33,486 indexed
CVECVE vulnerabilities
33,486 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 6,951–7,000 of 8,314 in Critical · page 140 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-23243 | CVE-2025-23243 CVSS 9.1 | NVIDIA Riva contains a vulnerability where a user could cause an improper access control issue. A successful exploit of this vulnerability might lead to data t… |
| CVE-2025-23242 | CVE-2025-23242 CVSS 9.8 | NVIDIA Riva contains a vulnerability where a user could cause an improper access control issue. A successful exploit of this vulnerability might lead to escala… |
| CVE-2025-23220 | CVE-2025-23220 CVSS 9.8 | WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the We… |
| CVE-2025-2322 | CVE-2025-2322 CVSS 9.8 | A vulnerability was found in 274056675 springboot-openai-chatgpt e84f6f5. It has been classified as critical. This affects an unknown part of the file /chatgpt… |
| CVE-2025-23219 | CVE-2025-23219 CVSS 9.8 | WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the We… |
| CVE-2025-23218 | CVE-2025-23218 CVSS 9.8 | WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the We… |
| CVE-2025-23211 | CVE-2025-23211 CVSS 9.9 | Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. A Jinja2 SSTI vulnerability allows any user to execute com… |
| CVE-2025-2320 | CVE-2025-2320 CVSS 9.8 | A vulnerability has been found in 274056675 springboot-openai-chatgpt e84f6f5 and classified as critical. Affected by this vulnerability is the function submit… |
| CVE-2025-23123 | CVE-2025-23123 CVSS 10.0 | A malicious actor with access to the management network could execute a remote code execution (RCE) by exploiting a heap buffer overflow vulnerability in the U… |
| CVE-2025-23116 | CVE-2025-23116 CVSS 9.6 | An Authentication Bypass vulnerability on UniFi Protect Application with Auto-Adopt Bridge Devices enabled could allow a malicious actor with access to UniFi P… |
| CVE-2025-23115 | CVE-2025-23115 CVSS 9.0 | A Use After Free vulnerability on UniFi Protect Cameras could allow a Remote Code Execution (RCE) by a malicious actor with access to UniFi Protect Cameras man… |
| CVE-2025-23114 | CVE-2025-23114 CVSS 9.0 | A vulnerability in Veeam Updater component allows Man-in-the-Middle attackers to execute arbitrary code on the affected server. This issue occurs due to a fail… |
| CVE-2025-2311 | CVE-2025-2311 CVSS 9.0 | Incorrect Use of Privileged APIs, Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in Sechard Information Te… |
| CVE-2025-23099 | CVE-2025-23099 CVSS 9.1 | An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length check leads to out-of-bounds writes. |
| CVE-2025-23097 | CVE-2025-23097 CVSS 9.1 | An issue was discovered in Samsung Mobile Processor Exynos 1380. The lack of a length check leads to out-of-bounds writes. |
| CVE-2025-23061 | CVE-2025-23061 CVSS 9.8 | Mongoose before 8.9.5 can improperly use a nested $where filter with a populate() match, leading to search injection. NOTE: this issue exists because of an inc… |
| CVE-2025-23048 | CVE-2025-23048 CVSS 9.1 | In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session re… |
| CVE-2025-23045 | CVE-2025-23045 CVSS 9.8 | Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. An attacker with an account on an affected CVAT i… |
| CVE-2025-23016 | CVE-2025-23016 CVSS 9.3 | FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to… |
| CVE-2025-23006 | SonicWall SMA1000 Appliances Deserialization Vulnerability KEVCVSS 9.8SonicWall | SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC) contain a deserialization of untrusted data vulnerability, which can … |
| CVE-2025-22992 | CVE-2025-22992 CVSS 9.8 | A SQL Injection vulnerability exists in the /feed/insert.json endpoint of the Emoncms project >= 11.6.9. The vulnerability is caused by improper handling of us… |
| CVE-2025-22978 | CVE-2025-22978 CVSS 9.8 | eladmin <=2.7 is vulnerable to CSV Injection in the exception log download module. |
| CVE-2025-22974 | CVE-2025-22974 CVSS 9.8 | SQL Injection vulnerability in SeaCMS v.13.2 and before allows a remote attacker to execute arbitrary code via the DoTranExecSql parameter in the phome.php com… |
| CVE-2025-22968 | CVE-2025-22968 CVSS 9.8 | An issue in D-Link DWR-M972V 1.05SSG allows a remote attacker to execute arbitrary code via SSH using root account without restrictions |
