2025-30967 CVSS 9.6 | Cross-Site Request Forgery (CSRF) vulnerability in NotFound WPJobBoard allows Upload a Web Shell to a Web Server. This issue affects WPJobBoard: from n/a throu… |
| CVE-2025-30949 | CVE-2025-30949 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in Guru Team Site Chat on Telegram site-chat-on-telegram allows Object Injection.This issue affects Site Chat o… |
| CVE-2025-30936 | CVE-2025-30936 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Torod Company for Information Technology Torod torod allo… |
| CVE-2025-30933 | CVE-2025-30933 CVSS 10.0 | Unrestricted Upload of File with Dangerous Type vulnerability in LiquidThemes LogisticsHub logistics-hub allows Upload a Web Shell to a Web Server.This issue a… |
| CVE-2025-30911 | CVE-2025-30911 CVSS 9.9 | Improper Control of Generation of Code ('Code Injection') vulnerability in Rometheme RTMKit rometheme-for-elementor allows Command Injection.This issue affects… |
| CVE-2025-30886 | CVE-2025-30886 CVSS 10.0 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Help Desk js-support-ticket allows SQL Injecti… |
| CVE-2025-30878 | CVE-2025-30878 CVSS 9.1 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in JoomSky JS Help Desk js-support-ticket allows Path Traversal.Th… |
| CVE-2025-30876 | CVE-2025-30876 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded allo… |
| CVE-2025-30870 | CVE-2025-30870 CVSS 9.8 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Travel Engine WP Travel Engine wp-t… |
| CVE-2025-3085 | CVE-2025-3085 CVSS 9.8 | A MongoDB server under specific conditions running on Linux with TLS and CRL revocation status checking enabled, fails to check the revocation status of the in… |
| CVE-2025-30849 | CVE-2025-30849 CVSS 9.8 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Essential Real Estate essentia… |
| CVE-2025-30841 | CVE-2025-30841 CVSS 9.9 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in adamskaat Countdown & Clock countdown-builder allows Remote Cod… |
| CVE-2025-30807 | CVE-2025-30807 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Martin Nguyen Next-Cart Store to WooCommerce Migration ne… |
| CVE-2025-30774 | CVE-2025-30774 CVSS 9.8 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ays Pro Quiz Maker quiz-maker allows SQL Injection.This i… |
| CVE-2025-30727 | CVE-2025-30727 CVSS 9.8 | Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: iSurvey Module). Supported versions that are affected are 12.2.3-12.2.14.… |
| CVE-2025-3065 | CVE-2025-3065 CVSS 9.1 | The Database Toolset plugin is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and includin… |
| CVE-2025-30633 | CVE-2025-30633 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team Amazon Native Shopping Recommendations allows SQL… |
| CVE-2025-30622 | CVE-2025-30622 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in torsteino PostMash postmash-custom allows SQL Injection.T… |
| CVE-2025-30618 | CVE-2025-30618 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in yuliaz Rapyd Payment Extension for WooCommerce rapyd-payments allows Object Injection.This issue affects Rap… |
| CVE-2025-30615 | CVE-2025-30615 CVSS 9.6 | Cross-Site Request Forgery (CSRF) vulnerability in Jacob Schwartz WP e-Commerce Style Email wp-e-commerce-style-email allows Code Injection.This issue affects … |
| CVE-2025-30580 | CVE-2025-30580 CVSS 10.0 | Improper Control of Generation of Code ('Code Injection') vulnerability in kellydiek DigiWidgets Image Editor digiwidgets-image-editor allows Remote Code Inclu… |