33,486 indexed
CVECVE vulnerabilities
33,486 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 6,601–6,650 of 8,314 in Critical · page 133 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-26898 | CVE-2025-26898 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler traveler.This issue affects Traveler:… |
| CVE-2025-26892 | CVE-2025-26892 CVSS 9.9 | Unrestricted Upload of File with Dangerous Type vulnerability in dkszone Celestial Aura allows Using Malicious Files.This issue affects Celestial Aura: from n/… |
| CVE-2025-2689 | CVE-2025-2689 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in yiisoft Yii2 up to 2.0.45. Affected by this issue is the function getIterator of the file … |
| CVE-2025-26875 | CVE-2025-26875 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in silverplugins217 Multiple Shipping And Billing Address Fo… |
| CVE-2025-26873 | CVE-2025-26873 CVSS 9.0 | Deserialization of Untrusted Data vulnerability in shinetheme Traveler traveler.This issue affects Traveler: from n/a through < 3.2.1. |
| CVE-2025-26872 | CVE-2025-26872 CVSS 9.9 | Unrestricted Upload of File with Dangerous Type vulnerability in dkszone Eximius allows Using Malicious Files.This issue affects Eximius: from n/a through 2.2. |
| CVE-2025-2687 | CVE-2025-2687 CVSS 9.8 | A vulnerability classified as critical has been found in PHPGurukul eLearning System 1.0. Affected is an unknown function of the file /user/index.php of the co… |
| CVE-2025-26855 | CVE-2025-26855 CVSS 9.8 | A SQL injection in Articles Calendar extension 1.0.0 - 1.0.1.0007 for Joomla allows attackers to execute arbitrary SQL commands. |
| CVE-2025-26854 | CVE-2025-26854 CVSS 9.8 | A SQL injection in Articles Good Search extension 1.0.0 - 1.2.4.0011 for Joomla allows attackers to execute arbitrary SQL commands. |
| CVE-2025-26853 | CVE-2025-26853 CVSS 9.8 | DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 has a broken authorization schema. |
| CVE-2025-26852 | CVE-2025-26852 CVSS 9.8 | DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 allows SQL Injection. |
| CVE-2025-26850 | CVE-2025-26850 CVSS 9.3 | The agent in Quest KACE Systems Management Appliance (SMA) before 14.0.97 and 14.1.x before 14.1.19 potentially allows privilege escalation on managed systems. |
| CVE-2025-26846 | CVE-2025-26846 CVSS 9.8 | An issue was discovered in Znuny before 7.1.4. Permissions are not checked properly when using the Generic Interface to update ticket metadata. |
| CVE-2025-26845 | CVE-2025-26845 CVSS 9.8 | An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the configuration file can use this to execute a command executed by… |
| CVE-2025-26844 | CVE-2025-26844 CVSS 9.8 | An issue was discovered in Znuny through 7.1.3. A cookie is set without the HttpOnly flag. |
| CVE-2025-2684 | CVE-2025-2684 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in PHPGurukul Bank Locker Management System 1.0. This issue affects some unknown processing o… |
| CVE-2025-2683 | CVE-2025-2683 CVSS 9.8 | A vulnerability classified as critical was found in PHPGurukul Bank Locker Management System 1.0. This vulnerability affects unknown code of the file /profile.… |
| CVE-2025-2682 | CVE-2025-2682 CVSS 9.8 | A vulnerability classified as critical has been found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file /edit-subadmin.… |
| CVE-2025-26818 | CVE-2025-26818 CVSS 9.8 | Netwrix Password Secure through 9.2 allows command injection. |
| CVE-2025-26817 | CVE-2025-26817 CVSS 9.8 | Netwrix Password Secure 9.2.0.32454 allows OS command injection. |
| CVE-2025-2681 | CVE-2025-2681 CVSS 9.8 | A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality … |
| CVE-2025-2680 | CVE-2025-2680 CVSS 9.8 | A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown funct… |
| CVE-2025-26794 | CVE-2025-26794 CVSS 9.8 | Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. (Resolving SQL injection requires an update to 4.99.1 … |
| CVE-2025-2679 | CVE-2025-2679 CVSS 9.8 | A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /con… |
