33,486 indexed
CVECVE vulnerabilities
33,486 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 7,001–7,050 of 8,314 in Critical · page 141 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-22900 | CVE-2025-22900 CVSS 9.8 | Totolink N600R v4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the macCloneMac parameter in the setWanConfig function. |
| CVE-2025-22884 | CVE-2025-22884 CVSS 9.8 | Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability that could allow an attacker to execute arbitrary code when… |
| CVE-2025-22883 | CVE-2025-22883 CVSS 9.8 | Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsin… |
| CVE-2025-22882 | CVE-2025-22882 CVSS 9.8 | Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability that could allow an attacker to leverage debugging logic to… |
| CVE-2025-22871 | CVE-2025-22871 CVSS 9.1 | The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server… |
| CVE-2025-22785 | CVE-2025-22785 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ComMotion Course Booking System course-booking-system all… |
| CVE-2025-22782 | CVE-2025-22782 CVSS 9.9 | Unrestricted Upload of File with Dangerous Type vulnerability in Web Ready Now WR Price List Manager For Woocommerce wr-price-list-for-woocommerce allows Uploa… |
| CVE-2025-22777 | CVE-2025-22777 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in StellarWP GiveWP give allows Object Injection.This issue affects GiveWP: from n/a through <= 3.19.3. |
| CVE-2025-22723 | CVE-2025-22723 CVSS 9.1 | Unrestricted Upload of File with Dangerous Type vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager barcode-scann… |
| CVE-2025-22699 | CVE-2025-22699 CVSS 9.0 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler Code traveler-code.This issue affects… |
| CVE-2025-2266 | CVE-2025-2266 CVSS 9.8 | The Checkout Mestres do WP for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to… |
| CVE-2025-22655 | CVE-2025-22655 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Caio Web Dev CWD – Stealth Links cwd-stealth-links allows… |
| CVE-2025-22654 | CVE-2025-22654 CVSS 10.0 | Unrestricted Upload of File with Dangerous Type vulnerability in kodeshpa Simplified simplified allows Using Malicious Files.This issue affects Simplified: fro… |
| CVE-2025-22630 | CVE-2025-22630 CVSS 9.9 | Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Marketing Fire Widget Options widget-options allows OS Com… |
| CVE-2025-2263 | CVE-2025-2263 CVSS 9.8 | During login to the web server in "Sante PACS Server.exe", OpenSSL function EVP_DecryptUpdate is called to decrypt the username and password. A fixed 0x80-byte… |
| CVE-2025-22612 | CVE-2025-22612 CVSS 10.0 | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.374, the missing authorization … |
| CVE-2025-22611 | CVE-2025-22611 CVSS 9.9 | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization … |
| CVE-2025-22609 | CVE-2025-22609 CVSS 10.0 | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization … |
| CVE-2025-22553 | CVE-2025-22553 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in dhananjaysingh Multiple Carousel multicarousel allows SQL… |
| CVE-2025-22542 | CVE-2025-22542 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ofek Nakar Virtual Bot virtual-bot allows Blind SQL Injec… |
| CVE-2025-22540 | CVE-2025-22540 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in seballero Emailing Subscription email-suscripcion allows … |
| CVE-2025-2253 | CVE-2025-2253 CVSS 9.8 | The IMITHEMES Listing plugin is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3. This is due to the plugin no… |
| CVE-2025-22526 | CVE-2025-22526 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in mywebtonet PHP/MySQL CPU performance statistics mywebtonet-performancestats allows Object Injection.This iss… |
| CVE-2025-22523 | CVE-2025-22523 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in scheduler Schedule schedule allows Blind SQL Injection.Th… |
| CVE-2025-22504 | CVE-2025-22504 CVSS 10.0 | Unrestricted Upload of File with Dangerous Type vulnerability in jumpdemand 4ECPS Web Forms 4ecps-webforms allows Upload a Web Shell to a Web Server.This issue… |
| CVE-2025-22470 | CVE-2025-22470 CVSS 9.8 | CL4/6NX Plus and CL4/6NX-J Plus (Japan model) with the firmware versions prior to 1.15.5-r1 allow crafted dangerous files to be uploaded. An arbitrary Lua scri… |
