33,486 indexed
CVECVE vulnerabilities
33,486 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 6,551–6,600 of 8,314 in Critical · page 132 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-2738 | CVE-2025-2738 CVSS 9.8 | A vulnerability was found in PHPGurukul Old Age Home Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the fi… |
| CVE-2025-27378 | CVE-2025-27378 CVSS 9.8 | AES contains a SQL injection vulnerability due to an inactive configuration that prevents the latest SQL parsing logic from being applied. When this configurat… |
| CVE-2025-2737 | CVE-2025-2737 CVSS 9.8 | A vulnerability was found in PHPGurukul Old Age Home Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin… |
| CVE-2025-27364 | CVE-2025-27364 CVSS 10.0 | In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a Remote Code Execution (RCE) vulnerability was found in the dynamic agent (implant) compilation funct… |
| CVE-2025-2736 | CVE-2025-2736 CVSS 9.8 | A vulnerability was found in PHPGurukul Old Age Home Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of … |
| CVE-2025-2735 | CVE-2025-2735 CVSS 9.8 | A vulnerability has been found in PHPGurukul Old Age Home Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functi… |
| CVE-2025-2734 | CVE-2025-2734 CVSS 9.8 | A vulnerability, which was classified as critical, was found in PHPGurukul Old Age Home Management System 1.0. Affected is an unknown function of the file /adm… |
| CVE-2025-27302 | CVE-2025-27302 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Claudio Adrian Marrero CHATLIVE chatlive allows SQL Injec… |
| CVE-2025-27287 | CVE-2025-27287 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in ssvadim SS Quiz ssquiz allows Object Injection.This issue affects SS Quiz: from n/a through <= 2.0.5. |
| CVE-2025-27286 | CVE-2025-27286 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in saoshyant1994 Saoshyant Slider saoshyant-slider allows Object Injection.This issue affects Saoshyant Slider:… |
| CVE-2025-27282 | CVE-2025-27282 CVSS 9.9 | Unrestricted Upload of File with Dangerous Type vulnerability in rockgod100 Theme File Duplicator theme-file-duplicator allows Using Malicious Files.This issue… |
| CVE-2025-27270 | CVE-2025-27270 CVSS 9.8 | Missing Authorization vulnerability in enituretechnology Residential Address Detection residential-address-detection allows Privilege Escalation.This issue aff… |
| CVE-2025-27268 | CVE-2025-27268 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in enituretechnology Small Package Quotes – Worldwide Expres… |
| CVE-2025-27261 | CVE-2025-27261 CVSS 9.8 | Ericsson Indoor Connect 8855 contains an SQL injection vulnerability which if exploited can result in unauthorized disclosure or modification of data. |
| CVE-2025-27258 | CVE-2025-27258 CVSS 9.8 | Ericsson Network Manager (ENM) versions prior to ENM 25.1 GA contain a vulnerability, if exploited, can result in an escalation of privilege. |
| CVE-2025-27224 | CVE-2025-27224 CVSS 9.8 | TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/fileupload endpoint to upload files. However, the application doesn't properly sanitize the inp… |
| CVE-2025-27217 | CVE-2025-27217 CVSS 9.1 | A Server-Side Request Forgery (SSRF) in the UISP Application may allow a malicious actor with certain permissions to make requests outside of UISP Application … |
| CVE-2025-27214 | CVE-2025-27214 CVSS 9.8 | A Missing Authentication for Critical Function vulnerability in the UniFi Connect EV Station Pro may allow a malicious actor with physical or adjacent access t… |
| CVE-2025-27212 | CVE-2025-27212 CVSS 9.8 | An Improper Input Validation in certain UniFi Access devices could allow a Command Injection by a malicious actor with access to UniFi Access management networ… |
| CVE-2025-27203 | CVE-2025-27203 CVSS 9.6 | Adobe Connect versions 24.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could lead to arbitrary code execution by an att… |
| CVE-2025-27154 | CVE-2025-27154 CVSS 9.8 | Spotipy is a lightweight Python library for the Spotify Web API. The `CacheHandler` class creates a cache file to store the auth token. Prior to version 2.25.1… |
| CVE-2025-27151 | CVE-2025-27151 CVSS 9.8 | Redis is an open source, in-memory database that persists on disk. In versions starting from 7.0.0 to before 8.0.2, a stack-based buffer overflow exists in red… |
| CVE-2025-27140 | CVE-2025-27140 CVSS 9.8 | WeGIA is a Web manager for charitable institutions. An OS Command Injection vulnerability was discovered in versions prior to 3.2.15 of the WeGIA application, … |
| CVE-2025-27138 | CVE-2025-27138 CVSS 9.8 | DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, there is a flaw in the authentication in the io.dataease… |
