33,486 indexed
CVECVE vulnerabilities
33,486 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 6,701–6,750 of 8,314 in Critical · page 135 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-26163 | CVE-2025-26163 CVSS 9.8 | CM Soluces Informatica Ltda Auto Atendimento 1.x.x was discovered to contain a SQL injection via the CPF parameter. |
| CVE-2025-26155 | CVE-2025-26155 CVSS 9.8 | NCP Secure Enterprise Client 13.18 and NCP Secure Entry Windows Client 13.19 have an Untrusted Search Path vulnerability. |
| CVE-2025-26136 | CVE-2025-26136 CVSS 9.8 | A SQL injection vulnerability exists in mysiteforme versions prior to 2025.01.1. |
| CVE-2025-26074 | CVE-2025-26074 CVSS 9.8 | Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes. |
| CVE-2025-26063 | CVE-2025-26063 CVSS 9.8 | An issue in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows unauthenticated attackers to execute arbitrary code via injecting a crafted payload into the ESSI… |
| CVE-2025-26062 | CVE-2025-26062 CVSS 9.8 | An access control issue in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows unauthenticated attackers to access the router's settings file and obtain potentia… |
| CVE-2025-26014 | CVE-2025-26014 CVSS 9.8 | A Remote Code Execution (RCE) vulnerability in Loggrove v.1.0 allows a remote attacker to execute arbitrary code via the path parameter. |
| CVE-2025-26011 | CVE-2025-26011 CVSS 9.8 | Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setUsernamePassword. |
| CVE-2025-26010 | CVE-2025-26010 CVSS 9.8 | Telesquare TLR-2005KSH 1.1.4 allows unauthorized password modification when requesting the admin.cgi parameter with setUserNamePassword. |
| CVE-2025-26008 | CVE-2025-26008 CVSS 9.8 | In Telesquare TLR-2005KSH 1.1.4, an unauthorized stack overflow vulnerability exists when requesting admin.cgi parameter with setSyncTimeHost. |
| CVE-2025-26007 | CVE-2025-26007 CVSS 9.8 | Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability in the login interface when requesting systemtil.cgi. |
| CVE-2025-26006 | CVE-2025-26006 CVSS 9.8 | Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setAutorest. |
| CVE-2025-26005 | CVE-2025-26005 CVSS 9.8 | Telesquare TLR-2005KSH 1.1.4 is vulnerable to unauthorized stack overflow vulnerability when requesting admin.cgi parameter with setNtp. |
| CVE-2025-26004 | CVE-2025-26004 CVSS 9.8 | Telesquare TLR-2005KSH 1.1.4 is vulnerable to unauthorized stack buffer overflow vulnerability when requesting admin.cgi parameter with setDdns. |
| CVE-2025-26003 | CVE-2025-26003 CVSS 9.8 | Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized command execution vulnerability when requesting the admin.cgi parameter with setAutorest. |
| CVE-2025-26002 | CVE-2025-26002 CVSS 9.8 | Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setSyncTimeHost. |
| CVE-2025-25977 | CVE-2025-25977 CVSS 9.8 | An issue in canvg v.4.0.2 allows an attacker to execute arbitrary code via the Constructor of the class StyleElement. |
| CVE-2025-25962 | CVE-2025-25962 CVSS 9.8 | An issue in Coresmartcontracts Uniswap v.3.0 and fixed in v.4.0 allows a remote attacker to escalate privileges via the _modifyPosition function |
| CVE-2025-25948 | CVE-2025-25948 CVSS 9.1 | Incorrect access control in the component /rest/staffResource/create of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 al… |
| CVE-2025-25940 | CVE-2025-25940 CVSS 9.8 | VisiCut 2.1 allows code execution via Insecure XML Deserialization in the loadPlfFile method of VisicutModel.java. |
| CVE-2025-25914 | CVE-2025-25914 CVSS 9.8 | SQL injection vulnerability in Online Exam Mastering System v.1.0 allows a remote attacker to execute arbitrary code via the fid parameter |
| CVE-2025-2589 | CVE-2025-2589 CVSS 9.8 | A vulnerability was found in code-projects Human Resource Management System 1.0.1 and classified as critical. This issue affects the function Index of the file… |
| CVE-2025-25790 | CVE-2025-25790 CVSS 9.8 | An arbitrary file upload vulnerability in the component \controller\LocalTemplate.php of FoxCMS v1.2.5 allows attackers to execute arbitrary code via uploading… |
| CVE-2025-25789 | CVE-2025-25789 CVSS 9.8 | FoxCMS v1.2.5 was discovered to contain a remote code execution (RCE) vulnerability via the index() method at \controller\Sitemap.php. |
| CVE-2025-25785 | CVE-2025-25785 CVSS 9.1 | JizhiCMS v2.5.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the component \c\PluginsController.php. This vulnerability allows attackers … |
