33,897 indexed
CVECVE vulnerabilities
33,897 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 7,501–7,550 of 8,314 in Critical · page 151 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-14182 | CVE-2025-14182 CVSS 9.8 | A vulnerability has been found in Sobey Media Convergence System 2.0/2.1. This vulnerability affects unknown code of the file /sobey-mchEditor/watermark/upload… |
| CVE-2025-14179 | CVE-2025-14179 CVSS 9.8 | In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the PDO Firebird driver improperly handles NUL bytes whe… |
| CVE-2025-14156 | CVE-2025-14156 CVSS 9.8 | The Fox LMS – WordPress LMS Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.5.1. This is due to the… |
| CVE-2025-14141 | CVE-2025-14141 CVSS 9.8 | A flaw has been found in UTT 进取 520W 1.7.7-180627. The impacted element is the function strcpy of the file /goform/formArpBindConfig. Executing manipulation of… |
| CVE-2025-14094 | CVE-2025-14094 CVSS 9.8 | A flaw has been found in Edimax BR-6478AC V3 1.0.15. The affected element is the function sub_44CCE4 of the file /boafrm/formSysCmd. This manipulation of the a… |
| CVE-2025-14093 | CVE-2025-14093 CVSS 9.8 | A vulnerability was detected in Edimax BR-6478AC V3 1.0.15. Impacted is the function sub_416990 of the file /boafrm/formTracerouteDiagnosticRun. The manipulati… |
| CVE-2025-14087 | CVE-2025-14087 CVSS 5.6gnome | A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code ex… |
| CVE-2025-14015 | CVE-2025-14015 CVSS 9.8 | A weakness has been identified in H3C Magic B0 up to 100R002. This impacts the function EditWlanMacList of the file /goform/aspForm. This manipulation of the a… |
| CVE-2025-14014 | CVE-2025-14014 CVSS 9.8 | Unrestricted Upload of File with Dangerous Type vulnerability in NTN Information Processing Services Computer Software Hardware Industry and Trade Ltd. Co. Sma… |
| CVE-2025-14009 | CVE-2025-14009 CVSS 10.0 | A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The _unzip_iter function in nltk/downloader.py uses zipf… |
| CVE-2025-14004 | CVE-2025-14004 CVSS 9.8 | A security flaw has been discovered in dayrui XunRuiCMS up to 4.7.1. Affected is an unknown function of the file /admind45f74adbd95.php?c=email&m=add of the co… |
| CVE-2025-13952 | CVE-2025-13952 CVSS 9.8 | A web page that contains unusual GPU shader code is loaded from the Internet into the GPU compiler process triggers a write use-after-free crash in the GPU sha… |
| CVE-2025-13942 | CVE-2025-13942 CVSS 9.8 | A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions through 5.17(ABUP.15.1)C0 could allow a remote attacker to exec… |
| CVE-2025-1393 | CVE-2025-1393 CVSS 9.8 | An unauthenticated remote attacker can use hard-coded credentials to gain full administration privileges on the affected product. |
| CVE-2025-13926 | CVE-2025-13926 CVSS 9.8 | An attacker could use data obtained by sniffing the network traffic to forge packets in order to make arbitrary requests to Contemporary Controls BASC 20T. |
| CVE-2025-13915 | CVE-2025-13915 CVSS 9.8 | IBM API Connect 10.0.8.0 through 10.0.8.5, and 10.0.11.0 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the … |
| CVE-2025-13888 | CVE-2025-13888 CVSS 9.1 | A flaw was found in OpenShift GitOps. Namespace admins can create ArgoCD Custom Resources (CRs) that trick the system into granting them elevated permissions i… |
| CVE-2025-13872 | CVE-2025-13872 CVSS 9.1 | Blind Server-Side Request Forgery (SSRF) in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on Web-based platforms allows an attacker to fo… |
| CVE-2025-1387 | CVE-2025-1387 CVSS 9.8 | Orca HCM from LEARNING DIGITAL has an Improper Authentication vulnerability, allowing unauthenticated remote attackers to log in to the system as any user. |
| CVE-2025-13851 | CVE-2025-13851 CVSS 9.8 | The Buyent Classified plugin for WordPress (bundled with Buyent theme) is vulnerable to privilege escalation via user registration in all versions up to, and i… |
| CVE-2025-13815 | CVE-2025-13815 CVSS 9.8 | A weakness has been identified in moxi159753 Mogu Blog v2 up to 5.2. The affected element is an unknown function of the file /file/pictures. This manipulation … |
| CVE-2025-13814 | CVE-2025-13814 CVSS 9.8 | A security flaw has been discovered in moxi159753 Mogu Blog v2 up to 5.2. Impacted is the function LocalFileServiceImpl.uploadPictureByUrl of the file /file/up… |
| CVE-2025-13806 | CVE-2025-13806 CVSS 9.8 | A security vulnerability has been detected in nutzam NutzBoot up to 2.6.0-SNAPSHOT. This impacts an unknown function of the file nutzboot-demo/nutzboot-demo-si… |
| CVE-2025-13800 | CVE-2025-13800 CVSS 9.8 | A vulnerability was found in ADSLR NBR1005GPEV2 250814-r037c. This issue affects the function set_mesh_disconnect of the file /send_order.cgi. The manipulation… |
