31,594 indexed
CVECVE vulnerabilities
31,594 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 3,101–3,150 of 8,314 in Critical · page 63 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-70232 | CVE-2025-70232 CVSS 9.8 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetMACFilter. |
| CVE-2025-70231 | CVE-2025-70231 CVSS 9.8 | D-Link DIR-513 version 1.10 contains a critical-level vulnerability. When processing POST requests related to verification codes in /goform/formLogin, it enter… |
| CVE-2025-70230 | CVE-2025-70230 CVSS 9.8 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetDDNS. |
| CVE-2025-70229 | CVE-2025-70229 CVSS 9.8 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSchedule. |
| CVE-2025-70226 | CVE-2025-70226 CVSS 9.8 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formEasySetupWizard. |
| CVE-2025-70225 | CVE-2025-70225 CVSS 9.8 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curtime parameter to the goform/formEasySetupWWConfig component |
| CVE-2025-70223 | CVE-2025-70223 CVSS 9.8 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAdvNetwork. |
| CVE-2025-70222 | CVE-2025-70222 CVSS 9.8 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin,goform/getAuthCode. |
| CVE-2025-70221 | CVE-2025-70221 CVSS 9.8 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin. |
| CVE-2025-70220 | CVE-2025-70220 CVSS 9.8 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAutoDetecWAN_wizard4. |
| CVE-2025-70219 | CVE-2025-70219 CVSS 9.8 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the goform/formDeviceReboot. |
| CVE-2025-70218 | CVE-2025-70218 CVSS 9.8 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via POST to the goform/formAdvFirewall component. |
| CVE-2025-70161 | CVE-2025-70161 CVSS 9.8 | EDIMAX BR-6208AC V2_1.02 is vulnerable to Command Injection. This arises because the pppUserName field is directly passed to a shell command via the system() f… |
| CVE-2025-7016 | CVE-2025-7016 CVSS 8.0akinsoft | Improper Access Control vulnerability in Akın Software Computer Import Export Industry and Trade Ltd. QR Menu allows Authentication Abuse. This issue affects … |
| CVE-2025-70152 | CVE-2025-70152 CVSS 9.8 | code-projects Community Project Scholars Tracking System 1.0 is vulnerable to SQL Injection in the admin user management endpoints /admin/save_user.php and /ad… |
| CVE-2025-70150 | CVE-2025-70150 CVSS 9.8 | CodeAstro Membership Management System 1.0 contains a missing authentication vulnerability in delete_members.php that allows unauthenticated attackers to delet… |
| CVE-2025-7015 | CVE-2025-7015 CVSS 5.7akinsoft | Session Fixation vulnerability in Akın Software Computer Import Export Industry and Trade Ltd. QR Menu allows Session Fixation. This issue affects QR Menu: be… |
| CVE-2025-70149 | CVE-2025-70149 CVSS 9.8 | CodeAstro Membership Management System 1.0 is vulnerable to SQL Injection in print_membership_card.php via the ID parameter. |
| CVE-2025-70146 | CVE-2025-70146 CVSS 9.1 | Missing authentication in multiple administrative action scripts under /admin/ in ProjectWorlds Online Time Table Generator 1.0 allows remote attackers to perf… |
| CVE-2025-70141 | CVE-2025-70141 CVSS 9.4 | SourceCodester Customer Support System 1.0 contains an incorrect access control vulnerability in ajax.php. The AJAX dispatcher does not enforce authentication … |
| CVE-2025-7013 | CVE-2025-7013 CVSS 5.7qrmenumpro | Authorization Bypass Through User-Controlled Key vulnerability in QR Menu Pro Smart Menu Systems Menu Panel allows Exploitation of Trusted Identifiers. This i… |
| CVE-2025-70085 | CVE-2025-70085 CVSS 9.8 | An issue was discovered in OpenSatKit 2.2.1. The EventErrStr buffer has a fixed size of 256 bytes. The code uses sprintf to format two filenames (Source1Filena… |
| CVE-2025-70082 | CVE-2025-70082 CVSS 9.8 | An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitrary code and obtain sensitive information via the ltrx_evo component |
| CVE-2025-70067 | CVE-2025-70067 CVSS 9.8 | Buffer Overflow vulnerability exists in Assimp versions up to 6.0.2 in the FBX Importer. The vulnerability occurs in aiMaterial::AddBinaryProperty, where a pro… |
| CVE-2025-70046 | CVE-2025-70046 CVSS 9.8 | An issue pertaining to CWE-829: Inclusion of Functionality from Untrusted Control Sphere was discovered in Miazzy oa-front-service master. |
| CVE-2025-70043 | CVE-2025-70043 CVSS 9.1 | An issue pertaining to CWE-295: Improper Certificate Validation was discovered in Ayms node-To master. The application disables TLS/SSL certificate validation … |
