32,772 indexed
CVECVE vulnerabilities
32,772 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 6,451–6,500 of 8,314 in Critical · page 130 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-28100 | CVE-2025-28100 CVSS 9.8 | A SQL Injection vulnerability in dingfanzuCMS v.1.0 allows a attacker to execute arbitrary code via not filtering the content correctly at the "operateOrder.ph… |
| CVE-2025-28091 | CVE-2025-28091 CVSS 9.1 | maccms10 v2025.1000.4047 has a Server-Side Request Forgery (SSRF) vulnerability via Add Article. |
| CVE-2025-28090 | CVE-2025-28090 CVSS 9.1 | maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) in the Collection Custom Interface feature. |
| CVE-2025-28089 | CVE-2025-28089 CVSS 9.1 | maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) via the Scheduled Task function. |
| CVE-2025-28087 | CVE-2025-28087 CVSS 9.8 | Sourcecodester Online Exam System 1.0 is vulnerable to SQL Injection via dash.php. |
| CVE-2025-28056 | CVE-2025-28056 CVSS 9.8 | rebuild v3.9.0 through v3.9.3 has a SQL injection vulnerability in /admin/admin-cli/exec component. |
| CVE-2025-28039 | CVE-2025-28039 CVSS 9.8 | TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-auth remote command execution vulnerability in the setUpgradeFW function through the FileNa… |
| CVE-2025-28038 | CVE-2025-28038 CVSS 9.8 | TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-auth remote command execution vulnerability in the setWebWlanIdx function through the webWl… |
| CVE-2025-28037 | CVE-2025-28037 CVSS 9.8 | TOTOLINK A810R V4.1.2cu.5182_B20201026 and A950RG V4.1.2cu.5161_B20200903 were found to contain a pre-auth remote command execution vulnerability in the setDia… |
| CVE-2025-28036 | CVE-2025-28036 CVSS 9.8 | TOTOLINK A950RG V4.1.2cu.5161_B20200903 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeU… |
| CVE-2025-28035 | CVE-2025-28035 CVSS 9.8 | TOTOLINK A830R V4.1.2cu.5182_B20201102 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUr… |
| CVE-2025-28034 | CVE-2025-28034 CVSS 9.8 | TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201… |
| CVE-2025-28024 | CVE-2025-28024 CVSS 9.8 | TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in the cstecgi.cgi |
| CVE-2025-28009 | CVE-2025-28009 CVSS 9.8 | A SQL Injection vulnerability exists in the `u` parameter of the progress-body-weight.php endpoint of Dietiqa App v1.0.20. |
| CVE-2025-2798 | CVE-2025-2798 CVSS 9.8 | The Woffice CRM theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.4.21. This is due to a misconfiguration of e… |
| CVE-2025-27925 | CVE-2025-27925 CVSS 9.8 | Nintex Automation 5.6 and 5.7 before 5.8 has insecure deserialization of user input. |
| CVE-2025-27918 | CVE-2025-27918 CVSS 9.8 | An issue was discovered in AnyDesk for Windows before 9.0.5, AnyDesk for macOS before 9.0.1, AnyDesk for Linux before 7.0.0, AnyDesk for iOS before 7.1.2, and … |
| CVE-2025-27909 | CVE-2025-27909 CVSS 9.8 | IBM Concert Software 1.0.0 through 1.1.0 uses cross-origin resource sharing (CORS) which could allow an attacker to carry out privileged actions as the domain … |
| CVE-2025-27891 | CVE-2025-27891 CVSS 9.1 | An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, W920, … |
| CVE-2025-27851 | CVE-2025-27851 CVSS 9.3garmin | The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a cross-site origin WebSocket hijacking attack. Among other uses, the WDU utilizes W… |
| CVE-2025-27845 | CVE-2025-27845 CVSS 9.8 | In ESPEC North America Web Controller 3 before 3.3.4, /api/v4/auth/ with any invalid authentication request results in exposing a JWT secret. This allows for e… |
| CVE-2025-27837 | CVE-2025-27837 CVSS 9.8 | An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur through a truncated path with invalid UTF-8 characters, for … |
| CVE-2025-27836 | CVE-2025-27836 CVSS 9.8 | An issue was discovered in Artifex Ghostscript before 10.05.0. The BJ10V device has a Print buffer overflow in contrib/japanese/gdev10v.c. |
| CVE-2025-27832 | CVE-2025-27832 CVSS 9.8 | An issue was discovered in Artifex Ghostscript before 10.05.0. The NPDL device has a Compression buffer overflow for contrib/japanese/gdevnpdl.c. |
