31,594 indexed
CVECVE vulnerabilities
31,594 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 3,051–3,100 of 8,314 in Critical · page 62 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-7147 | CVE-2025-7147 CVSS 9.8 | A vulnerability has been found in CodeAstro Patient Record Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown funct… |
| CVE-2025-7136 | CVE-2025-7136 CVSS 9.8 | A vulnerability, which was classified as critical, was found in Campcodes Online Recruitment Management System 1.0. Affected is an unknown function of the file… |
| CVE-2025-7135 | CVE-2025-7135 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in Campcodes Online Recruitment Management System 1.0. This issue affects some unknown proces… |
| CVE-2025-7134 | CVE-2025-7134 CVSS 9.8 | A vulnerability classified as critical was found in Campcodes Online Recruitment Management System 1.0. This vulnerability affects unknown code of the file /ad… |
| CVE-2025-7132 | CVE-2025-7132 CVSS 9.8 | A vulnerability was found in Campcodes Payroll Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of th… |
| CVE-2025-7131 | CVE-2025-7131 CVSS 9.8 | A vulnerability was found in Campcodes Payroll Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functional… |
| CVE-2025-7130 | CVE-2025-7130 CVSS 9.8 | A vulnerability was found in Campcodes Payroll Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /ajax.php… |
| CVE-2025-7129 | CVE-2025-7129 CVSS 9.8 | A vulnerability was found in Campcodes Payroll Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /ajax.p… |
| CVE-2025-71284 | CVE-2025-71284 CVSS 9.8 | Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radiu… |
| CVE-2025-71281 | CVE-2025-71281 CVSS 9.8 | XenForo before 2.3.7 does not properly restrict methods callable from within templates. A loose prefix match was used instead of a stricter first-word match fo… |
| CVE-2025-7128 | CVE-2025-7128 CVSS 9.8 | A vulnerability has been found in Campcodes Payroll Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /ajax… |
| CVE-2025-71279 | CVE-2025-71279 CVSS 9.8 | XenForo before 2.3.7 contains a security issue affecting Passkeys that have been added to user accounts. An attacker may be able to compromise the security of … |
| CVE-2025-71257 | CVE-2025-71257 CVSS 9.1 | BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain an authentication bypass vulnerability due to improper enforcement of security filters on re… |
| CVE-2025-71243 | CVE-2025-71243 CVSS 9.8 | The 'Saisies pour formulaire' (Saisies) plugin for SPIP versions 5.4.0 through 5.11.0 contains a critical Remote Code Execution (RCE) vulnerability. An attacke… |
| CVE-2025-7122 | CVE-2025-7122 CVSS 9.8 | A vulnerability was found in Campcodes Complaint Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /… |
| CVE-2025-71211 | CVE-2025-71211 CVSS 9.8 | A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installa… |
| CVE-2025-71210 | CVE-2025-71210 CVSS 9.8 | A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installa… |
| CVE-2025-7120 | CVE-2025-7120 CVSS 9.8 | A vulnerability was found in Campcodes Complaint Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the … |
| CVE-2025-7119 | CVE-2025-7119 CVSS 9.8 | A vulnerability has been found in Campcodes Complaint Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functional… |
| CVE-2025-71058 | CVE-2025-71058 CVSS 9.1 | Dual DHCP DNS Server 8.01 improperly accepts and caches UDP DNS responses without validating that the response originates from a legitimate configured upstream… |
| CVE-2025-7102 | CVE-2025-7102 CVSS 9.8 | A vulnerability was found in BoyunCMS up to 1.4.20. It has been declared as critical. This vulnerability affects unknown code of the file application/update/co… |
| CVE-2025-7101 | CVE-2025-7101 CVSS 9.8 | A vulnerability was found in BoyunCMS up to 1.4.20. It has been classified as critical. This affects an unknown part of the file /install/install_ok.php of the… |
| CVE-2025-7100 | CVE-2025-7100 CVSS 9.8 | A vulnerability was found in BoyunCMS up to 1.4.20 and classified as critical. Affected by this issue is some unknown functionality of the file /application/us… |
| CVE-2025-70998 | CVE-2025-70998 CVSS 9.8 | UTT HiPER 810 / nv810v4 router firmware v1.5.0-140603 was discovered to contain insecure default credentials for the telnet service, possibly allowing a remote… |
