32,772 indexed
CVECVE vulnerabilities
32,772 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 6,501–6,550 of 8,314 in Critical · page 131 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-27670 | CVE-2025-27670 CVSS 9.8 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Insufficient Signature Validation OVE-20230524-0014. |
| CVE-2025-2767 | CVE-2025-2767 CVSS 9.6 | Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on… |
| CVE-2025-27668 | CVE-2025-27668 CVSS 9.8 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Arbitrary Content Inclusion via Iframe OVE-20230524-00… |
| CVE-2025-27667 | CVE-2025-27667 CVSS 9.8 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Administrative User Email Enumeration OVE-20230524-001… |
| CVE-2025-27666 | CVE-2025-27666 CVSS 9.8 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Insufficient Authorization Checks OVE-20230524-0010. |
| CVE-2025-27665 | CVE-2025-27665 CVSS 9.8 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Insufficient Antivirus Protection and thus drivers can… |
| CVE-2025-27663 | CVE-2025-27663 CVSS 9.8 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Weak Password Encryption / Encoding OVE-20230524-0007. |
| CVE-2025-27662 | CVE-2025-27662 CVSS 9.8 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Password in URL OVE-20230524-0005. |
| CVE-2025-27661 | CVE-2025-27661 CVSS 9.1 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Session Fixation OVE-20230524-0004. |
| CVE-2025-27659 | CVE-2025-27659 CVSS 9.8 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows SQL Injection OVE-20230524-0002. |
| CVE-2025-27658 | CVE-2025-27658 CVSS 9.8 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Authentication Bypass OVE-20230524-0001. |
| CVE-2025-27657 | CVE-2025-27657 CVSS 9.8 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Remote Code Execution V-2023-008. |
| CVE-2025-27656 | CVE-2025-27656 CVSS 9.8 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Password Stored in Process List V-2023-011. |
| CVE-2025-27655 | CVE-2025-27655 CVSS 9.8 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Server-Side Request Forgery: CPA v1 V-2023-009. |
| CVE-2025-27652 | CVE-2025-27652 CVSS 9.8 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Server-Side Request Forgery: rfIDEAS V-2023-015. |
| CVE-2025-27651 | CVE-2025-27651 CVSS 9.8 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Server-Side Request Forgery: Elatec V-2023-014. |
| CVE-2025-27650 | CVE-2025-27650 CVSS 9.8 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Private Keys in Docker Overlay V-2023-013. |
| CVE-2025-27649 | CVE-2025-27649 CVSS 9.8 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.893 Application 20.0.2140 allows Incorrect Access Control: PHP V-2023-016. |
| CVE-2025-27648 | CVE-2025-27648 CVSS 9.8 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.913 Application 20.0.2253 allows Cross Tenant Password Exposure V-2024-003. |
| CVE-2025-27647 | CVE-2025-27647 CVSS 9.8 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.913 Application 20.0.2253 allows Addition of Partial Admin Users Without Authentication… |
| CVE-2025-27646 | CVE-2025-27646 CVSS 9.8 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.913 Application 20.0.2253 allows Edit User Account Exposure V-2024-001. |
| CVE-2025-27645 | CVE-2025-27645 CVSS 9.8 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Insecure Extension Installation by Trusting HTTP Permi… |
| CVE-2025-27643 | CVE-2025-27643 CVSS 9.8 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Hardcoded AWS API Key V-2024-006. |
| CVE-2025-27642 | CVE-2025-27642 CVSS 9.8 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Unauthenticated Driver Package Editing V-2024-008. |
| CVE-2025-27641 | CVE-2025-27641 CVSS 9.8 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.951 Application 20.0.2368 allows Unauthenticated APIs for Single-Sign On V-2024-009. |
| CVE-2025-27640 | CVE-2025-27640 CVSS 9.8 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.1002 Application 20.0.2614 allows SQL Injection V-2024-012. |