| CVE-2025-1380 | CVE-2025-1380 CVSS 9.8 | A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /d… |
| CVE-2025-13799 | CVE-2025-13799 CVSS 9.8 | A vulnerability has been found in ADSLR NBR1005GPEV2 250814-r037c. This vulnerability affects the function ap_macfilter_del of the file /send_order.cgi. The ma… |
| CVE-2025-13798 | CVE-2025-13798 CVSS 9.8 | A flaw has been found in ADSLR NBR1005GPEV2 250814-r037c. This affects the function ap_macfilter_add of the file /send_order.cgi. Executing manipulation of the… |
| CVE-2025-13797 | CVE-2025-13797 CVSS 9.8 | A vulnerability was detected in ADSLR B-QE2W401 250814-r037c. Affected by this issue is the function parameterdel_swifimac of the file /send_order.cgi. Perform… |
| CVE-2025-1379 | CVE-2025-1379 CVSS 9.8 | A vulnerability has been found in code-projects Real Estate Property Management System 1.0 and classified as critical. Affected by this vulnerability is an unk… |
| CVE-2025-13788 | CVE-2025-13788 CVSS 9.8 | A vulnerability has been found in Chanjet CRM up to 20251106. The impacted element is an unknown function of the file /tools/upgradeattribute.php. The manipula… |
| CVE-2025-13787 | CVE-2025-13787 CVSS 9.1 | A flaw has been found in ZenTao up to 21.7.6-8564. The affected element is the function file::delete of the file module/file/control.php of the component File … |
| CVE-2025-13786 | CVE-2025-13786 CVSS 9.8 | A vulnerability was detected in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. Impacted is the function fetch of the file /index.php. Performing … |
| CVE-2025-13783 | CVE-2025-13783 CVSS 9.8 | A security flaw has been discovered in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. This affects the function check/uncheck/delete of the file … |
| CVE-2025-13782 | CVE-2025-13782 CVSS 9.8 | A vulnerability was identified in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. Affected by this issue is the function delete of the file applic… |
| CVE-2025-13773 | CVE-2025-13773 CVSS 9.8 | The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.8.0 via … |
| CVE-2025-13764 | CVE-2025-13764 CVSS 9.8 | The WP CarDealer plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.16. This is due to the 'WP_CarDealer_User… |
| CVE-2025-13761 | CVE-2025-13761 CVSS 9.6 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an unauthenticate… |
| CVE-2025-13675 | CVE-2025-13675 CVSS 9.8 | The Tiger theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 101.2.1. This is due to the 'paypal-submit.php' file … |
| CVE-2025-13619 | CVE-2025-13619 CVSS 9.8 | The Flex Store Users plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.0. This is due to the 'fsUserHandle::… |
| CVE-2025-13618 | CVE-2025-13618 CVSS 9.8 | The Mentoring plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.2.8. This is due to the plugin not properly re… |
| CVE-2025-13615 | CVE-2025-13615 CVSS 9.8 | The StreamTube Core plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 4.78. This is due to the plugin prov… |
| CVE-2025-13613 | CVE-2025-13613 CVSS 9.8 | The Elated Membership plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.2. This is due to the plugin not prop… |
| CVE-2025-13607 | CVE-2025-13607 CVSS 9.4 | A malicious actor can access camera configuration information, including account credentials, without authenticating when accessing a vulnerable URL. |
| CVE-2025-13597 | CVE-2025-13597 CVSS 9.8 | The AI Feeds plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check in the 'actualizador_git.php' file in all versions up… |
| CVE-2025-13595 | CVE-2025-13595 CVSS 9.8 | The CIBELES AI plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check in the 'actualizador_git.php' file in all versions … |
| CVE-2025-13585 | CVE-2025-13585 CVSS 9.8 | A vulnerability was detected in itsourcecode COVID Tracking System 1.0. This issue affects some unknown processing of the file /login.php. The manipulation of … |
| CVE-2025-13583 | CVE-2025-13583 CVSS 9.8 | A weakness has been identified in code-projects Question Paper Generator 1.0. This affects an unknown part of the file /signupscript.php of the component POST … |
| CVE-2025-13582 | CVE-2025-13582 CVSS 9.8 | A security flaw has been discovered in code-projects Jonnys Liquor 1.0. Affected by this issue is some unknown functionality of the file /detail.php of the com… |
| CVE-2025-13578 | CVE-2025-13578 CVSS 9.8 | A vulnerability has been found in code-projects Library System 1.0. This affects an unknown function of the file /index.php of the component Login. The manipul… |
| CVE-2025-13572 | CVE-2025-13572 CVSS 9.8 | A vulnerability was identified in projectworlds Advanced Library Management System 1.0. This affects an unknown part of the file /delete_admin.php. The manipul… |