33,486 indexed
CVECVE vulnerabilities
33,486 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 6,651–6,700 of 8,314 in Critical · page 134 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-2657 | CVE-2025-2657 CVSS 9.8 | A vulnerability classified as critical was found in projectworlds Apartment Visitors Management System 1.0. Affected by this vulnerability is an unknown functi… |
| CVE-2025-2656 | CVE-2025-2656 CVSS 9.8 | A vulnerability classified as critical has been found in PHPGurukul Zoo Management System 2.1. Affected is an unknown function of the file /admin/login.php. Th… |
| CVE-2025-2655 | CVE-2025-2655 CVSS 9.8 | A vulnerability was detected in SourceCodester AC Repair and Services System 1.0. The affected element is the function save_users/delete_users of the file /cla… |
| CVE-2025-2654 | CVE-2025-2654 CVSS 9.8 | A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been classified as critical. This affects an unknown part of the file /ad… |
| CVE-2025-26535 | CVE-2025-26535 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CodeSolz Bitcoin / AltCoin Payment Gateway for WooCommerc… |
| CVE-2025-26533 | CVE-2025-26533 CVSS 9.8 | An SQL injection risk was identified in the module list filter within course search. |
| CVE-2025-26520 | CVE-2025-26520 CVSS 9.8 | Cacti through 1.2.29 allows SQL injection in the template function in host_templates.php via the graph_template parameter. NOTE: this issue exists because of a… |
| CVE-2025-26512 | CVE-2025-26512 CVSS 9.9 | SnapCenter versions prior to 6.0.1P1 and 6.1P1 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin … |
| CVE-2025-26508 | CVE-2025-26508 CVSS 9.8 | Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privi… |
| CVE-2025-26507 | CVE-2025-26507 CVSS 9.8 | Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privi… |
| CVE-2025-26506 | CVE-2025-26506 CVSS 9.8 | Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privi… |
| CVE-2025-26496 | CVE-2025-26496 CVSS 9.3 | Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Salesforce Tableau Server, Tableau Desktop on Windows, Linux (File Upload module… |
| CVE-2025-26492 | CVE-2025-26492 CVSS 9.1 | In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resources |
| CVE-2025-2649 | CVE-2025-2649 CVSS 9.8 | A vulnerability classified as critical was found in PHPGurukul Doctor Appointment Management System 1.0. This vulnerability affects unknown code of the file /c… |
| CVE-2025-2648 | CVE-2025-2648 CVSS 9.8 | A vulnerability classified as critical has been found in PHPGurukul Art Gallery Management System 1.0. This affects an unknown part of the file /admin/view-enq… |
| CVE-2025-2647 | CVE-2025-2647 CVSS 9.8 | A vulnerability was found in PHPGurukul Art Gallery Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality … |
| CVE-2025-26469 | CVE-2025-26469 CVSS 9.8 | An incorrect default permissions vulnerability exists in the CServerSettings::SetRegistryValues functionality of MedDream PACS Premium 7.3.3.840. A specially … |
| CVE-2025-2646 | CVE-2025-2646 CVSS 9.8 | A vulnerability was found in PHPGurukul Art Gallery Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown funct… |
| CVE-2025-2644 | CVE-2025-2644 CVSS 9.8 | A vulnerability was found in PHPGurukul Art Gallery Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /a… |
| CVE-2025-2643 | CVE-2025-2643 CVSS 9.8 | A vulnerability has been found in PHPGurukul Art Gallery Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file … |
| CVE-2025-2642 | CVE-2025-2642 CVSS 9.8 | A vulnerability, which was classified as critical, was found in PHPGurukul Art Gallery Management System 1.0. This affects an unknown part of the file /admin/e… |
| CVE-2025-26416 | CVE-2025-26416 CVSS 9.8 | In initializeSwizzler of SkBmpStandardCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of… |
| CVE-2025-26410 | CVE-2025-26410 CVSS 9.8 | The firmware of all Wattsense Bridge devices contain the same hard-coded user and root credentials. The user password can be easily recovered via password crac… |
| CVE-2025-2641 | CVE-2025-2641 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in PHPGurukul Art Gallery Management System 1.0. Affected by this issue is some unknown funct… |
| CVE-2025-2640 | CVE-2025-2640 CVSS 9.8 | A vulnerability was found in PHPGurukul Doctor Appointment Management System 1.0 and classified as critical. This issue affects some unknown processing of the … |
