33,897 indexed
CVECVE vulnerabilities
33,897 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 8,051–8,100 of 8,314 in Critical · page 162 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-10785 | CVE-2025-10785 CVSS 9.8 | A vulnerability was detected in Campcodes Grocery Sales and Inventory System 1.0. This affects an unknown part of the file /manage_user.php. The manipulation o… |
| CVE-2025-10784 | CVE-2025-10784 CVSS 9.8 | A security vulnerability has been detected in Campcodes Online Learning Management System 1.0. Affected by this issue is some unknown functionality of the file… |
| CVE-2025-10783 | CVE-2025-10783 CVSS 9.8 | A weakness has been identified in Campcodes Online Learning Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admi… |
| CVE-2025-10782 | CVE-2025-10782 CVSS 9.8 | A security flaw has been discovered in Campcodes Online Learning Management System 1.0. Affected is an unknown function of the file /admin/class.php. Performin… |
| CVE-2025-10781 | CVE-2025-10781 CVSS 9.8 | A vulnerability was identified in Campcodes Online Learning Management System 1.0. This impacts an unknown function of the file /admin/edit_class.php. Such man… |
| CVE-2025-10779 | CVE-2025-10779 CVSS 9.8 | A vulnerability was found in D-Link DCS-935L up to 1.13.01. The impacted element is the function sub_402280 of the file /HNAP1/. The manipulation of the argume… |
| CVE-2025-10771 | CVE-2025-10771 CVSS 9.8 | A vulnerability was determined in jeecgboot JimuReport up to 2.1.2. Affected is an unknown function of the file /drag/onlDragDataSource/testConnection of the c… |
| CVE-2025-10769 | CVE-2025-10769 CVSS 9.8 | A vulnerability has been found in h2oai h2o-3 up to 3.46.08. This affects an unknown function of the file /99/ImportSQLTable of the component H2 JDBC Driver. S… |
| CVE-2025-10768 | CVE-2025-10768 CVSS 9.8 | A flaw has been found in h2oai h2o-3 up to 3.46.08. The impacted element is an unknown function of the file /99/ImportSQLTable of the component IBMDB2 JDBC Dri… |
| CVE-2025-10742 | CVE-2025-10742 CVSS 9.8 | The Truelysell Core plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.8.6. This is due to the plugin pro… |
| CVE-2025-10738 | CVE-2025-10738 CVSS 9.8 | The URL Shortener Plugin For WordPress plugin for WordPress is vulnerable to SQL Injection via the ‘analytic_id’ parameter in all versions up to, and including… |
| CVE-2025-10726 | CVE-2025-10726 CVSS 9.1 | The WPRecovery plugin for WordPress is vulnerable to SQL Injection via the 'data[id]' parameter in all versions up to, and including, 2.0. This is due to insuf… |
| CVE-2025-10725 | CVE-2025-10725 CVSS 9.9 | A flaw was found in Red Hat Openshift AI Service. A low-privileged attacker with access to an authenticated account, for example as a data scientist using a st… |
| CVE-2025-10713 | CVE-2025-10713 CVSS 9.1 | An XML External Entity (XXE) vulnerability exists in multiple WSO2 products due to improper configuration of the XML parser. The application parses user-suppli… |
| CVE-2025-10690 | CVE-2025-10690 CVSS 9.8 | The Goza - Nonprofit Charity WordPress Theme theme for WordPress is vulnerable to unauthorized arbitrary file uploads due to a missing capability check on the … |
| CVE-2025-10689 | CVE-2025-10689 CVSS 9.8 | A vulnerability was identified in D-Link DIR-645 105B01. This issue affects the function soapcgi_main of the file /soap.cgi. Such manipulation of the argument … |
| CVE-2025-10688 | CVE-2025-10688 CVSS 9.8 | A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file /admin/operation/pai… |
| CVE-2025-10687 | CVE-2025-10687 CVSS 9.8 | A vulnerability was found in SourceCodester Responsive E-Learning System 1.0. This affects an unknown part of the file /admin/add_teacher.php. The manipulation… |
| CVE-2025-10673 | CVE-2025-10673 CVSS 9.8 | A vulnerability was determined in itsourcecode Student Information Management System 1.0. The impacted element is an unknown function of the file /admin/module… |
| CVE-2025-10670 | CVE-2025-10670 CVSS 9.8 | A flaw has been found in itsourcecode E-Logbook with Health Monitoring System for COVID-19 1.0. This issue affects some unknown processing of the file /check_p… |
| CVE-2025-10668 | CVE-2025-10668 CVSS 9.8 | A security vulnerability has been detected in itsourcecode Online Discussion Forum 1.0. This affects an unknown part of the file /members/compose_msg_admin.php… |
| CVE-2025-10667 | CVE-2025-10667 CVSS 9.8 | A weakness has been identified in itsourcecode Online Discussion Forum 1.0. Affected by this issue is some unknown functionality of the file /members/compose_m… |
| CVE-2025-10666 | CVE-2025-10666 CVSS 9.8 | A security flaw has been discovered in D-Link DIR-825 up to 2.10. Affected by this vulnerability is the function sub_4106d4 of the file apply.cgi. The manipula… |
| CVE-2025-10665 | CVE-2025-10665 CVSS 9.8 | A vulnerability was identified in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. Affected is an unknown function of the file /Pro… |
