32,772 indexed
CVECVE vulnerabilities
32,772 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 6,251–6,300 of 8,314 in Critical · page 126 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-30528 | CVE-2025-30528 CVSS 9.3 | Cross-Site Request Forgery (CSRF) vulnerability in wpshopee Awesome Logos awesome-logos allows SQL Injection.This issue affects Awesome Logos: from n/a through… |
| CVE-2025-30524 | CVE-2025-30524 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in origincode Product Catalog displayproduct allows SQL Inje… |
| CVE-2025-30519 | CVE-2025-30519 CVSS 9.8 | Dover Fueling Solutions ProGauge MagLink LX4 Devices have default root credentials that cannot be changed through standard administrative means. An attacker w… |
| CVE-2025-30510 | CVE-2025-30510 CVSS 9.8 | An attacker can upload an arbitrary file instead of a plant image. |
| CVE-2025-30475 | CVE-2025-30475 CVSS 9.8 | Dell PowerScale InsightIQ, versions 5.0 through 5.2, contains an improper privilege management vulnerability. An unauthenticated attacker with remote access co… |
| CVE-2025-30472 | CVE-2025-30472 CVSS 9.8 | Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in ex… |
| CVE-2025-30466 | CVE-2025-30466 CVSS 9.8 | This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4. A w… |
| CVE-2025-30465 | CVE-2025-30465 CVSS 9.8 | A permissions issue was addressed with improved validation. This issue is fixed in iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sequoia 15.7.2, macOS Sonoma 14.7.5… |
| CVE-2025-30462 | CVE-2025-30462 CVSS 9.8 | A library injection issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. App… |
| CVE-2025-30461 | CVE-2025-30461 CVSS 9.8 | An access issue was addressed with additional sandbox restrictions on the system pasteboards. This issue is fixed in macOS Sequoia 15.4. An app may be able to … |
| CVE-2025-30458 | CVE-2025-30458 CVSS 9.8 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4. An app may be able to read files outside of its sand… |
| CVE-2025-30457 | CVE-2025-30457 CVSS 9.8 | This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A maliciou… |
| CVE-2025-30452 | CVE-2025-30452 CVSS 9.8 | The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An input validation issue w… |
| CVE-2025-3045 | CVE-2025-3045 CVSS 9.8 | A vulnerability, which was classified as critical, was found in oretnom23/SourceCodester Apartment Visitor Management System 1.0. Affected is an unknown functi… |
| CVE-2025-30448 | CVE-2025-30448 CVSS 9.1 | This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.4, macOS Sonoma 1… |
| CVE-2025-30444 | CVE-2025-30444 CVSS 9.8 | A race condition was addressed with improved locking. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. Mounting a maliciou… |
| CVE-2025-30436 | CVE-2025-30436 CVSS 9.1 | This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.4 and iPadOS 18.4. An attacker may be able to use Sir… |
| CVE-2025-30433 | CVE-2025-30433 CVSS 9.8 | This issue was addressed with improved access restrictions. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14… |
| CVE-2025-30430 | CVE-2025-30430 CVSS 9.8 | This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4, watchOS 11.4. Pa… |
| CVE-2025-30426 | CVE-2025-30426 CVSS 9.8 | This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, vis… |
| CVE-2025-30424 | CVE-2025-30424 CVSS 9.8 | A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. Deleting a co… |
| CVE-2025-3042 | CVE-2025-3042 CVSS 9.8 | A vulnerability classified as critical was found in Project Worlds Online Time Table Generator 1.0. This vulnerability affects unknown code of the file /studen… |
| CVE-2025-30416 | CVE-2025-30416 CVSS 10.0 | Sensitive data disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before … |
| CVE-2025-30412 | CVE-2025-30412 CVSS 10.0 | Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) befor… |
| CVE-2025-30411 | CVE-2025-30411 CVSS 10.0 | Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) befor… |
| CVE-2025-30410 | CVE-2025-30410 CVSS 9.8 | Sensitive data disclosure and manipulation due to missing authentication. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS,… |
