33,486 indexed
CVECVE vulnerabilities
33,486 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 7,301–7,350 of 8,314 in Critical · page 147 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-15166 | CVE-2025-15166 CVSS 9.8 | A vulnerability was found in itsourcecode Online Cake Ordering System 1.0. This affects an unknown function of the file /updatesupplier.php?action=edit. The ma… |
| CVE-2025-15165 | CVE-2025-15165 CVSS 9.8 | A vulnerability has been found in itsourcecode Online Cake Ordering System 1.0. The impacted element is an unknown function of the file /updatecustomer.php?act… |
| CVE-2025-1515 | CVE-2025-1515 CVSS 9.8 | The WP Real Estate Manager plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.8. This is due to insufficient i… |
| CVE-2025-15127 | CVE-2025-15127 CVSS 9.8 | A security vulnerability has been detected in FantasticLBP Hotels_Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. Affected by this issue is some unknown… |
| CVE-2025-15115 | CVE-2025-15115 CVSS 9.8 | Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an authentication bypass vulnerability that allows unauthenticated attackers to access any us… |
| CVE-2025-15114 | CVE-2025-15114 CVSS 9.8 | Ksenia Security lares (legacy model) Home Automation version 1.6 contains a critical security flaw that exposes the alarm system PIN in the 'basisInfo' XML fil… |
| CVE-2025-15113 | CVE-2025-15113 CVSS 9.3 | Ksenia Security lares (legacy model) Home Automation version 1.6 contains an unprotected endpoint vulnerability that allows authenticated attackers to upload M… |
| CVE-2025-15111 | CVE-2025-15111 CVSS 9.8 | Ksenia Security lares (legacy model) version 1.6 contains a default credentials vulnerability that allows unauthorized attackers to gain administrative access.… |
| CVE-2025-15103 | CVE-2025-15103 CVSS 9.8 | DVP-12SE11T - Authentication Bypass via Partial Password Disclosure |
| CVE-2025-15102 | CVE-2025-15102 CVSS 9.8 | DVP-12SE11T - Password Protection Bypass |
| CVE-2025-1510 | CVE-2025-1510 CVSS 9.8 | The The Custom Post Type Date Archives plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.7.1. This is… |
| CVE-2025-15099 | CVE-2025-15099 CVSS 9.8 | A vulnerability was identified in simstudioai sim up to 0.5.27. This vulnerability affects unknown code of the file apps/sim/lib/auth/internal.ts of the compon… |
| CVE-2025-15092 | CVE-2025-15092 CVSS 9.8 | A vulnerability was identified in UTT 进取 512W up to 1.7.7-171114. Impacted is the function strcpy of the file /goform/ConfigExceptMSN. Such manipulation of the… |
| CVE-2025-15091 | CVE-2025-15091 CVSS 9.8 | A vulnerability was determined in UTT 进取 512W up to 1.7.7-171114. This issue affects the function strcpy of the file /goform/formPictureUrl. This manipulation … |
| CVE-2025-15090 | CVE-2025-15090 CVSS 9.8 | A vulnerability was found in UTT 进取 512W up to 1.7.7-171114. This vulnerability affects the function strcpy of the file /goform/formConfigNoticeConfig. The man… |
| CVE-2025-1509 | CVE-2025-1509 CVSS 9.8 | The The Show Me The Cookies plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0. This is due to the s… |
| CVE-2025-15089 | CVE-2025-15089 CVSS 9.8 | A vulnerability has been found in UTT 进取 512W up to 1.7.7-171114. This affects the function strcpy of the file /goform/APSecurity. The manipulation of the argu… |
| CVE-2025-15078 | CVE-2025-15078 CVSS 9.8 | A vulnerability was detected in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /list_report.php. The manip… |
| CVE-2025-15077 | CVE-2025-15077 CVSS 9.8 | A security vulnerability has been detected in itsourcecode Student Management System 1.0. The affected element is an unknown function of the file /form137.php.… |
| CVE-2025-15075 | CVE-2025-15075 CVSS 9.8 | A security flaw has been discovered in itsourcecode Student Management System 1.0. This issue affects some unknown processing of the file /student_p.php. Perfo… |
| CVE-2025-15074 | CVE-2025-15074 CVSS 9.8 | A vulnerability was identified in itsourcecode Online Frozen Foods Ordering System 1.0. This vulnerability affects unknown code of the file /customer_details.p… |
| CVE-2025-15073 | CVE-2025-15073 CVSS 9.8 | A vulnerability was determined in itsourcecode Online Frozen Foods Ordering System 1.0. This affects an unknown part of the file /contact_us.php. This manipula… |
| CVE-2025-15069 | CVE-2025-15069 CVSS 9.8 | Improper Authentication vulnerability in Gmission Web Fax allows Privilege Escalation.This issue affects Web Fax: from 3.0 before 3.0.1 |
| CVE-2025-15068 | CVE-2025-15068 CVSS 9.8 | Missing Authorization vulnerability in Gmission Web Fax allows Authentication Abuse, Session Credential Falsification through Manipulation.This issue affects W… |
| CVE-2025-15063 | CVE-2025-15063 CVSS 9.8 | Ollama MCP Server execAsync Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affe… |