| CVE-2025-70985 | CVE-2025-70985 CVSS 9.1 | Incorrect access control in the update function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily modify data outside of their scope. |
| CVE-2025-70983 | CVE-2025-70983 CVSS 9.9 | Incorrect access control in the authRoutes function of SpringBlade v4.5.0 allows attackers with low-level privileges to escalate privileges. |
| CVE-2025-70982 | CVE-2025-70982 CVSS 9.9 | Incorrect access control in the importUser function of SpringBlade v4.5.0 allows attackers with low-level privileges to arbitrarily import sensitive user data. |
| CVE-2025-70981 | CVE-2025-70981 CVSS 9.8 | CordysCRM 1.4.1 is vulnerable to SQL Injection in the employee list query interface (/user/list) via the departmentIds parameter. |
| CVE-2025-70974 | CVE-2025-70974 CVSS 10.0 | Fastjson before 1.2.48 mishandles autoType because, when an @type key is in a JSON document, and the value of that key is the name of a Java class, there may b… |
| CVE-2025-70968 | CVE-2025-70968 CVSS 9.8 | FreeImage 3.18.0 contains a Use After Free in PluginTARGA.cpp;loadRLE(). |
| CVE-2025-70948 | CVE-2025-70948 CVSS 9.3 | A host header injection vulnerability in the mailer component of @perfood/couch-auth v0.26.0 allows attackers to obtain reset tokens and execute an account tak… |
| CVE-2025-70892 | CVE-2025-70892 CVSS 9.8 | Phpgurukul Cyber Cafe Management System v1.0 contains a SQL Injection vulnerability in the user management module. The application fails to properly validate u… |
| CVE-2025-70888 | CVE-2025-70888 CVSS 9.8 | An issue in mtrojnar Osslsigncode affected at v2.10 and before allows a remote attacker to escalate privileges via the osslsigncode.c component |
| CVE-2025-70833 | CVE-2025-70833 CVSS 9.4 | An Authentication Bypass vulnerability in Smanga 3.2.7 allows an unauthenticated attacker to reset the password of any user (including the administrator) and f… |
| CVE-2025-70831 | CVE-2025-70831 CVSS 9.8 | A Remote Code Execution (RCE) vulnerability was found in Smanga 3.2.7 in the /php/path/rescan.php interface. The application fails to properly sanitize user-su… |
| CVE-2025-70830 | CVE-2025-70830 CVSS 9.9 | A Server-Side Template Injection (SSTI) vulnerability in the Freemarker template engine of Datart v1.0.0-rc.3 allows authenticated attackers to execute arbitra… |
| CVE-2025-70821 | CVE-2025-70821 CVSS 9.8 | renren-secuity before v5.5.0 is vulnerable to SQL Injection in the BaseServiceImpl.java component |
| CVE-2025-7065 | CVE-2025-7065 CVSS 9.8 | Due to client-controlled permission check parameter, PAD CMS's photo upload functionality allows an unauthenticated remote attacker to upload files of any type… |
| CVE-2025-7063 | CVE-2025-7063 CVSS 9.8 | Due to client-controlled permission check parameter, PAD CMS's file upload functionality allows an unauthenticated remote attacker to upload files of any type … |
| CVE-2025-70457 | CVE-2025-70457 CVSS 9.8 | A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Modern Image Gallery App v1.0 within the gallery/upload.php component. The application fai… |
| CVE-2025-70327 | CVE-2025-70327 CVSS 9.8 | TOTOLINK X5000R v9.1.0cu_2415_B20250515 contains an argument injection vulnerability in the setDiagnosisCfg handler of the /usr/sbin/lighttpd executable. The i… |
| CVE-2025-70314 | CVE-2025-70314 CVSS 9.8 | webfsd 1.21 is vulnerable to a Buffer Overflow via a crafted request. This is due to the filename variable |
| CVE-2025-70245 | CVE-2025-70245 CVSS 9.8 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWizardSelectMode. |
| CVE-2025-70241 | CVE-2025-70241 CVSS 9.8 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWANType_Wizard5. |
| CVE-2025-70240 | CVE-2025-70240 CVSS 9.8 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard51. |
| CVE-2025-70239 | CVE-2025-70239 CVSS 9.8 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard55. |
| CVE-2025-70237 | CVE-2025-70237 CVSS 9.8 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetPortTr. |
| CVE-2025-70236 | CVE-2025-70236 CVSS 9.8 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetDomainFilter. |
| CVE-2025-70234 | CVE-2025-70234 CVSS 9.8 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetQoS. |
| CVE-2025-70233 | CVE-2025-70233 CVSS 9.8 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetEnableWizard. |