33,897 indexed
CVECVE vulnerabilities
33,897 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 7,701–7,750 of 8,314 in Critical · page 155 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-12602 | CVE-2025-12602 CVSS 9.8 | /etc/avahi/services/z9.service can be Arbitrarily Written.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. |
| CVE-2025-12600 | CVE-2025-12600 CVSS 9.8 | Web UI Malfunction when setting unexpected locale via API.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. |
| CVE-2025-1260 | CVE-2025-1260 CVSS 9.1 | On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. This issue can result in unex… |
| CVE-2025-12599 | CVE-2025-12599 CVSS 9.8 | Multiple Devices are Sharing the Same Secrets for SDKSocket (TCP/5000).This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. |
| CVE-2025-12598 | CVE-2025-12598 CVSS 9.8 | A flaw has been found in SourceCodester Best House Rental Management System 1.0. Affected by this issue is the function save_tenant of the file /admin_class.ph… |
| CVE-2025-12597 | CVE-2025-12597 CVSS 9.8 | A vulnerability was detected in SourceCodester Best House Rental Management System 1.0. Affected by this vulnerability is the function save_category of the fil… |
| CVE-2025-12596 | CVE-2025-12596 CVSS 9.8 | A security vulnerability has been detected in Tenda AC23 16.03.07.52. Affected is the function saveParentControlInfo of the file /goform/saveParentControlInfo.… |
| CVE-2025-12595 | CVE-2025-12595 CVSS 9.8 | A weakness has been identified in Tenda AC23 16.03.07.52. This impacts the function formSetVirtualSer of the file /goform/SetVirtualServerCfg. This manipulatio… |
| CVE-2025-12554 | CVE-2025-12554 CVSS 9.8 | Missing Security Headers.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. |
| CVE-2025-12553 | CVE-2025-12553 CVSS 9.8 | Email Server Certificate Verification Disabled.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. |
| CVE-2025-12552 | CVE-2025-12552 CVSS 9.8 | Insufficient Password Policy.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. |
| CVE-2025-1255 | CVE-2025-1255 CVSS 9.1 | Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.This issue affects Connext Professional: f… |
| CVE-2025-12548 | CVE-2025-12548 CVSS 9.0 | A flaw was found in Eclipse Che che-machine-exec. This vulnerability allows unauthenticated remote arbitrary command execution and secret exfiltration (SSH key… |
| CVE-2025-12543 | CVE-2025-12543 CVSS 9.6redhat | A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly val… |
| CVE-2025-12539 | CVE-2025-12539 CVSS 10.0 | The TNC Toolbox: Web Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2. This is due … |
| CVE-2025-12531 | CVE-2025-12531 CVSS 9.1 | IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote a… |
| CVE-2025-12516 | CVE-2025-12516 CVSS 9.8 | Lack of Graceful Error Handling - HTTP 5xx ErrorThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 . |
| CVE-2025-12515 | CVE-2025-12515 CVSS 9.8 | Systemic Internal Server Errors - HTTP 500 ResponseThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 . |
| CVE-2025-12504 | CVE-2025-12504 CVSS 9.8 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Talent Software UNIS allows SQL Injection. This issue af… |
| CVE-2025-12493 | CVE-2025-12493 CVSS 9.8 | The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Loc… |
| CVE-2025-12488 | CVE-2025-12488 CVSS 9.8 | oobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code Execution Vulnerability. This vulnerability allows remote attackers … |
| CVE-2025-12487 | CVE-2025-12487 CVSS 9.8 | oobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code Execution Vulnerability. This vulnerability allows remote attackers … |
| CVE-2025-12480 | Gladinet Triofox Improper Access Control Vulnerability KEVCVSS 9.1Gladinet | Gladinet Triofox contains an improper access control vulnerability that allows access to initial setup pages even after setup is complete. |
| CVE-2025-12478 | CVE-2025-12478 CVSS 9.8 | Non-Compliant TLS Configuration.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 . |
| CVE-2025-12477 | CVE-2025-12477 CVSS 9.8 | Server Version Disclosure.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 . |
| CVE-2025-12476 | CVE-2025-12476 CVSS 9.8 | Resource Lacking AuthN.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 . |
| CVE-2025-12463 | CVE-2025-12463 CVSS 9.8 | An unauthenticated SQL Injection was discovered within the Geutebruck G-Cam E-Series Cameras through the `Group` parameter in the `/uapi-cgi/viewer/Param.cgi` … |
