33,897 indexed
CVECVE vulnerabilities
33,897 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 7,551–7,600 of 8,314 in Critical · page 152 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-13565 | CVE-2025-13565 CVSS 9.1 | A weakness has been identified in SourceCodester Inventory Management System 1.0. The affected element is an unknown function of the file /model/user/resetPass… |
| CVE-2025-13563 | CVE-2025-13563 CVSS 9.8 | The Lizza LMS Pro plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the 'lizza_lms_pro_reg… |
| CVE-2025-13562 | CVE-2025-13562 CVSS 9.8 | A vulnerability was identified in D-Link DIR-852 1.00. This issue affects some unknown processing of the file /gena.cgi. Such manipulation of the argument serv… |
| CVE-2025-13561 | CVE-2025-13561 CVSS 9.8 | A vulnerability was determined in SourceCodester Company Website CMS 1.0. This vulnerability affects unknown code of the file /admin/index.php. This manipulati… |
| CVE-2025-13560 | CVE-2025-13560 CVSS 9.8 | A vulnerability was found in SourceCodester Company Website CMS 1.0. This affects an unknown part of the file /admin/reset-password.php. The manipulation of th… |
| CVE-2025-13559 | CVE-2025-13559 CVSS 9.8 | The EduKart Pro plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the 'edukart_pro_registe… |
| CVE-2025-13557 | CVE-2025-13557 CVSS 9.8 | A vulnerability has been found in Campcodes Online Polling System 1.0. Affected by this issue is some unknown functionality of the file /registeracc.php. The m… |
| CVE-2025-13556 | CVE-2025-13556 CVSS 9.8 | A flaw has been found in Campcodes Online Polling System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/checklogin.php. Exe… |
| CVE-2025-13555 | CVE-2025-13555 CVSS 9.8 | A vulnerability was detected in Campcodes School File Management System 1.0. Affected is an unknown function of the file /index.php of the component Login. Per… |
| CVE-2025-13554 | CVE-2025-13554 CVSS 9.8 | A security vulnerability has been detected in Campcodes Supplier Management System 1.0. This impacts an unknown function of the file /index.php of the componen… |
| CVE-2025-1355 | CVE-2025-1355 CVSS 9.8 | A vulnerability was found in needyamin Library Card System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of… |
| CVE-2025-13546 | CVE-2025-13546 CVSS 9.8 | A vulnerability was detected in ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3. Affected by this issue is some unknown functionality… |
| CVE-2025-13544 | CVE-2025-13544 CVSS 9.8 | A weakness has been identified in ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3. Affected is an unknown function of the file /custo… |
| CVE-2025-13542 | CVE-2025-13542 CVSS 9.8 | The DesignThemes LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.4. This is due to the 'dtlms_register… |
| CVE-2025-13540 | CVE-2025-13540 CVSS 9.8 | The Tiare Membership plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2. This is due to the 'tiare_membership… |
| CVE-2025-13539 | CVE-2025-13539 CVSS 9.8 | The FindAll Membership plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.4. This is due to the plugin not p… |
| CVE-2025-13538 | CVE-2025-13538 CVSS 9.8 | The FindAll Listing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.5. This is due to the 'findall_listing… |
| CVE-2025-13486 | CVE-2025-13486 CVSS 9.8 | The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Remote Code Execution in versions 0.9.0.5 through 0.9.1.1 via the prepare_form() fun… |
| CVE-2025-13485 | CVE-2025-13485 CVSS 9.8 | A security flaw has been discovered in itsourcecode Online File Management System 1.0. This issue affects some unknown processing of the file /ajax.php?action=… |
| CVE-2025-13476 | CVE-2025-13476 CVSS 9.8 | Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows v25.6.0.0–v25.8.1.0 uses a static and predictable TLS ClientHello fingerprint lacking extension dive… |
| CVE-2025-13451 | CVE-2025-13451 CVSS 9.8 | A vulnerability was identified in SourceCodester Online Shop Project 1.0. The affected element is an unknown function of the file /action.php. Such manipulatio… |
| CVE-2025-13449 | CVE-2025-13449 CVSS 9.8 | A vulnerability was found in code-projects Online Shop Project 1.0. This issue affects some unknown processing of the file /login.php. The manipulation of the … |
| CVE-2025-13446 | CVE-2025-13446 CVSS 9.8 | A vulnerability has been found in Tenda AC21 16.03.08.16. This vulnerability affects unknown code of the file /goform/SetSysTimeCfg. The manipulation of the ar… |
| CVE-2025-13445 | CVE-2025-13445 CVSS 9.8 | A flaw has been found in Tenda AC21 16.03.08.16. This affects an unknown part of the file /goform/SetIpMacBind. Executing a manipulation of the argument list c… |
| CVE-2025-13442 | CVE-2025-13442 CVSS 9.8 | A security vulnerability has been detected in UTT 进取 750W up to 3.2.2-191225. Affected by this vulnerability is the function system of the file /goform/formPdb… |