| CVE-2025-10664 | CVE-2025-10664 CVSS 9.8 | A vulnerability was determined in PHPGurukul Small CRM 4.0. This impacts an unknown function of the file /create-ticket.php. Executing manipulation of the argu… |
| CVE-2025-10663 | CVE-2025-10663 CVSS 9.8 | A vulnerability was found in PHPGurukul Online Course Registration 3.1. This affects an unknown function of the file /my-profile.php. Performing manipulation o… |
| CVE-2025-10662 | CVE-2025-10662 CVSS 9.8 | A vulnerability has been found in SeaCMS up to 13.3. The impacted element is an unknown function of the file /admin_members.php?ac=editsave. Such manipulation … |
| CVE-2025-1066 | CVE-2025-1066 CVSS 9.8 | OpenPLC_V3 contains an arbitrary file upload vulnerability, which could be leveraged for malvertising or phishing campaigns. |
| CVE-2025-10659 | CVE-2025-10659 CVSS 9.8 | The Telenium Online Web Application is vulnerable due to a PHP endpoint accessible to unauthenticated network users that improperly handles user-supplied input… |
| CVE-2025-10644 | CVE-2025-10644 CVSS 9.4 | Wondershare Repairit SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authen… |
| CVE-2025-10643 | CVE-2025-10643 CVSS 9.1 | Wondershare Repairit Incorrect Permission Assignment Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication o… |
| CVE-2025-10640 | CVE-2025-10640 CVSS 9.8 | An unauthenticated attacker with access to TCP port 12306 of the WorkExaminer server can exploit missing server-side authentication checks to bypass the login … |
| CVE-2025-10624 | CVE-2025-10624 CVSS 9.8 | A security flaw has been discovered in PHPGurukul User Management System 1.0. This affects an unknown function of the file /login.php. Performing manipulation … |
| CVE-2025-10623 | CVE-2025-10623 CVSS 9.8 | A vulnerability was identified in SourceCodester Hotel Reservation System 1.0. The impacted element is an unknown function of the file deleteuser.php. Such man… |
| CVE-2025-10621 | CVE-2025-10621 CVSS 9.8 | A vulnerability was determined in SourceCodester Hotel Reservation System 1.0. The affected element is an unknown function of the file editroomimage.php. This … |
| CVE-2025-10611 | CVE-2025-10611 CVSS 9.8 | Due to an insufficient access control implementation in multiple WSO2 Products, authentication and authorization checks for certain REST APIs can be bypassed, … |
| CVE-2025-10610 | CVE-2025-10610 CVSS 9.8 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SFS Consulting Information Processing Industry and Foreig… |
| CVE-2025-1061 | CVE-2025-1061 CVSS 9.8 | The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.16. This is due to insufficient … |
| CVE-2025-10604 | CVE-2025-10604 CVSS 9.8 | A vulnerability was identified in PHPGurukul Online Discussion Forum 1.0. This affects an unknown part of the file /admin/edit_member.php. The manipulation of … |
| CVE-2025-10603 | CVE-2025-10603 CVSS 9.8 | A vulnerability was determined in PHPGurukul Online Discussion Forum 1.0. Affected by this issue is some unknown functionality of the file /admin/admin_forum/s… |
| CVE-2025-10601 | CVE-2025-10601 CVSS 9.8 | A vulnerability has been found in SourceCodester Online Exam Form Submission 1.0. Affected is an unknown function of the file /admin/index.php. Such manipulati… |
| CVE-2025-10600 | CVE-2025-10600 CVSS 9.8 | A flaw has been found in SourceCodester Online Exam Form Submission 1.0. This impacts an unknown function of the file /register.php. This manipulation of the a… |
| CVE-2025-10599 | CVE-2025-10599 CVSS 9.8 | A security flaw has been discovered in itsourcecode Web-Based Internet Laboratory Management System 1.0. Impacted is the function User::AuthenticateUser of the… |
| CVE-2025-10598 | CVE-2025-10598 CVSS 9.8 | A vulnerability was identified in SourceCodester Pet Grooming Management Software 1.0. This issue affects some unknown processing of the file /admin/search_pro… |
| CVE-2025-10597 | CVE-2025-10597 CVSS 9.8 | A vulnerability was determined in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. This vulnerability affects unknown code of the f… |
| CVE-2025-10596 | CVE-2025-10596 CVSS 9.8 | A vulnerability was found in SourceCodester Online Exam Form Submission 1.0. This affects an unknown part of the file /index.php. The manipulation of the argum… |
| CVE-2025-10587 | CVE-2025-10587 CVSS 9.8 | The Community Events plugin for WordPress is vulnerable to SQL Injection via the event_category parameter in all versions up to, and including, 1.5.1 due to in… |
| CVE-2025-10586 | CVE-2025-10586 CVSS 9.8 | The Community Events plugin for WordPress is vulnerable to SQL Injection via the ‘event_venue’ parameter in all versions up to, and including, 1.5.1 due to ins… |
| CVE-2025-10585 | Google Chromium V8 Type Confusion Vulnerability KEVCVSS 9.8Google | Google Chromium contains a type confusion vulnerability in the V8 JavaScript and WebAssembly engine. |
| CVE-2025-10571 | CVE-2025-10571 CVSS 9.6 | Authentication Bypass Using an Alternate Path or Channel vulnerability in ABB ABB Ability Edgenius.This issue affects ABB Ability Edgenius: 3.2.0.0, 3.2.1.1. |