31,594 indexed
CVECVE vulnerabilities
31,594 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 2,851–2,900 of 8,314 in Critical · page 58 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-8227 | CVE-2025-8227 CVSS 9.8 | A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of … |
| CVE-2025-8226 | CVE-2025-8226 CVSS 9.8 | A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been classified as problematic. Affected is an unknown function of the file /sysApp/find.… |
| CVE-2025-8220 | CVE-2025-8220 CVSS 9.4 | A vulnerability has been found in Engeman Web up to 12.0.0.2. The affected element is an unknown function of the file /Login/RecoveryPass of the component Pass… |
| CVE-2025-8219 | CVE-2025-8219 CVSS 9.8 | A vulnerability was found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.4.7. It has been rated as critical. This issue affects some unknow… |
| CVE-2025-8203 | CVE-2025-8203 CVSS 9.8 | A vulnerability classified as critical has been found in Jingmen Zeyou Large File Upload Control up to 6.3. Affected is an unknown function of the file /index.… |
| CVE-2025-8185 | CVE-2025-8185 CVSS 9.8 | A vulnerability was found in 1000 Projects ABC Courier Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /… |
| CVE-2025-8184 | CVE-2025-8184 CVSS 9.8 | A vulnerability was found in D-Link DIR-513 up to 1.10 and classified as critical. This issue affects the function formSetWanL2TPcallback of the file /goform/f… |
| CVE-2025-8179 | CVE-2025-8179 CVSS 9.8 | A vulnerability classified as critical was found in PHPGurukul Local Services Search Engine Management System 2.1. Affected by this vulnerability is an unknown… |
| CVE-2025-8173 | CVE-2025-8173 CVSS 9.8 | A vulnerability has been found in 1000 Projects ABC Courier Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown func… |
| CVE-2025-8169 | CVE-2025-8169 CVSS 9.8 | A vulnerability classified as critical has been found in D-Link DIR-513 1.10. This affects the function formSetWanPPTPcallback of the file /goform/formSetWanPP… |
| CVE-2025-8168 | CVE-2025-8168 CVSS 9.8 | A vulnerability was found in D-Link DIR-513 1.10. It has been rated as critical. Affected by this issue is the function websAspInit of the file /goform/formSet… |
| CVE-2025-8166 | CVE-2025-8166 CVSS 9.8 | A vulnerability was found in code-projects Church Donation System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/i… |
| CVE-2025-8159 | CVE-2025-8159 CVSS 9.8 | A vulnerability was found in D-Link DIR-513 1.0. It has been rated as critical. This issue affects the function formLanguageChange of the file /goform/formLang… |
| CVE-2025-8125 | CVE-2025-8125 CVSS 9.8 | A vulnerability was found in deerwms deer-wms-2 up to 3.3. It has been rated as critical. Affected by this issue is some unknown functionality of the file /sys… |
| CVE-2025-8120 | CVE-2025-8120 CVSS 9.8 | Due to client-controlled permission check parameter, PAD CMS's upload photo functionality allows an unauthenticated remote attacker to upload files of any type… |
| CVE-2025-8077 | CVE-2025-8077 CVSS 9.8 | A vulnerability exists in NeuVector versions up to and including 5.4.5, where a fixed string is used as the default password for the built-in `admin` account. … |
| CVE-2025-8059 | CVE-2025-8059 CVSS 9.8 | The B Blocks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization and improper input validation within the rgfr_registration… |
| CVE-2025-8053 | CVE-2025-8053 CVSS 9.1 | Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulne… |
| CVE-2025-8047 | CVE-2025-8047 CVSS 9.8 | The disable-right-click-powered-by-pixterme through v1.2 and pixter-image-digital-license thtough v1.0 WordPress plugins load a JavaScript file which has been … |
| CVE-2025-8044 | CVE-2025-8044 CVSS 9.8 | Memory safety bugs present in Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort s… |
| CVE-2025-8043 | CVE-2025-8043 CVSS 9.8 | Focus incorrectly truncated URLs towards the beginning instead of around the origin. This vulnerability was fixed in Firefox 141. |
| CVE-2025-8042 | CVE-2025-8042 CVSS 9.8 | Firefox for Android allowed a sandboxed iframe without the `allow-downloads` attribute to start downloads. This vulnerability was fixed in Firefox 141. |
| CVE-2025-8038 | CVE-2025-8038 CVSS 9.8 | Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141… |
| CVE-2025-8037 | CVE-2025-8037 CVSS 9.1 | Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie includ… |
| CVE-2025-8031 | CVE-2025-8031 CVSS 9.8 | The `username:password` part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability … |
| CVE-2025-8028 | CVE-2025-8028 CVSS 9.8 | On arm64, a WASM `br_table` instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect compu… |
| CVE-2025-8025 | CVE-2025-8025 CVSS 9.8 | Missing Authentication for Critical Function, Improper Access Control vulnerability in Dinosoft Business Solutions Dinosoft ERP allows Accessing Functionality … |
| CVE-2025-7972 | CVE-2025-7972 CVSS 9.1 | A security issue exists within the FactoryTalk Linx Network Browser. By modifying the process.env.NODE_ENV to ‘development’, the attacker can disable FTSP toke… |
| CVE-2025-7955 | CVE-2025-7955 CVSS 9.8 | The RingCentral Communications plugin for WordPress is vulnerable to Authentication Bypass due to improper validation within the ringcentral_admin_login_2fa_ve… |
| CVE-2025-7950 | CVE-2025-7950 CVSS 9.8 | A vulnerability was found in code-projects Public Chat Room 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the fil… |
| CVE-2025-7933 | CVE-2025-7933 CVSS 9.8 | A vulnerability classified as critical was found in Campcodes Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /pages/settin… |
| CVE-2025-7930 | CVE-2025-7930 CVSS 9.8 | A vulnerability was found in code-projects Church Donation System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functiona… |
| CVE-2025-7929 | CVE-2025-7929 CVSS 9.8 | A vulnerability was found in code-projects Church Donation System 1.0. It has been classified as critical. Affected is an unknown function of the file /members… |
| CVE-2025-7928 | CVE-2025-7928 CVSS 9.8 | A vulnerability was found in code-projects Church Donation System 1.0 and classified as critical. This issue affects some unknown processing of the file /membe… |
| CVE-2025-7921 | CVE-2025-7921 CVSS 9.8 | Certain modem models developed by Askey has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's exe… |
| CVE-2025-7918 | CVE-2025-7918 CVSS 9.8 | WinMatrix3 Web package developed by Simopro Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL com… |
| CVE-2025-7916 | CVE-2025-7916 CVSS 9.8 | WinMatrix3 developed by Simopro Technology has an Insecure Deserialization vulnerability, allowing unauthenticated remote attackers to execute arbitrary code o… |
| CVE-2025-7915 | CVE-2025-7915 CVSS 9.8 | A vulnerability was found in Chanjet CRM 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /mail/mailinactive.ph… |
| CVE-2025-7911 | CVE-2025-7911 CVSS 9.8 | A vulnerability classified as critical was found in D-Link DI-8100 1.0. This vulnerability affects the function sprintf of the file /upnp_ctrl.asp of the compo… |
| CVE-2025-7897 | CVE-2025-7897 CVSS 9.8 | A vulnerability was found in harry0703 MoneyPrinterTurbo up to 1.2.6 and classified as critical. Affected by this issue is the function verify_token of the fil… |
| CVE-2025-7895 | CVE-2025-7895 CVSS 9.8 | A vulnerability, which was classified as critical, was found in harry0703 MoneyPrinterTurbo up to 1.2.6. Affected is the function upload_bgm_file of the file a… |
| CVE-2025-7894 | CVE-2025-7894 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in Onyx up to 0.29.1. This issue affects the function generate_simple_sql of the file backend… |
| CVE-2025-7888 | CVE-2025-7888 CVSS 9.8 | A vulnerability was found in TDuckCloud tduck-platform 5.1 and classified as critical. This issue affects the function UserFormDataMapper of the file src/main/… |
| CVE-2025-7879 | CVE-2025-7879 CVSS 9.8 | A vulnerability has been found in Metasoft 美特软件 MetaCRM up to 6.4.2 and classified as critical. Affected by this vulnerability is an unknown functionality of t… |
| CVE-2025-7877 | CVE-2025-7877 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in Metasoft 美特软件 MetaCRM up to 6.4.2. This issue affects some unknown processing of the file … |
| CVE-2025-7876 | CVE-2025-7876 CVSS 9.8 | A vulnerability classified as critical was found in Metasoft 美特软件 MetaCRM up to 6.4.2. This vulnerability affects the function AnalyzeParam of the file downloa… |
| CVE-2025-7874 | CVE-2025-7874 CVSS 9.1 | A vulnerability was found in Metasoft 美特软件 MetaCRM up to 6.4.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the f… |
| CVE-2025-7873 | CVE-2025-7873 CVSS 9.8 | A vulnerability was found in Metasoft 美特软件 MetaCRM up to 6.4.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of… |
| CVE-2025-7862 | CVE-2025-7862 CVSS 9.8 | A vulnerability has been found in TOTOLINK T6 4.1.5cu.748_B20211015 and classified as critical. Affected by this vulnerability is the function setTelnetCfg of … |
| CVE-2025-7861 | CVE-2025-7861 CVSS 9.8 | A vulnerability, which was classified as critical, was found in code-projects Church Donation System 1.0. Affected is an unknown function of the file /members/… |