| CVE-2025-13424 | CVE-2025-13424 CVSS 9.8 | A vulnerability has been found in Campcodes Supplier Management System 1.0. This affects an unknown function of the file /admin/add_product.php. The manipulati… |
| CVE-2025-13422 | CVE-2025-13422 CVSS 9.8 | A vulnerability was detected in freeprojectscodes Sports Club Management System 1.0. The affected element is an unknown function of the file /dashboard/admin/c… |
| CVE-2025-13421 | CVE-2025-13421 CVSS 9.8 | A security vulnerability has been detected in itsourcecode Human Resource Management System 1.0. Impacted is an unknown function of the file /src/store/NoticeS… |
| CVE-2025-13420 | CVE-2025-13420 CVSS 9.8 | A weakness has been identified in itsourcecode Human Resource Management System 1.0. This issue affects some unknown processing of the file /src/store/EventSto… |
| CVE-2025-13411 | CVE-2025-13411 CVSS 9.8 | A vulnerability was found in Campcodes Retro Basketball Shoes Online Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/a… |
| CVE-2025-13410 | CVE-2025-13410 CVSS 9.8 | A vulnerability has been found in Campcodes Retro Basketball Shoes Online Store 1.0. Affected is an unknown function of the file /admin/receipt.php. Such manip… |
| CVE-2025-13400 | CVE-2025-13400 CVSS 9.8 | A vulnerability was detected in Tenda CH22 1.0.0.1. Affected is the function formWrlExtraGet of the file /goform/WrlExtraGet. Performing a manipulation of the … |
| CVE-2025-13396 | CVE-2025-13396 CVSS 9.8 | A weakness has been identified in code-projects Courier Management System 1.0. This affects an unknown function of the file /add-office.php. This manipulation … |
| CVE-2025-13390 | CVE-2025-13390 CVSS 9.8 | The WP Directory Kit plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.4.4 due to incorrect implementation of… |
| CVE-2025-13375 | CVE-2025-13375 CVSS 9.8 | IBM Common Cryptographic Architecture (CCA) 7.5.52 and 8.4.82 could allow an unauthenticated user to execute arbitrary commands with elevated privileges on the… |
| CVE-2025-13374 | CVE-2025-13374 CVSS 9.8 | The Kalrav AI Agent plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the kalrav_upload_file AJAX action in a… |
| CVE-2025-13357 | CVE-2025-13357 CVSS 9.8 | Vault’s Terraform Provider incorrectly set the default deny_null_bind parameter for the LDAP auth method to false by default, potentially resulting in an insec… |
| CVE-2025-13344 | CVE-2025-13344 CVSS 9.8 | A weakness has been identified in SourceCodester Train Station Ticketing System 1.0. Affected by this vulnerability is an unknown functionality of the file /aj… |
| CVE-2025-13342 | CVE-2025-13342 CVSS 9.8 | The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthorized modification of arbitrary WordPress options in all versions up to, and incl… |
| CVE-2025-13329 | CVE-2025-13329 CVSS 9.8 | The File Uploader for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the callback function for… |
| CVE-2025-13323 | CVE-2025-13323 CVSS 9.8 | A security flaw has been discovered in code-projects Simple Pizza Ordering System 1.0. Affected is an unknown function of the file /listorder.php. Performing m… |
| CVE-2025-13315 | CVE-2025-13315 CVSS 9.8 | Twonky Server 8.5.2 on Linux and Windows is vulnerable to an access control flaw. An unauthenticated attacker can bypass web service API authentication control… |
| CVE-2025-13313 | CVE-2025-13313 CVSS 9.8 | The CRM Memberships plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 2.6. This is due to mis… |
| CVE-2025-13305 | CVE-2025-13305 CVSS 9.8 | A weakness has been identified in D-Link DWR-M920, DWR-M921, DWR-M960, DIR-822K and DIR-825M 1.01.07. This issue affects some unknown processing of the file /b… |
| CVE-2025-13303 | CVE-2025-13303 CVSS 9.8 | A vulnerability was determined in code-projects Courier Management System 1.0. Affected by this issue is some unknown functionality of the file /search-edit.ph… |
| CVE-2025-13302 | CVE-2025-13302 CVSS 9.8 | A vulnerability was identified in code-projects Courier Management System 1.0. This affects an unknown part of the file /add-new-officer.php. Such manipulation… |
| CVE-2025-13301 | CVE-2025-13301 CVSS 9.8 | A vulnerability was found in itsourcecode Web-Based Internet Laboratory Management System 1.0. Affected by this vulnerability is an unknown functionality of th… |
| CVE-2025-13300 | CVE-2025-13300 CVSS 9.8 | A vulnerability has been found in itsourcecode Web-Based Internet Laboratory Management System 1.0. Affected is an unknown function of the file /settings/contr… |
| CVE-2025-13299 | CVE-2025-13299 CVSS 9.8 | A flaw has been found in itsourcecode Web-Based Internet Laboratory Management System 1.0. This impacts an unknown function of the file /user/controller.php. E… |
| CVE-2025-13298 | CVE-2025-13298 CVSS 9.8 | A vulnerability was detected in itsourcecode Web-Based Internet Laboratory Management System 1.0. This affects an unknown function of the file /enrollment/cont… |