33,897 indexed
CVECVE vulnerabilities
33,897 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 8,201–8,250 of 8,314 in Critical · page 165 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-10033 | CVE-2025-10033 CVSS 9.8 | A vulnerability has been found in itsourcecode Online Discussion Forum 1.0. This affects an unknown function of the file /admin. Such manipulation of the argum… |
| CVE-2025-10031 | CVE-2025-10031 CVSS 9.8 | A security vulnerability has been detected in Campcodes Grocery Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=de… |
| CVE-2025-10030 | CVE-2025-10030 CVSS 9.8 | A weakness has been identified in Campcodes Grocery Sales and Inventory System 1.0. This issue affects some unknown processing of the file /ajax.php?action=sav… |
| CVE-2025-10025 | CVE-2025-10025 CVSS 9.8 | A vulnerability has been found in PHPGurukul Online Course Registration 3.1. Affected is an unknown function of the file /admin/semester.php. The manipulation … |
| CVE-2025-0987 | CVE-2025-0987 CVSS 9.9 | Authorization Bypass Through User-Controlled Key vulnerability in CB Project Ltd. Co. CVLand allows Parameter Injection. This issue affects CVLand: from 2.1.0… |
| CVE-2025-0982 | CVE-2025-0982 CVSS 10.0 | Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an actor to execute arbitrary unsandboxed code via crafted JavaScr… |
| CVE-2025-0960 | CVE-2025-0960 CVSS 9.8 | AutomationDirect C-more EA9 HMI contains a function with bounds checks that can be skipped, which could result in an attacker abusing the function to cause a d… |
| CVE-2025-0950 | CVE-2025-0950 CVSS 9.8 | A vulnerability was found in itsourcecode Tailoring Management System 1.0 and classified as critical. This issue affects some unknown processing of the file st… |
| CVE-2025-0946 | CVE-2025-0946 CVSS 9.8 | A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. Affected by this vulnerability is an unknown functionality of… |
| CVE-2025-0945 | CVE-2025-0945 CVSS 9.8 | A vulnerability classified as critical has been found in itsourcecode Tailoring Management System 1.0. Affected is an unknown function of the file typedelete.p… |
| CVE-2025-0944 | CVE-2025-0944 CVSS 9.8 | A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the fil… |
| CVE-2025-0943 | CVE-2025-0943 CVSS 9.8 | A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the fil… |
| CVE-2025-0929 | CVE-2025-0929 CVSS 9.8 | SQL injection vulnerability in TeamCal Neo, version 3.8.2. This could allow an attacker to retrieve, update and delete all database information by injecting a … |
| CVE-2025-0912 | CVE-2025-0912 CVSS 9.8 | The Donations Widget plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.4 via deserialization of untrusted i… |
| CVE-2025-0896 | CVE-2025-0896 CVSS 9.8 | Orthanc server prior to version 1.5.8 does not enable basic authentication by default when remote access is enabled. This could result in unauthorized access b… |
| CVE-2025-0890 | CVE-2025-0890 CVSS 9.8 | **UNSUPPORTED WHEN ASSIGNED** Insecure default credentials for the Telnet function in the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_201… |
| CVE-2025-0881 | CVE-2025-0881 CVSS 9.8 | A vulnerability was found in Codezips Gym Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /dashboard/adm… |
| CVE-2025-0880 | CVE-2025-0880 CVSS 9.8 | A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dashboard/a… |
| CVE-2025-0874 | CVE-2025-0874 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in code-projects Simple Plugins Car Rental Management 1.0. Affected by this issue is some unk… |
| CVE-2025-0873 | CVE-2025-0873 CVSS 9.8 | A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. Affected by this vulnerability is an unknown functionality of… |
| CVE-2025-0872 | CVE-2025-0872 CVSS 9.8 | A vulnerability classified as critical has been found in itsourcecode Tailoring Management System 1.0. Affected is an unknown function of the file /addpayment.… |
| CVE-2025-0867 | CVE-2025-0867 CVSS 9.9 | The standard user uses the run as function to start the MEAC applications with administrative privileges. To ensure that the system can startup on its own, the… |
| CVE-2025-0855 | CVE-2025-0855 CVSS 9.8 | The PGS Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.8.0 via deserialization of untrusted input in t… |
| CVE-2025-0851 | CVE-2025-0851 CVSS 9.8 | A path traversal issue in ZipUtils.unzip and TarUtils.untar in Deep Java Library (DJL) on all platforms allows a bad actor to write files to arbitrary location… |