| CVE-2025-3041 | CVE-2025-3041 CVSS 9.8 | A vulnerability classified as critical has been found in Project Worlds Online Time Table Generator 1.0. This affects an unknown part of the file /admin/update… |
| CVE-2025-30406 | Gladinet CentreStack and Triofox Use of Hard-coded Cryptographic Key Vulnerability KEVCVSS 9.8Gladinet | Gladinet CentreStack and Triofox contains a use of hard-coded cryptographic key vulnerability in the way that the application manages keys used for ViewState i… |
| CVE-2025-30405 | CVE-2025-30405 CVSS 9.8 | An integer overflow vulnerability in the loading of ExecuTorch models can cause objects to be placed outside their allocated memory area, potentially resulting… |
| CVE-2025-30404 | CVE-2025-30404 CVSS 9.8 | An integer overflow vulnerability in the loading of ExecuTorch models can cause overlapping allocations, potentially resulting in code execution or other undes… |
| CVE-2025-3040 | CVE-2025-3040 CVSS 9.8 | A vulnerability was found in Project Worlds Online Time Table Generator 1.0. It has been rated as critical. Affected by this issue is some unknown functionalit… |
| CVE-2025-30392 | CVE-2025-30392 CVSS 9.8 | Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network. |
| CVE-2025-30389 | CVE-2025-30389 CVSS 9.8 | Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network. |
| CVE-2025-30387 | CVE-2025-30387 CVSS 9.8 | Improper limitation of a pathname to a restricted directory ('path traversal') in Azure allows an unauthorized attacker to elevate privileges over a network. |
| CVE-2025-30372 | CVE-2025-30372 CVSS 9.8 | Emlog is an open source website building system. Emlog Pro versions pro-2.5.7 and pro-2.5.8 contain an SQL injection vulnerability. `search_controller.php` doe… |
| CVE-2025-30367 | CVE-2025-30367 CVSS 9.8 | WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.2.6 in the nextPage parameter of the /W… |
| CVE-2025-30365 | CVE-2025-30365 CVSS 9.8 | WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.2.8 in the endpoint /WeGIA/html/socio/s… |
| CVE-2025-30364 | CVE-2025-30364 CVSS 9.8 | WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.2.8 in the endpoint /WeGIA/html/funcion… |
| CVE-2025-30361 | CVE-2025-30361 CVSS 9.8 | WeGIA is a Web manager for charitable institutions. A security vulnerability was identified in versions prior to 3.2.6, where it is possible to change a user's… |
| CVE-2025-30356 | CVE-2025-30356 CVSS 9.8 | CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between … |
| CVE-2025-30282 | CVE-2025-30282 CVSS 9.1 | ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Authentication vulnerability that could result in arbitrary code execution… |
| CVE-2025-30281 | CVE-2025-30281 CVSS 9.1 | ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution… |
| CVE-2025-30223 | CVE-2025-30223 CVSS 9.6 | Beego is an open-source web framework for the Go programming language. Prior to 2.3.6, a Cross-Site Scripting (XSS) vulnerability exists in Beego's RenderForm(… |
| CVE-2025-30220 | CVE-2025-30220 CVSS 9.1 | GeoServer is an open source server that allows users to share and edit geospatial data. GeoTools Schema class use of Eclipse XSD library to represent schema da… |
| CVE-2025-30216 | CVE-2025-30216 CVSS 9.1 | CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between … |
| CVE-2025-30215 | CVE-2025-30215 CVSS 9.6 | NATS-Server is a High-Performance server for NATS.io, the cloud and edge native messaging system. In versions starting from 2.2.0 but prior to 2.10.27 and 2.11… |
| CVE-2025-30206 | CVE-2025-30206 CVSS 9.8 | Dpanel is a Docker visualization panel system which provides complete Docker management functions. The Dpanel service contains a hardcoded JWT secret in its de… |
| CVE-2025-30201 | CVE-2025-30201 CVSS 9.1 | Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to version 4.13.0, a vulnerability in Wazuh Agent allows au… |
| CVE-2025-30184 | CVE-2025-30184 CVSS 9.8 | CyberData 011209 Intercom could allow an unauthenticated user access to the Web Interface through an alternate path. |
| CVE-2025-30171 | CVE-2025-30171 CVSS 9.0 | System File Deletion vulnerabilities in ASPECT provide attackers access to delete system files if session administrator credentials become compromised. This is… |