33,897 indexed
CVECVE vulnerabilities
33,897 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 7,751–7,800 of 8,314 in Critical · page 156 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-12306 | CVE-2025-12306 CVSS 9.8 | A vulnerability was determined in code-projects Nero Social Networking Site 1.0. Affected is an unknown function of the file /acceptoffres.php. This manipulati… |
| CVE-2025-12305 | CVE-2025-12305 CVSS 9.8 | A vulnerability was found in quequnlong shiyi-blog up to 1.2.1. This impacts an unknown function of the file src/main/java/com/mojian/controller/SysJobControll… |
| CVE-2025-12301 | CVE-2025-12301 CVSS 9.8 | A security vulnerability has been detected in code-projects Simple Food Ordering System 1.0. Impacted is an unknown function of the file /editproduct.php. Such… |
| CVE-2025-12296 | CVE-2025-12296 CVSS 9.8 | A security vulnerability has been detected in D-Link DAP-2695 2.00RC13. The impacted element is the function sub_4174B0 of the component Firmware Update Handle… |
| CVE-2025-12294 | CVE-2025-12294 CVSS 9.8 | A security flaw has been discovered in SourceCodester Point of Sales 1.0. Impacted is an unknown function of the file /delete_category.php. Performing manipula… |
| CVE-2025-12293 | CVE-2025-12293 CVSS 9.8 | A vulnerability was identified in SourceCodester Point of Sales 1.0. This issue affects some unknown processing of the file /category.php. Such manipulation of… |
| CVE-2025-12292 | CVE-2025-12292 CVSS 9.8 | A vulnerability was determined in SourceCodester Point of Sales 1.0. This vulnerability affects unknown code of the file /index.php. This manipulation of the a… |
| CVE-2025-12285 | CVE-2025-12285 CVSS 9.8 | Missing Initial Password Change.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. |
| CVE-2025-12275 | CVE-2025-12275 CVSS 9.8 | Mail Configuration File Manipulation + Command Execution.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. |
| CVE-2025-12273 | CVE-2025-12273 CVSS 9.8 | A weakness has been identified in Tenda CH22 1.0.0.1. Affected is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. Executing a m… |
| CVE-2025-12272 | CVE-2025-12272 CVSS 9.8 | A security flaw has been discovered in Tenda CH22 1.0.0.1. This impacts the function fromAddressNat of the file /goform/addressNat. Performing a manipulation o… |
| CVE-2025-12271 | CVE-2025-12271 CVSS 9.8 | A vulnerability was identified in Tenda CH22 1.0.0.1. This affects the function fromRouteStatic of the file /goform/RouteStatic. Such manipulation of the argum… |
| CVE-2025-12268 | CVE-2025-12268 CVSS 9.8 | A vulnerability has been found in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. Impacted is an unknown function of the file /api/v1/courses/ of th… |
| CVE-2025-12265 | CVE-2025-12265 CVSS 9.8 | A weakness has been identified in Tenda CH22 1.0.0.1. Affected by this issue is the function fromVirtualSer of the file /goform/VirtualSer. This manipulation o… |
| CVE-2025-1226 | CVE-2025-1226 CVSS 9.8 | A vulnerability was found in ywoa up to 2024.07.03. It has been declared as critical. This vulnerability affects unknown code of the file /oa/setup/setup.jsp. … |
| CVE-2025-12257 | CVE-2025-12257 CVSS 9.8 | A security vulnerability has been detected in SourceCodester Online Student Result System 1.0. This issue affects some unknown processing of the file /view_res… |
| CVE-2025-12253 | CVE-2025-12253 CVSS 9.8 | A vulnerability was determined in AMTT Hotel Broadband Operation System 1.0. Affected by this vulnerability is an unknown functionality of the file /user/porta… |
| CVE-2025-12240 | CVE-2025-12240 CVSS 9.8 | A security vulnerability has been detected in TOTOLINK A3300R 17.0.0cu.557_B20221024. This affects the function setDmzCfg of the file /cgi-bin/cstecgi.cgi. The… |
| CVE-2025-12239 | CVE-2025-12239 CVSS 9.8 | A weakness has been identified in TOTOLINK A3300R 17.0.0cu.557_B20221024. The impacted element is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. Exe… |
| CVE-2025-12237 | CVE-2025-12237 CVSS 9.8 | A vulnerability was identified in projectworlds Advanced Library Management System 1.0. Impacted is an unknown function of the file /index.php. Such manipulati… |
| CVE-2025-12232 | CVE-2025-12232 CVSS 9.8 | A vulnerability was detected in Tenda CH22 1.0.0.1. Affected by this vulnerability is the function fromSafeClientFilter of the file /goform/SafeClientFilter. P… |
| CVE-2025-12226 | CVE-2025-12226 CVSS 9.8 | A vulnerability was found in SourceCodester Best House Rental Management System 1.0. Impacted is the function save_house of the file /admin_class.php. Performi… |
| CVE-2025-12220 | CVE-2025-12220 CVSS 9.8 | Busybox 1.31.1 - Multiple Known Vulnerabilities.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. |
| CVE-2025-12219 | CVE-2025-12219 CVSS 9.8 | Vulnerable Components in Azure Access OS.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. |