| CVE-2025-2678 | CVE-2025-2678 CVSS 9.8 | A vulnerability was found in PHPGurukul Bank Locker Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /c… |
| CVE-2025-26776 | CVE-2025-26776 CVSS 10.0 | Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Chaty Pro allows Upload a Web Shell to a Web Server. This issue affects Chaty Pro: fr… |
| CVE-2025-2677 | CVE-2025-2677 CVSS 9.8 | A vulnerability has been found in PHPGurukul Bank Locker Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file … |
| CVE-2025-26763 | CVE-2025-26763 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in MetaSlider Responsive Slider by MetaSlider ml-slider allows Object Injection.This issue affects Responsive S… |
| CVE-2025-2676 | CVE-2025-2676 CVSS 9.8 | A vulnerability, which was classified as critical, was found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file /add-sub… |
| CVE-2025-2675 | CVE-2025-2675 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in PHPGurukul Bank Locker Management System 1.0. Affected by this issue is some unknown funct… |
| CVE-2025-2674 | CVE-2025-2674 CVSS 9.8 | A vulnerability classified as critical was found in PHPGurukul Bank Locker Management System 1.0. Affected by this vulnerability is an unknown functionality of… |
| CVE-2025-26701 | CVE-2025-26701 CVSS 10.0 | An issue was discovered in Percona PMM Server (OVA) before 3.0.0-1.ova. The default service account credentials can lead to SSH access, use of Sudo to root, an… |
| CVE-2025-26689 | CVE-2025-26689 CVSS 9.8 | Direct request ('Forced Browsing') issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If a remote attacker sends a specially crafted HTTP request… |
| CVE-2025-26683 | CVE-2025-26683 CVSS 9.8 | Improper authorization in Azure Playwright allows an unauthorized attacker to elevate privileges over a network. |
| CVE-2025-2665 | CVE-2025-2665 CVSS 9.8 | A vulnerability was found in PHPGurukul Online Security Guards Hiring System 1.0. It has been classified as critical. This affects an unknown part of the file … |
| CVE-2025-2663 | CVE-2025-2663 CVSS 9.8 | A vulnerability has been found in PHPGurukul Bank Locker Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functio… |
| CVE-2025-26623 | CVE-2025-26623 CVSS 9.8 | Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A heap buffer overflow was found in… |
| CVE-2025-26617 | CVE-2025-26617 CVSS 9.8 | WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA appli… |
| CVE-2025-26613 | CVE-2025-26613 CVSS 9.8 | WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. An OS Command Injection vulnerability was discovered in the WeG… |
| CVE-2025-26612 | CVE-2025-26612 CVSS 9.8 | WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA appli… |
| CVE-2025-26611 | CVE-2025-26611 CVSS 9.8 | WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA appli… |
| CVE-2025-26610 | CVE-2025-26610 CVSS 9.8 | WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA appli… |
| CVE-2025-2661 | CVE-2025-2661 CVSS 9.8 | A vulnerability was found in Project Worlds Online Time Table Generator 1.0 and classified as critical. This issue affects some unknown processing of the file … |
| CVE-2025-26609 | CVE-2025-26609 CVSS 9.8 | WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA appli… |
| CVE-2025-26608 | CVE-2025-26608 CVSS 9.8 | WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA appli… |
| CVE-2025-26607 | CVE-2025-26607 CVSS 9.8 | WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA appli… |
| CVE-2025-26606 | CVE-2025-26606 CVSS 9.8 | WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA appli… |
| CVE-2025-2660 | CVE-2025-2660 CVSS 9.8 | A vulnerability has been found in Project Worlds Online Time Table Generator 1.0 and classified as critical. This vulnerability affects unknown code of the fil… |
| CVE-2025-2659 | CVE-2025-2659 CVSS 9.8 | A vulnerability, which was classified as critical, was found in Project Worlds Online Time Table Generator 1.0. This affects an unknown part of the file /stude… |
| CVE-2025-2658 | CVE-2025-2658 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in PHPGurukul Online Security Guards Hiring System 1.0. Affected by this issue is some unknow… |