33,897 indexed
CVECVE vulnerabilities
33,897 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 7,651–7,700 of 8,314 in Critical · page 154 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-12995 | CVE-2025-12995 CVSS 9.8 | Medtronic CareLink Network allows an unauthenticated remote attacker to perform a brute force attack on an API endpoint that could be used to determine a valid… |
| CVE-2025-12981 | CVE-2025-12981 CVSS 9.8 | The Listee theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.6. This is due to a broken validation check in t… |
| CVE-2025-1298 | CVE-2025-1298 CVSS 9.8 | Logic vulnerability in the mobile application (com.transsion.carlcare) may lead to the risk of account takeover. |
| CVE-2025-12977 | CVE-2025-12977 CVSS 9.1 | Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins fail to sanitize tag_key inputs. An attacker with network access or the ability to write reco… |
| CVE-2025-12963 | CVE-2025-12963 CVSS 9.8 | The LazyTasks – Project & Task Management with Collaboration, Kanban and Gantt Chart plugin for WordPress is vulnerable to privilege escalation via account tak… |
| CVE-2025-12939 | CVE-2025-12939 CVSS 9.8 | A security flaw has been discovered in SourceCodester Interview Management System up to 1.0. Affected by this issue is some unknown functionality of the file /… |
| CVE-2025-12938 | CVE-2025-12938 CVSS 9.8 | A vulnerability was identified in projectworlds Online Admission System 1.0. Affected by this vulnerability is an unknown functionality of the file /process_lo… |
| CVE-2025-12933 | CVE-2025-12933 CVSS 9.8 | A vulnerability was identified in SourceCodester Baby Care System 1.0. This affects an unknown part of the file /updatewelcome.php?id=siteoptions&action=welcom… |
| CVE-2025-12932 | CVE-2025-12932 CVSS 9.8 | A vulnerability was determined in SourceCodester Baby Care System 1.0. Affected by this issue is some unknown functionality of the file /admin.php?id=inbox. Th… |
| CVE-2025-12931 | CVE-2025-12931 CVSS 9.8 | A vulnerability was found in SourceCodester Food Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /routers/edit-orde… |
| CVE-2025-12930 | CVE-2025-12930 CVSS 9.8 | A vulnerability has been found in SourceCodester Food Ordering System 1.0. Affected is an unknown function of the file /view-ticket.php. The manipulation of th… |
| CVE-2025-12929 | CVE-2025-12929 CVSS 9.8 | A flaw has been found in SourceCodester Survey Application System 1.0. This impacts the function save_user/update_user of the file /LoginRegistration.php. Exec… |
| CVE-2025-12928 | CVE-2025-12928 CVSS 9.8 | A vulnerability was detected in code-projects Online Job Search Engine 1.0. This affects an unknown function of the file /login.php. Performing manipulation of… |
| CVE-2025-12925 | CVE-2025-12925 CVSS 9.8 | A security flaw has been discovered in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. Impacted is the function getAll/addDic/getAllDic/deleteDic … |
| CVE-2025-12916 | CVE-2025-12916 CVSS 9.8 | A vulnerability was determined in Sangfor Operation and Maintenance Security Management System 3.0. Impacted is an unknown function of the file /fort/portal_lo… |
| CVE-2025-12913 | CVE-2025-12913 CVSS 9.8 | A flaw has been found in code-projects Responsive Hotel Site 1.0. This affects an unknown part of the file /admin/roomdel.php. Executing manipulation of the ar… |
| CVE-2025-12882 | CVE-2025-12882 CVSS 9.8 | The Clasifico Listing plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0. This is due to the plugin allowing user… |
| CVE-2025-12873 | CVE-2025-12873 CVSS 9.8 | A security flaw has been discovered in Campcodes School File Management 1.0. This affects an unknown part of the file /admin/update_user.php. Performing manipu… |
| CVE-2025-12871 | CVE-2025-12871 CVSS 9.8 | The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to craft administrator access tokens and us… |
| CVE-2025-12870 | CVE-2025-12870 CVSS 9.8 | The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to send crafted packets to obtain administr… |
| CVE-2025-12868 | CVE-2025-12868 CVSS 9.8 | New Site Server developed by CyberTutor has a Use of Client-Side Authentication vulnerability, allowing unauthenticated remote attackers to modify the frontend… |
| CVE-2025-12866 | CVE-2025-12866 CVSS 9.8 | EIP Plus developed by Hundred Plus has a Weak Password Recovery Mechanism vulnerability, allowing unauthenticated remote attacker to predict or brute-force the… |
| CVE-2025-12862 | CVE-2025-12862 CVSS 9.8 | A vulnerability was identified in projectworlds Online Notes Sharing Platform 1.0. Affected by this issue is some unknown functionality of the file /dashboard/… |
| CVE-2025-12857 | CVE-2025-12857 CVSS 9.8 | A security vulnerability has been detected in code-projects Responsive Hotel Site 1.0. The affected element is an unknown function of the file /admin/roombook.… |