| CVE-2025-12218 | CVE-2025-12218 CVSS 9.1 | Weak Default Credentials.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. |
| CVE-2025-12217 | CVE-2025-12217 CVSS 9.1 | SNMP Default Community String (public).This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. |
| CVE-2025-12215 | CVE-2025-12215 CVSS 9.8 | A flaw has been found in projectworlds Online Shopping System 1.0. Impacted is an unknown function of the file /login_submit.php. Executing a manipulation of t… |
| CVE-2025-12211 | CVE-2025-12211 CVSS 9.8 | A security flaw has been discovered in Tenda O3 1.0.0.10(2478). Affected by this issue is the function SetValue/GetValue of the file /goform/setDmzInfo. The ma… |
| CVE-2025-12210 | CVE-2025-12210 CVSS 9.8 | A vulnerability was identified in Tenda O3 1.0.0.10(2478). Affected by this vulnerability is the function SetValue/GetValue of the file /goform/AdvSetLanip. Th… |
| CVE-2025-12208 | CVE-2025-12208 CVSS 9.8 | A vulnerability was found in SourceCodester Best House Rental Management System 1.0. This impacts the function login2 of the file /admin_class.php. Performing … |
| CVE-2025-12176 | CVE-2025-12176 CVSS 9.8 | Undocumented administrative accounts were getting created to facilitate access for applications running on board.This issue affects BLU-IC2: through 1.19.5; BL… |
| CVE-2025-12158 | CVE-2025-12158 CVSS 9.8 | The Simple User Capabilities plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the suc_submit_capabilities() func… |
| CVE-2025-12106 | CVE-2025-12106 CVSS 9.1 | Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses |
| CVE-2025-12104 | CVE-2025-12104 CVSS 9.8 | Outdated and Vulnerable UI Dependencies might potentially lead to exploitation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. |
| CVE-2025-12059 | CVE-2025-12059 CVSS 9.8 | Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Logo Software Industry and Trade Inc. Logo j-Platform allows E… |
| CVE-2025-12057 | CVE-2025-12057 CVSS 9.8 | The WavePlayer WordPress plugin before 3.8.0 does not have authorization in an AJAX action as well as does not validate the file to be copied locally, allowing… |
| CVE-2025-12049 | CVE-2025-12049 CVSS 9.8 | Missing Authentication for Critical Function vulnerability in Sharp Display Solutions Media Player MP-01 All Verisons allows a attacker may access to the web i… |
| CVE-2025-11953 | React Native Community CLI OS Command Injection Vulnerability KEVCVSS 9.8React Native Community | React Native Community CLI contains an OS command injection vulnerability which could allow unauthenticated network attackers to send POST requests to the Metr… |
| CVE-2025-11948 | CVE-2025-11948 CVSS 9.8 | Document Management System developed by Excellent Infotek has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and e… |
| CVE-2025-11943 | CVE-2025-11943 CVSS 9.8 | A vulnerability has been found in 70mai X200 up to 20251010. Affected by this vulnerability is an unknown functionality of the component HTTP Web Server. The m… |
| CVE-2025-11942 | CVE-2025-11942 CVSS 9.8 | A flaw has been found in 70mai X200 up to 20251010. Affected is an unknown function of the component Pairing. Executing manipulation can lead to missing authen… |
| CVE-2025-11900 | CVE-2025-11900 CVSS 9.8 | The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execu… |
| CVE-2025-11892 | CVE-2025-11892 CVSS 9.6 | An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allows DOM-based cross-site scripting via Issues search label… |
| CVE-2025-1188 | CVE-2025-1188 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0. Affected by this issue is some unknown functionality o… |
| CVE-2025-1186 | CVE-2025-1186 CVSS 9.8 | A vulnerability was found in dayrui XunRuiCMS up to 4.6.4. It has been declared as critical. This vulnerability affects unknown code of the file /Control/Api/A… |
| CVE-2025-11849 | CVE-2025-11849 CVSS 9.3 | Versions of the package mammoth from 0.3.25 and before 1.11.0; versions of the package mammoth from 0.3.25 and before 1.11.0; versions of the package mammoth b… |
| CVE-2025-11837 | CVE-2025-11837 CVSS 9.8 | An improper control of generation of code vulnerability has been reported to affect Malware Remover. The remote attackers can then exploit the vulnerability to… |
| CVE-2025-11833 | CVE-2025-11833 CVSS 9.8 | The Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App plugin for WordPress is vulnerable to unauthorized access of data due to a m… |
| CVE-2025-11832 | CVE-2025-11832 CVSS 9.8 | Allocation of Resources Without Limits or Throttling vulnerability in Azure Access Technology BLU-IC2, Azure Access Technology BLU-IC4 allows Flooding.This iss… |
| CVE-2025-1183 | CVE-2025-1183 CVSS 9.8 | A vulnerability has been found in CodeZips Gym Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of … |