| CVE-2025-70042 | CVE-2025-70042 CVSS 9.8 | An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in oslabs-beta ThermaKube master. |
| CVE-2025-70041 | CVE-2025-70041 CVSS 9.8 | An issue pertaining to CWE-259: Use of Hard-coded Password was discovered in oslabs-beta ThermaKube master. |
| CVE-2025-70039 | CVE-2025-70039 CVSS 9.8 | An issue pertaining to CWE-78: Improper Neutralization of Special Elements used in an OS Command was discovered in linagora Twake v2023.Q1.1223. |
| CVE-2025-70024 | CVE-2025-70024 CVSS 9.8 | An issue pertaining to CWE-89: Improper Neutralization of Special Elements used in an SQL Command was discovered in benkeen generatedata 4.0.14. |
| CVE-2025-70023 | CVE-2025-70023 CVSS 9.8 | An issue pertaining to CWE-843: Access of Resource Using Incompatible Type was discovered in transloadit uppy v0.25.6. |
| CVE-2025-69992 | CVE-2025-69992 CVSS 9.8 | phpgurukul News Portal Project V4.1 has File Upload Vulnerability via upload.php, which enables the upload of files of any format to the server without identit… |
| CVE-2025-69991 | CVE-2025-69991 CVSS 9.8 | phpgurukul News Portal Project V4.1 is vulnerable to SQL Injection in check_availablity.php. |
| CVE-2025-69990 | CVE-2025-69990 CVSS 9.1 | phpgurukul News Portal Project V4.1 has an Arbitrary File Deletion Vulnerability in remove_file.php. The parameter file can cause any file to be deleted. |
| CVE-2025-69985 | CVE-2025-69985 CVSS 9.8 | FUXA 1.2.8 and prior contains an Authentication Bypass vulnerability leading to Remote Code Execution (RCE). The vulnerability exists in the server/api/jwt-hel… |
| CVE-2025-69983 | CVE-2025-69983 CVSS 9.8 | FUXA v1.2.7 allows Remote Code Execution (RCE) via the project import functionality. The application does not properly sanitize or sandbox user-supplied script… |
| CVE-2025-69981 | CVE-2025-69981 CVSS 9.8 | FUXA v1.2.7 contains an Unrestricted File Upload vulnerability in the `/api/upload` API endpoint. The endpoint lacks authentication mechanisms, allowing unauth… |
| CVE-2025-69971 | CVE-2025-69971 CVSS 9.8 | FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-helper.js. The application uses a hard-coded secret key to sign and verify JWT Tok… |
| CVE-2025-69970 | CVE-2025-69970 CVSS 9.3 | FUXA v1.2.7 contains an insecure default configuration vulnerability in server/settings.default.js. The 'secureEnabled' flag is commented out by default, causi… |
| CVE-2025-69969 | CVE-2025-69969 CVSS 9.6 | A lack of authentication and authorization mechanisms in the Bluetooth Low Energy (BLE) communication protocol of SRK Powertech Pvt Ltd Pebble Prism Ultra v2.9… |
| CVE-2025-6994 | CVE-2025-6994 CVSS 9.8 | The Reveal Listing plugin by smartdatasoft for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.3. This is due to the plugin… |
| CVE-2025-69929 | CVE-2025-69929 CVSS 9.8 | An issue in N3uron Web User Interface v.1.21.7-240207.1047 allows a remote attacker to escalate privileges via the password hashing on the client side using th… |
| CVE-2025-69902 | CVE-2025-69902 CVSS 9.8 | A command injection vulnerability in the minimal_wrapper.py component of kubectl-mcp-server v1.2.0 allows attackers to execute arbitrary commands via injecting… |
| CVE-2025-69874 | CVE-2025-69874 CVSS 9.8 | nanotar through 0.2.0 has a path traversal vulnerability in parseTar() and parseTarGzip() that allows remote attackers to write arbitrary files outside the int… |
| CVE-2025-69872 | CVE-2025-69872 CVSS 9.8 | DiskCache (python-diskcache) through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve ar… |
| CVE-2025-69828 | CVE-2025-69828 CVSS 10.0 | File Upload vulnerability in TMS Global Software TMS Management Console v.6.3.7.27386.20250818 allows a remote attacker to execute arbitrary code via the Logo … |
| CVE-2025-69809 | CVE-2025-69809 CVSS 9.8 | A write-what-where condition in p2r3 Bareiron commit 8e4d40 allows unauthenticated attackers to write arbitrary values to memory, enabling arbitrary code execu… |
| CVE-2025-69808 | CVE-2025-69808 CVSS 9.1 | An out-of-bounds memory access (OOB) in p2r3 Bareiron commit 8e4d40 allows unauthenticated attackers to access sensitive information and cause a Denial of Serv… |
| CVE-2025-69771 | CVE-2025-69771 CVSS 9.6 | Cross-Site Scripting (XSS) vulnerability in the subtitle loading function of the asbplayer Chrome Extension version 1.14.0 allows attackers to execute arbitrar… |
| CVE-2025-69770 | CVE-2025-69770 CVSS 10.0 | A zip slip vulnerability in the /DesignTools/SkinList.aspx endpoint of MojoPortal CMS v2.9.0.1 allows attackers to execute arbitrary commands via uploading a c… |