| CVE-2025-22957 | CVE-2025-22957 CVSS 9.8 | A SQL injection vulnerability exists in the front-end of the website in ZZCMS <= 2023, which can be exploited without any authentication. This vulnerability co… |
| CVE-2025-22956 | CVE-2025-22956 CVSS 9.8 | OPSI before 4.3 allows any client to retrieve any ProductPropertyState, including those of other clients. This can lead to privilege escalation if any ProductP… |
| CVE-2025-22954 | CVE-2025-22954 CVSS 10.0 | GetLateOrMissingIssues in C4/Serials.pm in Koha before 24.11.02 allows SQL Injection in /serials/lateissues-export.pl via the supplierid or serialid parameter. |
| CVE-2025-22953 | CVE-2025-22953 CVSS 9.8 | A SQL injection vulnerability exists in Epicor HCM 2021 1.9, with patches available: 5.16.0.1033/HCM2022, 5.17.0.1146/HCM2023, and 5.18.0.573/HCM2024. The inje… |
| CVE-2025-22952 | CVE-2025-22952 CVSS 9.8 | elestio memos v0.23.0 is vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation of user-supplied URLs, which can be exploited to perfo… |
| CVE-2025-22949 | CVE-2025-22949 CVSS 9.8 | Tenda ac9 v1.0 firmware v15.03.05.19 is vulnerable to command injection in /goform/SetSambaCfg, which may lead to remote arbitrary code execution. |
| CVE-2025-22946 | CVE-2025-22946 CVSS 9.8 | Tenda ac9 v1.0 firmware v15.03.05.19 contains a stack overflow vulnerability in /goform/SetOnlineDevName, which may lead to remote arbitrary code execution. |
| CVE-2025-22941 | CVE-2025-22941 CVSS 9.8 | A command injection vulnerability in the web interface of Adtran 411 ONT L80.00.0011.M2 allows attackers to escalate privileges to root and execute arbitrary c… |
| CVE-2025-22940 | CVE-2025-22940 CVSS 9.1 | Incorrect access control in Adtran 411 ONT L80.00.0011.M2 allows unauthorized attackers to arbitrarily set the admin password. |
| CVE-2025-2294 | CVE-2025-2294 CVSS 9.8 | The Kubio AI Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.1 via thekubio_hybrid_theme_load… |
| CVE-2025-22939 | CVE-2025-22939 CVSS 9.8 | A command injection vulnerability in the telnet service of Adtran 411 ONT L80.00.0011.M2 allows attackers to escalate privileges to root and execute arbitrary … |
| CVE-2025-22938 | CVE-2025-22938 CVSS 9.8 | Adtran 411 ONT L80.00.0011.M2 was discovered to contain weak default passwords. |
| CVE-2025-22937 | CVE-2025-22937 CVSS 9.8 | An issue in Adtran 411 ONT vL80.00.0011.M2 allows attackers to escalate privileges via unspecified vectors. |
| CVE-2025-22930 | CVE-2025-22930 CVSS 9.8 | OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the groupid parameter at /messaging/Group.php. |
| CVE-2025-22929 | CVE-2025-22929 CVSS 9.8 | OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the filter_id parameter at /students/StudentFilters.php. |
| CVE-2025-22928 | CVE-2025-22928 CVSS 9.8 | OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the cp_id parameter at /modules/messages/Inbox.php. |
| CVE-2025-22927 | CVE-2025-22927 CVSS 9.1 | An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal by sending a crafted POST request to /Modules.php?modname=messagi… |
| CVE-2025-22926 | CVE-2025-22926 CVSS 9.8 | An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal by sending a crafted POST request to /Modules.php?modname=messagi… |
| CVE-2025-22916 | CVE-2025-22916 CVSS 9.8 | RE11S v1.11 was discovered to contain a stack overflow via the pppUserName parameter in the formPPPoESetup function. |
| CVE-2025-22913 | CVE-2025-22913 CVSS 9.8 | RE11S v1.11 was discovered to contain a stack overflow via the rootAPmac parameter in the formStaDrvSetup function. |
| CVE-2025-22912 | CVE-2025-22912 CVSS 9.8 | RE11S v1.11 was discovered to contain a command injection vulnerability via the component /goform/formAccept. |
| CVE-2025-2291 | CVE-2025-2291 CVSS 9.8 | Password can be used past expiry in PgBouncer due to auth_query not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with… |
| CVE-2025-22907 | CVE-2025-22907 CVSS 9.8 | RE11S v1.11 was discovered to contain a stack overflow via the selSSID parameter in the formWlSiteSurvey function. |
| CVE-2025-22906 | CVE-2025-22906 CVSS 9.8 | RE11S v1.11 was discovered to contain a command injection vulnerability via the L2TPUserName parameter at /goform/setWAN. |
| CVE-2025-22905 | CVE-2025-22905 CVSS 9.8 | RE11S v1.11 was discovered to contain a command injection vulnerability via the command parameter at /goform/mp. |
| CVE-2025-22904 | CVE-2025-22904 CVSS 9.8 | RE11S v1.11 was discovered to contain a stack overflow via the pptpUserName parameter in the setWAN function. |