33,897 indexed
CVECVE vulnerabilities
33,897 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 8,151–8,200 of 8,314 in Critical · page 164 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-10326 | CVE-2025-10326 CVSS 9.8 | A security flaw has been discovered in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected is an unknown function of the file /htdocs/api/playlist/single.php. Perf… |
| CVE-2025-10324 | CVE-2025-10324 CVSS 9.8 | A vulnerability was determined in Wavlink WL-WN578W2 221110. This affects the function sub_401C5C of the file firewall.cgi. This manipulation of the argument p… |
| CVE-2025-10323 | CVE-2025-10323 CVSS 9.8 | A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is the function sub_409184 of the file /wizard_rep.shtml. The manipulation of the … |
| CVE-2025-10294 | CVE-2025-10294 CVSS 9.8 | The OwnID Passwordless Login plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.3.4. This is due to the plugin… |
| CVE-2025-10284 | CVE-2025-10284 CVSS 9.6 | BBOT's unarchive module could be abused by supplying malicious archives files and when extracted can then perform an arbitrary file write, resulting in remote … |
| CVE-2025-10283 | CVE-2025-10283 CVSS 9.6 | BBOT's gitdumper module could be abused to execute commands through a malicious git repository. |
| CVE-2025-10266 | CVE-2025-10266 CVSS 9.8 | NUP Pro developed by NewType Infortech has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, m… |
| CVE-2025-10264 | CVE-2025-10264 CVSS 10.0 | Certain models of NVR developed by Digiever has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remoter attackers to access the sy… |
| CVE-2025-10251 | CVE-2025-10251 CVSS 9.8 | A vulnerability was detected in FoxCMS up to 1.24. Affected by this issue is the function batchCope of the file /app/admin/controller/Images.php. The manipulat… |
| CVE-2025-10230 | CVE-2025-10230 CVSS 10.0 | A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or esca… |
| CVE-2025-1023 | CVE-2025-1023 CVSS 9.8 | A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a time-based blind SQL Injection vu… |
| CVE-2025-10226 | CVE-2025-10226 CVSS 9.8 | Dependency on Vulnerable Third-Party Component (CWE-1395) in the PostgreSQL backend in AxxonSoft Axxon One (C-Werk) 2.0.8 and earlier on Windows and Linux allo… |
| CVE-2025-10220 | CVE-2025-10220 CVSS 9.8 | Use of Unmaintained Third Party Components (CWE-1104) in the NuGet dependency components in AxxonSoft Axxon One VMS 2.0.0 through 2.0.4 on Windows allows a rem… |
| CVE-2025-10218 | CVE-2025-10218 CVSS 9.8 | A flaw has been found in lostvip-com ruoyi-go 2.1. This affects the function SelectListPage of the file modules/system/dao/SysRoleDao.go of the component Backg… |
| CVE-2025-1020 | CVE-2025-1020 CVSS 9.8 | Memory safety bugs present in Firefox 134 and Thunderbird 134. Some of these bugs showed evidence of memory corruption and we presume that with enough effort s… |
| CVE-2025-10183 | CVE-2025-10183 CVSS 9.1 | A blind XML External Entity (XXE) injection in the OpenMessaging webservice in TecCom TecConnect 4.1 allows an unauthenticated attacker to exfiltrate arbitrary… |
| CVE-2025-1017 | CVE-2025-1017 CVSS 9.8 | Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption a… |
| CVE-2025-1016 | CVE-2025-1016 CVSS 9.8 | Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bug… |
| CVE-2025-10159 | CVE-2025-10159 CVSS 9.8 | An authentication bypass vulnerability allows remote attackers to gain administrative privileges on Sophos AP6 Series Wireless Access Points older than firmwar… |
| CVE-2025-10156 | CVE-2025-10156 CVSS 9.8 | An Improper Handling of Exceptional Conditions vulnerability in the ZIP archive scanning component of mmaitre314 picklescan allows a remote attacker to bypass … |
| CVE-2025-10147 | CVE-2025-10147 CVSS 9.8 | The Podlove Podcast Publisher plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'move_as_original_file' f… |
| CVE-2025-10134 | CVE-2025-10134 CVSS 9.1 | The Goza - Nonprofit Charity WordPress Theme theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the alone… |
| CVE-2025-10127 | CVE-2025-10127 CVSS 9.8 | Daikin Europe N.V Security Gateway is vulnerable to an authorization bypass through a user-controlled key vulnerability that could allow an attacker to bypa… |
| CVE-2025-10123 | CVE-2025-10123 CVSS 9.8 | A vulnerability was determined in D-Link DIR-823X up to 250416. Affected by this vulnerability is the function sub_415028 of the file /goform/set_static_leases… |
| CVE-2025-10118 | CVE-2025-10118 CVSS 9.8 | A security vulnerability has been detected in itsourcecode E-Logbook with Health Monitoring System for COVID-19 1.0. The affected element is an unknown functio… |
| CVE-2025-10114 | CVE-2025-10114 CVSS 9.8 | A vulnerability was found in PHPGurukul Small CRM 4.0. Affected by this issue is some unknown functionality of the file /profile.php. The manipulation of the a… |