| CVE-2025-15061 | CVE-2025-15061 CVSS 9.8 | Framelink Figma MCP Server fetchWithRetry Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrar… |
| CVE-2025-15060 | CVE-2025-15060 CVSS 9.8 | claude-hovercraft executeClaudeCode Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code… |
| CVE-2025-15049 | CVE-2025-15049 CVSS 9.8 | A vulnerability was identified in code-projects Online Farm System 1.0. Affected is an unknown function of the file /addProduct.php. The manipulation of the ar… |
| CVE-2025-15048 | CVE-2025-15048 CVSS 9.8 | A vulnerability was determined in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/CheckTools of the component HTTP Request Handler. … |
| CVE-2025-15047 | CVE-2025-15047 CVSS 9.8 | A vulnerability was found in Tenda WH450 1.0.0.18. This affects an unknown function of the file /goform/PPTPDClient of the component HTTP Request Handler. Perf… |
| CVE-2025-15046 | CVE-2025-15046 CVSS 9.8 | A vulnerability has been found in Tenda WH450 1.0.0.18. The impacted element is an unknown function of the file /goform/PPTPClient of the component HTTP Reques… |
| CVE-2025-15045 | CVE-2025-15045 CVSS 9.8 | A flaw has been found in Tenda WH450 1.0.0.18. The affected element is an unknown function of the file /goform/Natlimit of the component HTTP Request Handler. … |
| CVE-2025-15044 | CVE-2025-15044 CVSS 9.8 | A vulnerability was detected in Tenda WH450 1.0.0.18. Impacted is an unknown function of the file /goform/NatStaticSetting. The manipulation of the argument pa… |
| CVE-2025-15036 | CVE-2025-15036 CVSS 10.0 | A path traversal vulnerability exists in the `extract_archive_to_dir` function within the `mlflow/pyfunc/dbconnect_artifact_cache.py` file of the mlflow/mlflow… |
| CVE-2025-15034 | CVE-2025-15034 CVSS 9.8 | A security flaw has been discovered in itsourcecode Student Management System 1.0. This affects an unknown part of the file /record.php. The manipulation of th… |
| CVE-2025-15031 | CVE-2025-15031 CVSS 9.1 | A vulnerability in MLflow's pyfunc extraction process allows for arbitrary file writes due to improper handling of tar archive entries. Specifically, the use o… |
| CVE-2025-15030 | CVE-2025-15030 CVSS 9.8 | The User Profile Builder WordPress plugin before 3.15.2 does not have a proper password reset process, allowing a few unauthenticated requests to reset the pa… |
| CVE-2025-15029 | CVE-2025-15029 CVSS 9.8 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon Infra Monitoring (Awie export modules) allows SQ… |
| CVE-2025-15027 | CVE-2025-15027 CVSS 9.8 | The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.6.03. This is due to the plugin all… |
| CVE-2025-15026 | CVE-2025-15026 CVSS 9.8 | Missing Authentication for Critical Function vulnerability in Centreon Infra Monitoring centreon-awie (Awie import module) allows Accessing Functionality Not P… |
| CVE-2025-15018 | CVE-2025-15018 CVSS 9.8 | The Optional Email plugin for WordPress is vulnerable to Privilege Escalation via Account Takeover in all versions up to, and including, 1.3.11. This is due to… |
| CVE-2025-15016 | CVE-2025-15016 CVSS 9.8 | Enterprise Cloud Database developed by Ragic has a Hard-coded Cryptographic Key vulnerability, allowing unauthenticated remote attackers to exploit the fixed k… |
| CVE-2025-15012 | CVE-2025-15012 CVSS 9.8 | A vulnerability was determined in code-projects Refugee Food Management System 1.0. The affected element is an unknown function of the file /home/home.php. Thi… |
| CVE-2025-15011 | CVE-2025-15011 CVSS 9.8 | A vulnerability was found in code-projects Simple Stock System 1.0. Impacted is an unknown function of the file /logout.php. The manipulation of the argument u… |
| CVE-2025-15010 | CVE-2025-15010 CVSS 9.8 | A vulnerability has been found in Tenda WH450 1.0.0.18. This issue affects some unknown processing of the file /goform/SafeUrlFilter. The manipulation of the a… |
| CVE-2025-15008 | CVE-2025-15008 CVSS 9.8 | A vulnerability was detected in Tenda WH450 1.0.0.18. This affects an unknown part of the file /goform/L7Port of the component HTTP Request Handler. Performing… |
| CVE-2025-15007 | CVE-2025-15007 CVSS 9.8 | A security vulnerability has been detected in Tenda WH450 1.0.0.18. Affected by this issue is some unknown functionality of the file /goform/L7Im of the compon… |
| CVE-2025-15006 | CVE-2025-15006 CVSS 9.8 | A weakness has been identified in Tenda WH450 1.0.0.18. Affected by this vulnerability is an unknown functionality of the file /goform/CheckTools of the compon… |
| CVE-2025-15002 | CVE-2025-15002 CVSS 9.8 | A vulnerability has been found in SeaCMS up to 13.3. The affected element is an unknown function of the file js/player/dmplayer/dmku/class/mysqli.class.php. Su… |
| CVE-2025-15001 | CVE-2025-15001 CVSS 9.8 | The FS Registration Password plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.1. This … |