33,486 indexed
CVECVE vulnerabilities
33,486 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 7,351–7,400 of 8,314 in Critical · page 148 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-14998 | CVE-2025-14998 CVSS 9.8 | The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.24. This is due to the plu… |
| CVE-2025-14996 | CVE-2025-14996 CVSS 9.8 | The AS Password Field In Default Registration Form plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and i… |
| CVE-2025-14990 | CVE-2025-14990 CVSS 9.8 | A security flaw has been discovered in Campcodes Complete Online Beauty Parlor Management System 1.0. Impacted is an unknown function of the file /admin/view-a… |
| CVE-2025-14989 | CVE-2025-14989 CVSS 9.8 | A vulnerability was identified in Campcodes Complete Online Beauty Parlor Management System 1.0. This issue affects some unknown processing of the file /admin/… |
| CVE-2025-1497 | CVE-2025-1497 CVSS 9.8 | A vulnerability, that could result in Remote Code Execution (RCE), has been found in PlotAI. Lack of validation of LLM-generated output allows attacker to exec… |
| CVE-2025-14968 | CVE-2025-14968 CVSS 9.8 | A security flaw has been discovered in code-projects Simple Stock System 1.0. Affected by this issue is some unknown functionality of the file /market/update.p… |
| CVE-2025-14967 | CVE-2025-14967 CVSS 9.8 | A vulnerability was identified in itsourcecode Student Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /candidate… |
| CVE-2025-14964 | CVE-2025-14964 CVSS 9.8 | A vulnerability has been found in TOTOLINK T10 4.1.8cu.5083_B20200521. This affects the function sprintf of the file /cgi-bin/cstecgi.cgi. Such manipulation of… |
| CVE-2025-14961 | CVE-2025-14961 CVSS 9.8 | A vulnerability was detected in code-projects Simple Blood Donor Management System 1.0. The affected element is an unknown function of the file /editedcampaign… |
| CVE-2025-14960 | CVE-2025-14960 CVSS 9.8 | A security vulnerability has been detected in code-projects Simple Blood Donor Management System 1.0. Impacted is an unknown function of the file /editeddonor.… |
| CVE-2025-14959 | CVE-2025-14959 CVSS 9.8 | A weakness has been identified in code-projects Simple Stock System 1.0. This issue affects some unknown processing of the file /market/signup.php. Executing a… |
| CVE-2025-14952 | CVE-2025-14952 CVSS 9.8 | A vulnerability was detected in Campcodes Supplier Management System 1.0. This affects an unknown function of the file /admin/add_category.php. Performing a ma… |
| CVE-2025-14951 | CVE-2025-14951 CVSS 9.8 | A security vulnerability has been detected in code-projects Scholars Tracking System 1.0. The impacted element is an unknown function of the file /home.php. Su… |
| CVE-2025-14950 | CVE-2025-14950 CVSS 9.8 | A weakness has been identified in code-projects Scholars Tracking System 1.0. The affected element is an unknown function of the file /delete_post.php. This ma… |
| CVE-2025-14942 | CVE-2025-14942 CVSS 9.8 | wolfSSH’s key exchange state machine can be manipulated to leak the client’s password in the clear, trick the client to send a bogus signature, or trick the cl… |
| CVE-2025-14940 | CVE-2025-14940 CVSS 9.8 | A vulnerability was determined in code-projects Scholars Tracking System 1.0. The affected element is an unknown function of the file /admin/delete_user.php. T… |
| CVE-2025-14931 | CVE-2025-14931 CVSS 10.0 | Hugging Face smolagents Remote Python Executor Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attacker… |
| CVE-2025-14923 | CVE-2025-14923 CVSS 9.8 | IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Server Liberty could provide weaker than expected security when … |
| CVE-2025-14917 | CVE-2025-14917 CVSS 9.8 | IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty could provide weaker than expected security when … |
| CVE-2025-14894 | CVE-2025-14894 CVSS 9.8 | Livewire Filemanager, commonly used in Laravel applications, contains LivewireFilemanagerComponent.php, which does not perform file type and MIME validation, a… |
| CVE-2025-14892 | CVE-2025-14892 CVSS 9.8 | The Prime Listing Manager WordPress plugin through 1.1 allows an attacker to gain administrative access without having any kind of account on the targeted site… |
| CVE-2025-14879 | CVE-2025-14879 CVSS 9.8 | A weakness has been identified in Tenda WH450 1.0.0.18. Affected is an unknown function of the file /goform/onSSIDChange of the component HTTP Request Handler.… |
| CVE-2025-14878 | CVE-2025-14878 CVSS 9.8 | A security flaw has been discovered in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/wirelessRestart of the component HTTP Request… |
| CVE-2025-14877 | CVE-2025-14877 CVSS 9.8 | A vulnerability was identified in Campcodes Supplier Management System 1.0. This affects an unknown function of the file /admin/add_retailer.php. The manipulat… |
| CVE-2025-14860 | CVE-2025-14860 CVSS 9.8 | Use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 146.0.1. |