| CVE-2025-10113 | CVE-2025-10113 CVSS 9.8 | A security vulnerability has been detected in itsourcecode Student Information Management System 1.0. This affects an unknown function of the file /admin/modul… |
| CVE-2025-10112 | CVE-2025-10112 CVSS 9.8 | A weakness has been identified in itsourcecode Student Information Management System 1.0. The impacted element is an unknown function of the file /admin/module… |
| CVE-2025-10111 | CVE-2025-10111 CVSS 9.8 | A security flaw has been discovered in itsourcecode Student Information Management System 1.0. The affected element is an unknown function of the file /admin/m… |
| CVE-2025-10109 | CVE-2025-10109 CVSS 9.8 | A vulnerability was determined in Campcodes Online Loan Management System 1.0. This issue affects some unknown processing of the file /ajax.php?action=delete_p… |
| CVE-2025-10108 | CVE-2025-10108 CVSS 9.8 | A vulnerability was found in Campcodes Online Loan Management System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=delete_loan. Per… |
| CVE-2025-10104 | CVE-2025-10104 CVSS 9.8 | A security vulnerability has been detected in code-projects Online Event Judging System 1.0. Affected is an unknown function of the file /review_search.php. Th… |
| CVE-2025-10103 | CVE-2025-10103 CVSS 9.8 | A weakness has been identified in code-projects Online Event Judging System 1.0. This impacts an unknown function of the file /home.php. Executing manipulation… |
| CVE-2025-10102 | CVE-2025-10102 CVSS 9.8 | A security flaw has been discovered in code-projects Online Event Judging System 1.0. This affects an unknown function of the file /index.php. Performing manip… |
| CVE-2025-10100 | CVE-2025-10100 CVSS 9.8 | A vulnerability was detected in SourceCodester Simple Forum Discussion System 1.0. This impacts an unknown function of the file /admin_class.php?action=login. … |
| CVE-2025-10097 | CVE-2025-10097 CVSS 9.8 | A vulnerability was identified in SimStudioAI sim up to 1.0.0. This impacts an unknown function of the file apps/sim/app/api/function/execute/route.ts. The man… |
| CVE-2025-10092 | CVE-2025-10092 CVSS 9.8 | A vulnerability was found in Jinher OA up to 1.2. This impacts an unknown function of the file /c6/Jhsoft.Web.projectmanage/TaskManage/AddTask.aspx/?Type=add o… |
| CVE-2025-10091 | CVE-2025-10091 CVSS 9.8 | A vulnerability has been found in Jinher OA up to 1.2. This affects an unknown function of the file /c6/Jhsoft.Web.projectmanage/ProjectManage/XmlHttp.aspx/?Ty… |
| CVE-2025-10090 | CVE-2025-10090 CVSS 9.8 | A flaw has been found in Jinher OA up to 1.2. The impacted element is an unknown function of the file /C6/Jhsoft.Web.departments/GetTreeDate.aspx. Executing ma… |
| CVE-2025-1009 | CVE-2025-1009 CVSS 9.8 | An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, … |
| CVE-2025-10082 | CVE-2025-10082 CVSS 9.8 | A vulnerability has been found in SourceCodester Online Polling System 1.0. Affected is an unknown function of the file /admin/manage-admins.php. Such manipula… |
| CVE-2025-10079 | CVE-2025-10079 CVSS 9.8 | A flaw has been found in PHPGurukul Small CRM 4.0. Affected by this vulnerability is an unknown functionality of the file /get-quote.php. Executing manipulatio… |
| CVE-2025-10078 | CVE-2025-10078 CVSS 9.8 | A vulnerability was detected in SourceCodester Online Polling System 1.0. Affected is an unknown function of the file /admin/candidates.php. Performing manipul… |
| CVE-2025-10077 | CVE-2025-10077 CVSS 9.8 | A security vulnerability has been detected in SourceCodester Online Polling System 1.0. This impacts an unknown function of the file /registeracc.php. Such man… |
| CVE-2025-10076 | CVE-2025-10076 CVSS 9.8 | A weakness has been identified in SourceCodester Online Polling System 1.0. This affects an unknown function of the file /manage-profile.php. This manipulation… |
| CVE-2025-10068 | CVE-2025-10068 CVSS 9.8 | A flaw has been found in itsourcecode Online Discussion Forum 1.0. This affects an unknown function of the file /admin/admin_forum/add_views.php. Executing man… |
| CVE-2025-10062 | CVE-2025-10062 CVSS 9.8 | A vulnerability was determined in itsourcecode Student Information Management System 1.0. This affects an unknown part of the file /admin/login.php. Executing … |
| CVE-2025-10041 | CVE-2025-10041 CVSS 9.8 | The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in thesave_qr_code_to_db() function… |
| CVE-2025-10035 | Fortra GoAnywhere MFT Deserialization of Untrusted Data Vulnerability KEVCVSS 9.8Fortra | Fortra GoAnywhere MFT contains a deserialization of untrusted data vulnerability allows an actor with a validly forged license response signature to deserializ… |
| CVE-2025-10034 | CVE-2025-10034 CVSS 9.8 | A vulnerability was found in D-Link DIR-825 1.08.01. This impacts the function get_ping6_app_stat of the file ping6_response.cg of the component httpd. Perform… |