| CVE-2025-27831 | CVE-2025-27831 CVSS 9.8 | An issue was discovered in Artifex Ghostscript before 10.05.0. The DOCXWRITE TXTWRITE device has a text buffer overflow via long characters to devices/vector/d… |
| CVE-2025-27816 | CVE-2025-27816 CVSS 9.8 | A vulnerability was discovered in the Arctera InfoScale 7.0 through 8.0.2 where a .NET remoting endpoint can be exploited due to the insecure deserialization o… |
| CVE-2025-27807 | CVE-2025-27807 CVSS 9.1 | An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, … |
| CVE-2025-27797 | CVE-2025-27797 CVSS 9.8 | OS command injection vulnerability in the specific service exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, an arbitrary OS command may be executed … |
| CVE-2025-27796 | CVE-2025-27796 CVSS 9.8 | ReadWPGImage in WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation, resulting in out-of-bounds access to heap memory in ReadBlob. |
| CVE-2025-27786 | CVE-2025-27786 CVSS 9.1 | Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file removal in core.py. `output_tts_path` in tts.py takes arbit… |
| CVE-2025-27783 | CVE-2025-27783 CVSS 9.8 | Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file write in train.py. This issue may lead to writing arbitrary… |
| CVE-2025-27782 | CVE-2025-27782 CVSS 9.8 | Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file write in inference.py. This issue may lead to writing arbit… |
| CVE-2025-27781 | CVE-2025-27781 CVSS 9.8 | Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in inference.py. `model_file` in inference.py as we… |
| CVE-2025-27780 | CVE-2025-27780 CVSS 9.8 | Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in model_information.py. `model_name` in model_info… |
| CVE-2025-27779 | CVE-2025-27779 CVSS 9.8 | Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in `model_blender.py` lines 20 and 21. `model_fusio… |
| CVE-2025-27778 | CVE-2025-27778 CVSS 9.8 | Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in `infer.py`. The issue can lead to remote code ex… |
| CVE-2025-2777 | CVE-2025-2777 CVSS 9.8 | SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the lshw processing functionality, allowing… |
| CVE-2025-2776 | SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability KEVCVSS 9.8SysAid | SysAid On-Prem contains an improper restriction of XML external entity reference vulnerability in the Server URL processing functionality, allowing for adminis… |
| CVE-2025-27724 | CVE-2025-27724 CVSS 9.8 | A privilege escalation vulnerability exists in the login.php functionality of meddream MedDream PACS Premium 7.3.3.840. A specially crafted .php file can lead … |
| CVE-2025-27690 | CVE-2025-27690 CVSS 9.8 | Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.0, contains a use of default password vulnerability. An unauthenticated attacker with remote access coul… |
| CVE-2025-27682 | CVE-2025-27682 CVSS 9.8 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330 allows Insecure Log Permissions V-2022-005. |
| CVE-2025-27681 | CVE-2025-27681 CVSS 9.8 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330 mishandles Client Inter-process Security V-2022-004. |
| CVE-2025-27680 | CVE-2025-27680 CVSS 9.1 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.750 Application 20.0.1442 allows Insecure Firmware Image with Insufficient Verification … |
| CVE-2025-27678 | CVE-2025-27678 CVSS 9.8 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Client Remote Code Execution V-2023-001. |
| CVE-2025-27677 | CVE-2025-27677 CVSS 9.8 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Symbolic Links For Unprivileged File Interaction V-202… |
| CVE-2025-27675 | CVE-2025-27675 CVSS 9.8 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Vulnerable OpenID Implementation V-2023-004. |
| CVE-2025-27674 | CVE-2025-27674 CVSS 9.8 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Hardcoded IdP Key V-2023-006. |
| CVE-2025-27673 | CVE-2025-27673 CVSS 9.1 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Cookie Returned in Response Body OVE-20230524-0017. |
| CVE-2025-27672 | CVE-2025-27672 CVSS 9.8 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows OAUTH Security Bypass OVE-20230524-0016. |
| CVE-2025-27671 | CVE-2025-27671 CVSS 9.8 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Device Impersonation OVE-20230524-0015. |