| CVE-2025-14850 | CVE-2025-14850 CVSS 9.1 | Advantech WebAccess/SCADA is vulnerable to directory traversal, which may allow an attacker to delete arbitrary files. |
| CVE-2025-14849 | CVE-2025-14849 CVSS 9.8 | Advantech WebAccess/SCADA is vulnerable to unrestricted file upload, which may allow an attacker to remotely execute arbitrary code. |
| CVE-2025-14833 | CVE-2025-14833 CVSS 9.8 | A security flaw has been discovered in code-projects Online Appointment Booking System 1.0. The impacted element is an unknown function of the file /admin/dele… |
| CVE-2025-14832 | CVE-2025-14832 CVSS 9.8 | A vulnerability was identified in itsourcecode Online Cake Ordering System 1.0. The affected element is an unknown function of the file /updateproduct.php?acti… |
| CVE-2025-14829 | CVE-2025-14829 CVSS 9.1 | The E-xact | Hosted Payment | WordPress plugin through 2.0 is vulnerable to arbitrary file deletion due to insufficient file path validation. This makes it pos… |
| CVE-2025-1475 | CVE-2025-1475 CVSS 9.8 | The WPCOM Member plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.7.5. This is due to insufficient verificat… |
| CVE-2025-14741 | CVE-2025-14741 CVSS 9.1 | The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to missing authorization to unauthorized data modification and deletion due to a missing ca… |
| CVE-2025-14736 | CVE-2025-14736 CVSS 9.8 | The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.28.29. This is due to insuf… |
| CVE-2025-14733 | WatchGuard Firebox Out of Bounds Write Vulnerability KEVCVSS 9.8WatchGuard | WatchGuard Fireware OS iked process contains an out of bounds write vulnerability in the OS iked process. This vulnerability may allow a remote unauthenticated… |
| CVE-2025-14711 | CVE-2025-14711 CVSS 9.8 | A flaw has been found in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. This vulnerability affects unknown code of the file /contro… |
| CVE-2025-14710 | CVE-2025-14710 CVSS 9.8 | A vulnerability was detected in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. This affects an unknown part of the file /controller… |
| CVE-2025-14709 | CVE-2025-14709 CVSS 9.8 | A security vulnerability has been detected in Shiguangwu sgwbox N3 2.0.25. Affected by this issue is some unknown functionality of the file /usr/sbin/http_eshe… |
| CVE-2025-14707 | CVE-2025-14707 CVSS 9.8 | A security flaw has been discovered in Shiguangwu sgwbox N3 2.0.25. Affected is an unknown function of the file /usr/sbin/http_eshell_server of the component D… |
| CVE-2025-14706 | CVE-2025-14706 CVSS 9.8 | A vulnerability was identified in Shiguangwu sgwbox N3 2.0.25. This impacts an unknown function of the file /usr/sbin/http_eshell_server of the component NETRE… |
| CVE-2025-14705 | CVE-2025-14705 CVSS 9.8 | A vulnerability was determined in Shiguangwu sgwbox N3 2.0.25. This affects an unknown function of the component SHARESERVER Feature. This manipulation of the … |
| CVE-2025-14704 | CVE-2025-14704 CVSS 9.8 | A vulnerability was found in Shiguangwu sgwbox N3 2.0.25. The impacted element is an unknown function of the file /eshell of the component API. The manipulatio… |
| CVE-2025-14700 | CVE-2025-14700 CVSS 9.9 | An input neutralization vulnerability in the Webhook Template component of Crafty Controller allows a remote, authenticated attacker to perform remote code exe… |
| CVE-2025-14673 | CVE-2025-14673 CVSS 9.8 | A vulnerability has been found in gmg137 snap7-rs up to 1.142.1. Affected is the function snap7_rs::client::S7Client::as_ct_write of the file /tests/snap7-rs/s… |
| CVE-2025-14672 | CVE-2025-14672 CVSS 9.8 | A flaw has been found in gmg137 snap7-rs up to 1.142.1. This impacts the function TSnap7MicroClient::opWriteArea of the file s7_micro_client.cpp. Executing a m… |
| CVE-2025-14668 | CVE-2025-14668 CVSS 9.8 | A vulnerability was detected in campcodes Advanced Online Examination System 1.0. This affects an unknown function of the file /query/loginExe.php. Performing … |
| CVE-2025-14667 | CVE-2025-14667 CVSS 9.8 | A security vulnerability has been detected in itsourcecode COVID Tracking System 1.0. The impacted element is an unknown function of the file /admin/?page=syst… |
| CVE-2025-14666 | CVE-2025-14666 CVSS 9.8 | A weakness has been identified in itsourcecode COVID Tracking System 1.0. The affected element is an unknown function of the file /admin/?page=user. This manip… |
| CVE-2025-14665 | CVE-2025-14665 CVSS 9.8 | A security flaw has been discovered in Tenda WH450 1.0.0.18. Impacted is an unknown function of the file /goform/DhcpListClient of the component HTTP Request H… |
| CVE-2025-14664 | CVE-2025-14664 CVSS 9.8 | A vulnerability was identified in Campcodes Supplier Management System 1.0. This issue affects some unknown processing of the file /admin/view_unit.php. The ma… |
| CVE-2025-14661 | CVE-2025-14661 CVSS 9.8 | A vulnerability has been found in itsourcecode Student Managemen System 1.0. Affected by this issue is some unknown functionality of the file /advisers.php. Su… |