| CVE-2025-0848 | CVE-2025-0848 CVSS 9.8 | A vulnerability was found in Tenda A18 up to 15.13.07.09. It has been rated as critical. This issue affects the function SetCmdlineRun of the file /goform/SetC… |
| CVE-2025-0847 | CVE-2025-0847 CVSS 9.8 | A vulnerability was found in 1000 Projects Employee Task Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of th… |
| CVE-2025-0846 | CVE-2025-0846 CVSS 9.8 | A vulnerability was found in 1000 Projects Employee Task Management System 1.0. It has been classified as critical. This affects an unknown part of the file /a… |
| CVE-2025-0843 | CVE-2025-0843 CVSS 9.8 | A vulnerability was found in needyamin Library Card System 1.0. It has been classified as critical. Affected is an unknown function of the file admindashboard.… |
| CVE-2025-0842 | CVE-2025-0842 CVSS 9.8 | A vulnerability was found in needyamin Library Card System 1.0 and classified as critical. This issue affects some unknown processing of the file admin.php of … |
| CVE-2025-0838 | CVE-2025-0838 CVSS 9.8 | There exists a heap buffer overflow vulnerable in Abseil-cpp. The sized constructors, reserve(), and rehash() methods of absl::{flat,node}hash{set,map} did not… |
| CVE-2025-0803 | CVE-2025-0803 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0. Affected by this issue is some unknown functionality o… |
| CVE-2025-0793 | CVE-2025-0793 CVSS 9.8 | A vulnerability has been found in ESAFENET CDG V5 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /todoDetai… |
| CVE-2025-0792 | CVE-2025-0792 CVSS 9.8 | A vulnerability, which was classified as critical, was found in ESAFENET CDG V5. Affected is an unknown function of the file /sdTodoDetail.jsp. The manipulatio… |
| CVE-2025-0791 | CVE-2025-0791 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in ESAFENET CDG V5. This issue affects some unknown processing of the file /sdDoneDetail.jsp.… |
| CVE-2025-0781 | CVE-2025-0781 CVSS 9.9 | An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system le… |
| CVE-2025-0767 | CVE-2025-0767 CVSS 9.8 | WP Activity Log 5.3.2 was found to be vulnerable. Unvalidated user input is used directly in an unserialize function in myapp/classes/Writers/class-csv-writer.… |
| CVE-2025-0756 | CVE-2025-0756 CVSS 9.1 | Overview The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an id… |
| CVE-2025-0680 | CVE-2025-0680 CVSS 9.8 | Affected products contain a vulnerability in the device cloud rpc command handling process that could allow remote attackers to take control over arbitrary dev… |
| CVE-2025-0674 | CVE-2025-0674 CVSS 9.8 | Multiple Elber products are affected by an authentication bypass vulnerability which allows unauthorized access to the password management functionality. Att… |
| CVE-2025-0668 | CVE-2025-0668 CVSS 9.8 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BOINC Server allows Stored XSS.This issue affects … |
| CVE-2025-0637 | CVE-2025-0637 CVSS 9.8 | It has been found that the Beta10 software does not provide for proper authorisation control in multiple areas of the application. This deficiency could allow … |
| CVE-2025-0634 | CVE-2025-0634 CVSS 9.8 | Use After Free vulnerability in Samsung Open Source rLottie allows Remote Code Inclusion.This issue affects rLottie: V0.2. |
| CVE-2025-0603 | CVE-2025-0603 CVSS 9.8 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Callvision Healthcare Callvision Emergency Code allows SQ… |
| CVE-2025-0585 | CVE-2025-0585 CVSS 9.8 | The a+HRD from aEnrich Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify… |
| CVE-2025-0565 | CVE-2025-0565 CVSS 9.8 | A vulnerability was found in ZZCMS 2023. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php. The manipu… |
| CVE-2025-0564 | CVE-2025-0564 CVSS 9.8 | A vulnerability was found in code-projects Fantasy-Cricket 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of… |
| CVE-2025-0563 | CVE-2025-0563 CVSS 9.8 | A vulnerability was found in code-projects Fantasy-Cricket 1.0. It has been classified as critical. Affected is an unknown function of the file /dash/update.ph… |
| CVE-2025-0562 | CVE-2025-0562 CVSS 9.8 | A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dashboard/a… |
| CVE-2025-0561 | CVE-2025-0561 CVSS 9.8 | A vulnerability has been found in itsourcecode Farm Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /add-… |
| CVE-2025-0558 | CVE-2025-0558 CVSS 9.8 | A vulnerability classified as critical was found in TDuckCloud tduck-platform up to 4.0. This vulnerability affects the function QueryProThemeRequest of the fi… |