| CVE-2025-12424 | CVE-2025-12424 CVSS 9.8 | Privilege Escalation through SUID-bit Binary.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 . |
| CVE-2025-12422 | CVE-2025-12422 CVSS 9.8 | Vulnerable Upgrade Feature (Arbitrary File Write) may lead to obtaining super user permissions on board.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: th… |
| CVE-2025-12421 | CVE-2025-12421 CVSS 9.9 | Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to to verify that the token used during the code exchange … |
| CVE-2025-12420 | CVE-2025-12420 CVSS 9.8 | A vulnerability has been identified in the ServiceNow AI Platform that could enable an unauthenticated user to impersonate another user and perform the operati… |
| CVE-2025-1242 | CVE-2025-1242 CVSS 9.1 | The administrative credentials can be extracted through application API responses, mobile application reverse engineering, and device firmware reverse engineer… |
| CVE-2025-12419 | CVE-2025-12419 CVSS 9.9 | Mattermost versions 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12, 11.0.x <= 11.0.3 fail to properly validate OAuth state tokens during OpenID Conn… |
| CVE-2025-12380 | CVE-2025-12380 CVSS 9.8 | Starting with Firefox 142, it was possible for a compromised child process to trigger a use-after-free in the GPU or browser process using WebGPU-related IPC c… |
| CVE-2025-12378 | CVE-2025-12378 CVSS 9.8 | A security flaw has been discovered in code-projects Simple Food Ordering System 1.0. This issue affects some unknown processing of the file /addproduct.php. P… |
| CVE-2025-12374 | CVE-2025-12374 CVSS 9.8 | The Email Verification, Email OTP, Block Spam Email, Passwordless login, Hide Login, Magic Login – User Verification plugin for WordPress is vulnerable to auth… |
| CVE-2025-12364 | CVE-2025-12364 CVSS 9.8 | Weak Password Policy.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. |
| CVE-2025-12352 | CVE-2025-12352 CVSS 9.8 | The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the copy_post_image() function in all ver… |
| CVE-2025-12339 | CVE-2025-12339 CVSS 9.8 | A security vulnerability has been detected in Campcodes Retro Basketball Shoes Online Store 1.0. This issue affects some unknown processing of the file /admin/… |
| CVE-2025-12338 | CVE-2025-12338 CVSS 9.8 | A weakness has been identified in Campcodes Retro Basketball Shoes Online Store 1.0. This vulnerability affects unknown code of the file /admin/admin_product.p… |
| CVE-2025-12337 | CVE-2025-12337 CVSS 9.8 | A security flaw has been discovered in Campcodes Retro Basketball Shoes Online Store 1.0. This affects an unknown part of the file /admin/admin_feature.php. Pe… |
| CVE-2025-12336 | CVE-2025-12336 CVSS 9.8 | A vulnerability was identified in Campcodes Retro Basketball Shoes Online Store 1.0. Affected by this issue is some unknown functionality of the file /admin/ad… |
| CVE-2025-12325 | CVE-2025-12325 CVSS 9.8 | A vulnerability has been found in SourceCodester Best Salon Management System 1.0. This affects an unknown part of the file /panel/forgot-password.php. The man… |
| CVE-2025-12316 | CVE-2025-12316 CVSS 9.8 | A vulnerability was identified in code-projects Courier Management System 1.0. This impacts an unknown function of the file /courier/edit-courier.php. The mani… |
| CVE-2025-12315 | CVE-2025-12315 CVSS 9.8 | A vulnerability was determined in code-projects Food Ordering System 1.0. This affects an unknown function of the file /admin/menu.php. Executing a manipulatio… |
| CVE-2025-12314 | CVE-2025-12314 CVSS 9.8 | A vulnerability was found in code-projects Food Ordering System 1.0. The impacted element is an unknown function of the file /admin/deleteitem.php. Performing … |
| CVE-2025-12313 | CVE-2025-12313 CVSS 9.8 | A vulnerability has been found in D-Link DI-7001 MINI 19.09.19A1/24.04.18B1. The affected element is an unknown function of the file /msp_info.htm. Such manipu… |
| CVE-2025-12309 | CVE-2025-12309 CVSS 9.8 | A weakness has been identified in code-projects Nero Social Networking Site 1.0. This affects an unknown part of the file /friendprofile.php. Executing manipul… |
| CVE-2025-12308 | CVE-2025-12308 CVSS 9.8 | A security flaw has been discovered in code-projects Nero Social Networking Site 1.0. Affected by this issue is some unknown functionality of the file /deletem… |
| CVE-2025-12307 | CVE-2025-12307 CVSS 9.8 | A vulnerability was identified in code-projects Nero Social Networking Site 1.0. Affected by this vulnerability is an unknown functionality of the file /addfri… |