| CVE-2025-22466 | CVE-2025-22466 CVSS 9.6 | Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to obtain admin privileges… |
| CVE-2025-22462 | CVE-2025-22462 CVSS 9.8 | An authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch allows a remote unauthenti… |
| CVE-2025-22457 | Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability KEVCVSS 9.8Ivanti | Ivanti Connect Secure, Policy Secure, and ZTA Gateways contains a stack-based buffer overflow vulnerability that allows a remote unauthenticated attacker to ac… |
| CVE-2025-2244 | CVE-2025-2244 CVSS 9.8 | A vulnerability in the sendMailFromRemoteSource method in Emails.php as used in Bitdefender GravityZone Console unsafely uses php unserialize() on user-suppli… |
| CVE-2025-22435 | CVE-2025-22435 CVSS 9.8 | In avdt_msg_ind of avdt_msg.cc, there is a possible memory corruption due to type confusion. This could lead to paired device escalation of privilege with no a… |
| CVE-2025-22429 | CVE-2025-22429 CVSS 9.8 | In multiple locations, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege wit… |
| CVE-2025-22408 | CVE-2025-22408 CVSS 9.8 | In rfc_check_send_cmd of rfc_utils.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with… |
| CVE-2025-22403 | CVE-2025-22403 CVSS 9.8 | In sdp_snd_service_search_req of sdp_discovery.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code ex… |
| CVE-2025-22398 | CVE-2025-22398 CVSS 9.8 | Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A… |
| CVE-2025-2237 | CVE-2025-2237 CVSS 9.8 | The WP RealEstate plugin for WordPress, used by the Homeo theme, is vulnerable to privilege escalation in all versions up to, and including, 1.6.26. This is du… |
| CVE-2025-2232 | CVE-2025-2232 CVSS 9.8 | The Realteo - Real Estate Plugin by Purethemes plugin for WordPress, used by the Findeo Theme, is vulnerable to authentication bypass in all versions up to, an… |
| CVE-2025-22290 | CVE-2025-22290 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in enituretechnology LTL Freight Quotes – FreightQuote Editi… |
| CVE-2025-22289 | CVE-2025-22289 CVSS 9.8 | Missing Authorization vulnerability in enituretechnology LTL Freight Quotes – Unishippers Edition ltl-freight-quotes-unishippers-edition allows Exploiting Inco… |
| CVE-2025-22275 | CVE-2025-22275 CVSS 9.3 | iTerm2 3.5.6 through 3.5.10 before 3.5.11 sometimes allows remote attackers to obtain sensitive information from terminal commands by reading the /tmp/framer.t… |
| CVE-2025-22219 | CVE-2025-22219 CVSS 9.0 | VMware Aria Operations for Logs contains a stored cross-site scripting vulnerability. A malicious actor with non-administrative privileges may be able to injec… |
| CVE-2025-22204 | CVE-2025-22204 CVSS 9.8 | Improper control of generation of code in the sourcerer extension for Joomla in versions before 11.0.0 lead to a remote code execution vulnerability. |
| CVE-2025-2219 | CVE-2025-2219 CVSS 9.8 | A vulnerability was found in LoveCards LoveCardsV2 up to 2.3.2 and classified as critical. This issue affects some unknown processing of the file /api/upload/i… |
| CVE-2025-2218 | CVE-2025-2218 CVSS 9.8 | A vulnerability has been found in LoveCards LoveCardsV2 up to 2.3.2 and classified as critical. This vulnerability affects unknown code of the file /api/system… |
| CVE-2025-2217 | CVE-2025-2217 CVSS 9.8 | A vulnerability, which was classified as critical, was found in zzskzy Warehouse Refinement Management System 1.3. This affects the function ProcessRequest of … |
| CVE-2025-2216 | CVE-2025-2216 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in zzskzy Warehouse Refinement Management System 1.3. Affected by this issue is the function … |
| CVE-2025-22152 | CVE-2025-22152 CVSS 9.1 | Atheos is a self-hosted browser-based cloud IDE. Prior to v600, the $path and $target parameters are not properly validated across multiple components, allowin… |
| CVE-2025-22146 | CVE-2025-22146 CVSS 9.1 | Sentry is a developer-first error tracking and performance monitoring tool. A critical vulnerability was discovered in the SAML SSO implementation of Sentry. I… |
| CVE-2025-22144 | CVE-2025-22144 CVSS 9.8 | NamelessMC is a free, easy to use & powerful website software for Minecraft servers. A user with admincp.core.emails or admincp.users.edit permissions can vali… |
| CVE-2025-22137 | CVE-2025-22137 CVSS 9.8 | Pingvin Share is a self-hosted file sharing platform and an alternative for WeTransfer. This vulnerability allows an authenticated or unauthenticated (if anony… |