| CVE-2025-27135 | CVE-2025-27135 CVSS 9.8 | RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. Versions 0.15.1 and prior are vulnerable to SQL injection. The ExeSQL component extracts… |
| CVE-2025-27129 | CVE-2025-27129 CVSS 9.8 | An authentication bypass vulnerability exists in the HTTP authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted HTTP request can le… |
| CVE-2025-27105 | CVE-2025-27105 CVSS 9.1 | vyper is a Pythonic Smart Contract Language for the EVM. Vyper handles AugAssign statements by first caching the target location to avoid double evaluation. Ho… |
| CVE-2025-27096 | CVE-2025-27096 CVSS 9.8 | WeGIA is a Web Manager for Institutions with a focus on Portuguese language. A SQL Injection vulnerability was discovered in the WeGIA application, personaliza… |
| CVE-2025-2708 | CVE-2025-2708 CVSS 9.1 | A vulnerability, which was classified as critical, was found in zhijiantianya ruoyi-vue-pro 2.4.1. This affects an unknown part of the file /admin-api/infra/fi… |
| CVE-2025-27071 | CVE-2025-27071 CVSS 9.8 | Memory corruption while processing specific files in Powerline Communication Firmware. |
| CVE-2025-2707 | CVE-2025-2707 CVSS 9.1 | A vulnerability, which was classified as critical, has been found in zhijiantianya ruoyi-vue-pro 2.4.1. Affected by this issue is some unknown functionality of… |
| CVE-2025-27034 | CVE-2025-27034 CVSS 9.8 | Memory corruption while selecting the PLMN from SOR failed list. |
| CVE-2025-27020 | CVE-2025-27020 CVSS 9.8 | Improper configuration of the SSH service in Infinera MTC-9 allows an unauthenticated attacker to execute arbitrary commands and access data on file system . … |
| CVE-2025-27019 | CVE-2025-27019 CVSS 9.8 | Remote shell service (RSH) in Infinera MTC-9 version R22.1.1.0275 allows an attacker to utilize password-less user accounts and obtain system access by activ… |
| CVE-2025-2701 | CVE-2025-2701 CVSS 9.8 | A vulnerability classified as critical was found in AMTT Hotel Broadband Operation System 1.0. This vulnerability affects the function popen of the file /manag… |
| CVE-2025-27007 | CVE-2025-27007 CVSS 9.8 | Incorrect Privilege Assignment vulnerability in Brainstorm Force OttoKit suretriggers allows Privilege Escalation.This issue affects OttoKit: from n/a through … |
| CVE-2025-26974 | CVE-2025-26974 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPExperts.io WP Multistore Locator wp-multi-store-locator… |
| CVE-2025-26971 | CVE-2025-26971 CVSS 9.8 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ays Pro Poll Maker poll-maker allows Blind SQL Injection.… |
| CVE-2025-26970 | CVE-2025-26970 CVSS 9.8 | Improper Control of Generation of Code ('Code Injection') vulnerability in FRESHFACE Ark Theme Core ark-core allows Code Injection.This issue affects Ark Theme… |
| CVE-2025-2697 | CVE-2025-2697 CVSS 9.3 | IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victi… |
| CVE-2025-26966 | CVE-2025-26966 CVSS 9.8 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Aldo Latino PrivateContent private-content.This issue affects PrivateContent: from n/… |
| CVE-2025-26943 | CVE-2025-26943 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jürgen Müller Easy Quotes easy-quotes allows Blind SQL In… |
| CVE-2025-26941 | CVE-2025-26941 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in andy_moyle Church Admin church-admin allows SQL Injection… |
| CVE-2025-26936 | CVE-2025-26936 CVSS 10.0 | Improper Control of Generation of Code ('Code Injection') vulnerability in FRESHFACE Fresh Framework fresh-framework allows Code Injection.This issue affects F… |
| CVE-2025-26927 | CVE-2025-26927 CVSS 10.0 | Unrestricted Upload of File with Dangerous Type vulnerability in LiquidThemes AI Hub aihub allows Upload a Web Shell to a Web Server.This issue affects AI Hub:… |
| CVE-2025-26916 | CVE-2025-26916 CVSS 9.0 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Pixflow Massive Dynamic massive-dynami… |
| CVE-2025-2691 | CVE-2025-2691 CVSS 9.1 | Versions of the package nossrf before 1.0.4 are vulnerable to Server-Side Request Forgery (SSRF) where an attacker can provide a hostname that resolves to a lo… |
| CVE-2025-26909 | CVE-2025-26909 CVSS 9.8 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in John Darrel Hide My WP Ghost hide-my-w… |
| CVE-2025-26900 | CVE-2025-26900 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in flexmls Flexmls® IDX flexmls-idx allows Object Injection.This issue affects Flexmls® IDX: from n/a through <… |
| CVE-2025-2690 | CVE-2025-2690 CVSS 9.8 | A vulnerability, which was classified as critical, was found in yiisoft Yii2 up to 2.0.39. This affects the function Generate of the file phpunit\src\Framework… |