| CVE-2025-12856 | CVE-2025-12856 CVSS 9.8 | A weakness has been identified in code-projects Responsive Hotel Site 1.0. Impacted is an unknown function of the file /admin/reservation.php. This manipulatio… |
| CVE-2025-12855 | CVE-2025-12855 CVSS 9.8 | A security flaw has been discovered in code-projects Responsive Hotel Site 1.0. This issue affects some unknown processing of the file /admin/newsletterdel.php… |
| CVE-2025-12853 | CVE-2025-12853 CVSS 9.8 | A vulnerability was determined in SourceCodester Best House Rental Management System 1.0. This affects the function delete_house of the file /admin_class.php. … |
| CVE-2025-1283 | CVE-2025-1283 CVSS 9.8 | The Dingtian DT-R0 Series is vulnerable to an exploit that allows attackers to bypass login requirements by directly navigating to the main page. |
| CVE-2025-12813 | CVE-2025-12813 CVSS 9.8 | The Holiday class post calendar plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.1 via the 'contents' parame… |
| CVE-2025-12762 | CVE-2025-12762 CVSS 9.8 | pgAdmin versions up to 9.9 are affected by a Remote Code Execution (RCE) vulnerability that occurs when running in server mode and performing restores from PLA… |
| CVE-2025-12735 | CVE-2025-12735 CVSS 9.8 | The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However… |
| CVE-2025-12682 | CVE-2025-12682 CVSS 9.8 | The Easy Upload Files During Checkout plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing file type validation in the 'file_… |
| CVE-2025-1268 | CVE-2025-1268 CVSS 9.4 | Out-of-bounds vulnerability in EMF Recode processing of Generic Plus PCL6 Printer Driver / Generic Plus UFR II Printer Driver / Generic Plus LIPS4 Printer Driv… |
| CVE-2025-12674 | CVE-2025-12674 CVSS 9.8 | The KiotViet Sync plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the create_media() function in all versio… |
| CVE-2025-12673 | CVE-2025-12673 CVSS 9.8 | The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the update_qr_code() function in… |
| CVE-2025-1265 | CVE-2025-1265 CVSS 9.9 | An OS command injection vulnerability exists in Vinci Protocol Analyzer that could allow an attacker to escalate privileges and perform code execution on affec… |
| CVE-2025-12642 | CVE-2025-12642 CVSS 9.1 | lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. This behavior can be exploited to conduct HTTP Header Smuggling attac… |
| CVE-2025-12622 | CVE-2025-12622 CVSS 9.8 | A vulnerability was determined in Tenda AC10 16.03.10.13. Affected by this vulnerability is the function formSysRunCmd of the file /goform/SysRunCmd. This mani… |
| CVE-2025-12619 | CVE-2025-12619 CVSS 9.8 | A vulnerability was found in Tenda A15 15.13.07.13. Affected is the function fromSetWirelessRepeat of the file /goform/openNetworkGateway. The manipulation of … |
| CVE-2025-12618 | CVE-2025-12618 CVSS 9.8 | A vulnerability has been found in Tenda AC8 16.03.34.06. This impacts an unknown function of the file /goform/DatabaseIniSet. The manipulation of the argument … |
| CVE-2025-12617 | CVE-2025-12617 CVSS 9.8 | A flaw has been found in itsourcecode Billing System 1.0. This affects an unknown function of the file /admin/app/login_crud.php. Executing a manipulation of t… |
| CVE-2025-12614 | CVE-2025-12614 CVSS 9.8 | A weakness has been identified in SourceCodester Best House Rental Management System 1.0. Impacted is the function delete_payment of the file /admin_class.php.… |
| CVE-2025-12612 | CVE-2025-12612 CVSS 9.8 | A security flaw has been discovered in Campcodes School Fees Payment Management System 1.0. This issue affects some unknown processing of the file /ajax.php?ac… |
| CVE-2025-12611 | CVE-2025-12611 CVSS 9.8 | A vulnerability was identified in Tenda AC21 16.03.08.16. This vulnerability affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The m… |
| CVE-2025-12608 | CVE-2025-12608 CVSS 9.8 | A security flaw has been discovered in itsourcecode Online Loan Management System 1.0. The affected element is an unknown function of the file /manage_user.php… |
| CVE-2025-12607 | CVE-2025-12607 CVSS 9.8 | A vulnerability was identified in itsourcecode Online Loan Management System 1.0. Impacted is an unknown function of the file /manage_payment.php. Such manipul… |
| CVE-2025-12606 | CVE-2025-12606 CVSS 9.8 | A vulnerability was determined in itsourcecode Online Loan Management System 1.0. This issue affects some unknown processing of the file /manage_borrower.php. … |
| CVE-2025-12605 | CVE-2025-12605 CVSS 9.8 | A vulnerability was found in itsourcecode Online Loan Management System 1.0. This vulnerability affects unknown code of the file /manage_loan.php. The manipula… |
| CVE-2025-12604 | CVE-2025-12604 CVSS 9.8 | A vulnerability has been found in itsourcecode Online Loan Management System 1.0. This affects an unknown part of the file /load_fields.php. The manipulation o… |
| CVE-2025-12603 | CVE-2025-12603 CVSS 9.8 | /etc/timezone can be Arbitrarily Written.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. |