| CVE-2025-25784 | CVE-2025-25784 CVSS 9.8 | An arbitrary file upload vulnerability in the component \c\TemplateController.php of Jizhicms v2.5.4 allows attackers to execute arbitrary code via uploading a… |
| CVE-2025-25783 | CVE-2025-25783 CVSS 9.8 | An arbitrary file upload vulnerability in the component admin\plugin.php of Emlog Pro v2.5.3 allows attackers to execute arbitrary code via uploading a crafted… |
| CVE-2025-25775 | CVE-2025-25775 CVSS 9.8 | Codeastro Bus Ticket Booking System v1.0 is vulnerable to SQL injection via the kodetiket parameter in /BusTicket-CI/tiket/cekorder. |
| CVE-2025-25763 | CVE-2025-25763 CVSS 9.8 | crmeb CRMEB-KY v5.4.0 and before has a SQL Injection vulnerability at getRead() in /system/SystemDatabackupServices.php |
| CVE-2025-25746 | CVE-2025-25746 CVSS 9.8 | D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the Password parameter in the SetWanSettings module. |
| CVE-2025-25744 | CVE-2025-25744 CVSS 9.8 | D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the Password parameter in the SetDynamicDNSSettings modul… |
| CVE-2025-25742 | CVE-2025-25742 CVSS 9.8 | D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the AccountPassword parameter in the SetSysEmailSettings … |
| CVE-2025-25686 | CVE-2025-25686 CVSS 9.8 | semcms <=5.0 is vulnerable to SQL Injection in SEMCMS_Fuction.php. |
| CVE-2025-25678 | CVE-2025-25678 CVSS 9.8 | Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the funcpara1 parameter in the formSetCfm function. |
| CVE-2025-25676 | CVE-2025-25676 CVSS 9.8 | Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the list parameter in the formwrlSSIDset function. |
| CVE-2025-25675 | CVE-2025-25675 CVSS 9.8 | Tenda AC10 V1.0 V15.03.06.23 has a command injection vulnerablility located in the formexeCommand function. The str variable receives the cmdinput parameter fr… |
| CVE-2025-25674 | CVE-2025-25674 CVSS 9.8 | Tenda AC10 V1.0 V15.03.06.23 is vulnerable to Buffer Overflow in form_fast_setting_wifi_set via the parameter ssid. |
| CVE-2025-2567 | CVE-2025-2567 CVSS 9.8 | An attacker could modify or disable settings, disrupt fuel monitoring and supply chain operations, leading to disabling of ATG monitoring. This would result … |
| CVE-2025-25668 | CVE-2025-25668 CVSS 9.8 | Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in the sub_47D878 function. |
| CVE-2025-25667 | CVE-2025-25667 CVSS 9.8 | Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the urls parameter in the function get_parentControl_list_Info. |
| CVE-2025-25664 | CVE-2025-25664 CVSS 9.8 | Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in the sub_49E098 function. |
| CVE-2025-25663 | CVE-2025-25663 CVSS 9.8 | A vulnerability was found in Tenda AC8V4 V16.03.34.06. Affected is the function SUB_0046AC38 of the file /goform/WifiExtraSet. The manipulation of the argument… |
| CVE-2025-25662 | CVE-2025-25662 CVSS 9.8 | Tenda O4 V3.0 V1.0.0.10(2936) is vulnerable to Buffer Overflow in the function SafeSetMacFilter of the file /goform/setMacFilterList via the argument remark/ty… |
| CVE-2025-25650 | CVE-2025-25650 CVSS 9.1 | An issue in the storage of NFC card data in Dorset DG 201 Digital Lock H5_433WBSK_v2.2_220605 allows attackers to produce cloned NFC cards to bypass authentica… |
| CVE-2025-25632 | CVE-2025-25632 CVSS 9.8 | Tenda AC15 v15.03.05.19 is vulnerable to Command Injection via the handler function in /goform/telnet. |
| CVE-2025-25595 | CVE-2025-25595 CVSS 9.8 | A lack of rate limiting in the login page of Safe App version a3.0.9 allows attackers to bypass authentication via a brute force attack. |
| CVE-2025-25579 | CVE-2025-25579 CVSS 9.8 | TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Command Injection in /bin/boa via bandstr. |
| CVE-2025-25570 | CVE-2025-25570 CVSS 9.8 | Vue Vben Admin 2.10.1 allows unauthorized login to the backend due to an issue with hardcoded credentials. |
| CVE-2025-25568 | CVE-2025-25568 CVSS 9.8 | SoftEtherVPN 5.02.5187 is vulnerable to Use after Free in the Command.c file via the CheckNetworkAcceptThread function. NOTE: the Supplier disputes this becaus… |
| CVE-2025-25567 | CVE-2025-25567 CVSS 9.8 | SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in Internat.c via the UniToStrForSingleChars function. NOTE: the Supplier disputes this because the be… |