| CVE-2025-27638 | CVE-2025-27638 CVSS 9.8 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.1002 Application 20.0.2614 allows Hardcoded Password V-2024-013. |
| CVE-2025-27603 | CVE-2025-27603 CVSS 9.1 | XWiki Confluence Migrator Pro helps admins to import confluence packages into their XWiki instance. A user that doesn't have programming rights can execute arb… |
| CVE-2025-27595 | CVE-2025-27595 CVSS 9.8 | The device uses a weak hashing alghorithm to create the password hash. Hence, a matching password can be easily calculated by an attacker. This impacts the sec… |
| CVE-2025-27593 | CVE-2025-27593 CVSS 9.3 | The product can be used to distribute malicious code using SDD Device Drivers due to missing download verification checks, leading to code execution on target … |
| CVE-2025-27590 | CVE-2025-27590 CVSS 9.8 | In oxidized-web (aka Oxidized Web) before 0.15.0, the RANCID migration page allows an unauthenticated user to gain control over the Linux user account that is … |
| CVE-2025-27583 | CVE-2025-27583 CVSS 9.1 | Incorrect access control in the component /rest/staffResource/findAllUsersAcrossOrg of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) Eag… |
| CVE-2025-27558 | CVE-2025-27558 CVSS 9.1 | IEEE P802.11-REVme D1.1 through D7.0 allows FragAttacks against mesh networks. In mesh networks using Wi-Fi Protected Access (WPA, WPA2, or WPA3) or Wired Equi… |
| CVE-2025-27554 | CVE-2025-27554 CVSS 9.9 | ToDesktop before 2024-10-03, as used by Cursor before 2024-10-03 and other applications, allows remote attackers to execute arbitrary commands on the build ser… |
| CVE-2025-27540 | CVE-2025-27540 CVSS 9.8 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the … |
| CVE-2025-27539 | CVE-2025-27539 CVSS 9.8 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the … |
| CVE-2025-27531 | CVE-2025-27531 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 before 2.1.0, this issue would allow an aut… |
| CVE-2025-27528 | CVE-2025-27528 CVSS 9.1 | Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability allows att… |
| CVE-2025-27520 | CVE-2025-27520 CVSS 9.8 | BentoML is a Python library for building online serving systems optimized for AI apps and model inference. A Remote Code Execution (RCE) vulnerability caused b… |
| CVE-2025-27515 | CVE-2025-27515 CVSS 9.8 | Laravel is a web application framework. When using wildcard validation to validate a given file or image field (`files.*`), a user-crafted malicious request co… |
| CVE-2025-27507 | CVE-2025-27507 CVSS 9.0 | The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. ZITADEL's Admin API contains Insecure Dir… |
| CVE-2025-27495 | CVE-2025-27495 CVSS 9.8 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the … |
| CVE-2025-2747 | Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability KEVCVSS 9.8Kentico | Kentico Xperience CMS contains an authentication bypass using an alternate path or channel vulnerability that could allow an attacker to control administrative… |
| CVE-2025-27466 | CVE-2025-27466 CVSS 9.8 | [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are multiple issues rel… |
| CVE-2025-2746 | Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability KEVCVSS 9.8Kentico | Kentico Xperience CMS contains an authentication bypass using an alternate path or channel vulnerability that could allow an attacker to control administrative… |
| CVE-2025-27456 | CVE-2025-27456 CVSS 9.8 | The SMB server's login mechanism does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it… |
| CVE-2025-27449 | CVE-2025-27449 CVSS 9.8 | The MEAC300-FNADE4 does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible t… |
| CVE-2025-27429 | CVE-2025-27429 CVSS 9.9 | SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbit… |
| CVE-2025-27407 | CVE-2025-27407 CVSS 9.0 | graphql-ruby is a Ruby implementation of GraphQL. Starting in version 1.11.5 and prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21… |
| CVE-2025-2739 | CVE-2025-2739 CVSS 9.8 | A vulnerability was found in PHPGurukul Old Age Home Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the fi… |