| CVE-2025-26399 | SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability KEVCVSS 9.8SolarWinds | SolarWinds Web Help Desk contain a deserialization of untrusted data vulnerability in AjaxProxy that could allow an attacker to run commands on the host machin… |
| CVE-2025-26390 | CVE-2025-26390 CVSS 9.8 | A vulnerability has been identified in OZW672 (All versions < V6.0), OZW772 (All versions < V6.0). The web service of affected devices is vulnerable to SQL inj… |
| CVE-2025-26389 | CVE-2025-26389 CVSS 9.8 | A vulnerability has been identified in OZW672 (All versions < V8.0), OZW772 (All versions < V8.0). The web service in affected devices does not sanitize the in… |
| CVE-2025-26361 | CVE-2025-26361 CVSS 9.1 | A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauth… |
| CVE-2025-26359 | CVE-2025-26359 CVSS 9.8 | A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an una… |
| CVE-2025-26347 | CVE-2025-26347 CVSS 9.8 | A CWE-306 "Missing Authentication for Critical Function" in maxprofile/menu/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthe… |
| CVE-2025-26345 | CVE-2025-26345 CVSS 9.8 | A CWE-306 "Missing Authentication for Critical Function" in maxprofile/menu/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthe… |
| CVE-2025-26344 | CVE-2025-26344 CVSS 9.8 | A CWE-306 "Missing Authentication for Critical Function" in maxprofile/guest-mode/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an u… |
| CVE-2025-26342 | CVE-2025-26342 CVSS 9.8 | A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an una… |
| CVE-2025-26341 | CVE-2025-26341 CVSS 9.8 | A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an una… |
| CVE-2025-26339 | CVE-2025-26339 CVSS 9.8 | A CWE-306 "Missing Authentication for Critical Function" in maxtime/handleRoute.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenti… |
| CVE-2025-26336 | CVE-2025-26336 CVSS 9.8 | Dell Chassis Management Controller Firmware for Dell PowerEdge FX2, version(s) prior to 2.40.200.202101130302, and Dell Chassis Management Controller Firmware … |
| CVE-2025-26325 | CVE-2025-26325 CVSS 9.8 | ShopXO 6.4.0 is vulnerable to File Upload in ThemeDataService.php. |
| CVE-2025-26319 | CVE-2025-26319 CVSS 9.8 | FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments. |
| CVE-2025-2628 | CVE-2025-2628 CVSS 9.8 | A vulnerability, which was classified as critical, was found in PHPGurukul Art Gallery Management System 1.1. Affected is an unknown function of the file /art-… |
| CVE-2025-2627 | CVE-2025-2627 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in PHPGurukul Art Gallery Management System 1.0. This issue affects some unknown processing o… |
| CVE-2025-2626 | CVE-2025-2626 CVSS 9.8 | A vulnerability classified as critical was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. This vulnerability affects unknown code o… |
| CVE-2025-2621 | CVE-2025-2621 CVSS 9.8 | A vulnerability was found in D-Link DAP-1620 1.03 and classified as critical. This issue affects the function check_dws_cookie of the file /storage. The manipu… |
| CVE-2025-26206 | CVE-2025-26206 CVSS 9.0 | Cross Site Request Forgery vulnerability in sell done storefront v.1.0 allows a remote attacker to escalate privileges via the index.html component |
| CVE-2025-26201 | CVE-2025-26201 CVSS 9.1 | Credential disclosure vulnerability via the /staff route in GreaterWMS <= 2.1.49 allows a remote unauthenticated attackers to bypass authentication and escalat… |
| CVE-2025-2620 | CVE-2025-2620 CVSS 9.8 | A vulnerability has been found in D-Link DAP-1620 1.03 and classified as critical. This vulnerability affects the function mod_graph_auth_uri_handler of the fi… |
| CVE-2025-26199 | CVE-2025-26199 CVSS 9.8 | CloudClassroom-PHP-Project v1.0 is affected by an insecure credential transmission vulnerability. The application transmits passwords over unencrypted HTTP dur… |
| CVE-2025-26198 | CVE-2025-26198 CVSS 9.8 | CloudClassroom-PHP-Project v1.0 contains a critical SQL Injection vulnerability in the loginlinkadmin.php component. The application fails to sanitize user-sup… |
| CVE-2025-2619 | CVE-2025-2619 CVSS 9.8 | A vulnerability, which was classified as critical, was found in D-Link DAP-1620 1.03. This affects the function check_dws_cookie of the file /storage of the co… |
| CVE-2025-2618 | CVE-2025-2618 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in D-Link DAP-1620 1.03. Affected by this issue is the function set_ws_action of the file /dw… |