31,594 indexed
CVECVE vulnerabilities
31,594 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 3,151–3,200 of 8,314 in Critical · page 64 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-69766 | CVE-2025-69766 CVSS 9.8 | Tenda AX3 firmware v16.03.12.11 contains a stack-based buffer overflow in the formGetIptv function due to improper handling of the citytag stack buffer, which … |
| CVE-2025-69764 | CVE-2025-69764 CVSS 9.8 | Tenda AX3 firmware v16.03.12.11 contains a stack-based buffer overflow in the formGetIptv function due to improper handling of the stbpvid stack buffer, which … |
| CVE-2025-69763 | CVE-2025-69763 CVSS 9.8 | Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formSetIptv via the vlanId parameter, which can cause memory corruption and enable remote code exe… |
| CVE-2025-69762 | CVE-2025-69762 CVSS 9.8 | Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formSetIptv via the list parameter, which can cause memory corruption and enable remote code execu… |
| CVE-2025-69691 | CVE-2025-69691 CVSS 9.9 | Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via pfsense.exec_php. NOTE: the Supplier disputes this because the API call is only available … |
| CVE-2025-69690 | CVE-2025-69690 CVSS 9.1 | Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object containing the post_reboot_command… |
| CVE-2025-6965 | CVE-2025-6965 CVSS 9.8 | There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead… |
| CVE-2025-69634 | CVE-2025-69634 CVSS 9.0 | Cross Site Request Forgery vulnerability in Dolibarr ERP & CRM v.22.0.9 allows a remote attacker to escalate privileges via the notes field in perms.php NOTE: … |
| CVE-2025-69633 | CVE-2025-69633 CVSS 9.8 | A SQL Injection vulnerability in the Advanced Popup Creator (advancedpopupcreator) module for PrestaShop 1.1.26 through 1.2.6 (Fixed in version 1.2.7) allows r… |
| CVE-2025-6963 | CVE-2025-6963 CVSS 9.8 | A vulnerability has been found in Campcodes Employee Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /myp… |
| CVE-2025-6962 | CVE-2025-6962 CVSS 9.8 | A vulnerability, which was classified as critical, was found in Campcodes Employee Management System 1.0. This affects an unknown part of the file /myprofileup… |
| CVE-2025-69615 | CVE-2025-69615 CVSS 9.1 | Incorrect Access Control via missing 2FA rate-limiting allowing unlimited brute-force retries and full MFA bypass with no user interaction required. Affected P… |
| CVE-2025-69614 | CVE-2025-69614 CVSS 9.4 | Incorrect Access Control via activation token reuse on the password-reset endpoint allowing unauthorized password resets and full account takeover. Affected Pr… |
| CVE-2025-6961 | CVE-2025-6961 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in Campcodes Employee Management System 1.0. Affected by this issue is some unknown functiona… |
| CVE-2025-69602 | CVE-2025-69602 CVSS 9.1 | A session fixation vulnerability exists in 66biolinks v62.0.0 by AltumCode, where the application does not regenerate the session identifier after successful a… |
| CVE-2025-6960 | CVE-2025-6960 CVSS 9.8 | A vulnerability classified as critical was found in Campcodes Employee Management System 1.0. Affected by this vulnerability is an unknown functionality of the… |
| CVE-2025-69599 | CVE-2025-69599 CVSS 9.8 | RayVentory Scan Engine through 12.6 Update 8 allows attackers to gain privileges if they control the value of the PATH environment variable. NOTE: this is disp… |
| CVE-2025-6959 | CVE-2025-6959 CVSS 9.8 | A vulnerability classified as critical has been found in Campcodes Employee Management System 1.0. Affected is an unknown function of the file /eloginwel.php. … |
| CVE-2025-6958 | CVE-2025-6958 CVSS 9.8 | A vulnerability was found in Campcodes Employee Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /e… |
| CVE-2025-6957 | CVE-2025-6957 CVSS 9.8 | A vulnerability was found in Campcodes Employee Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /p… |
| CVE-2025-69565 | CVE-2025-69565 CVSS 9.8 | code-projects Mobile Shop Management System 1.0 is vulnerable to File Upload in /ExAddProduct.php. |
| CVE-2025-69564 | CVE-2025-69564 CVSS 9.8 | code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /ExAddNewUser.php via the Name, Address, email, UserName, Password, confirm_p… |
| CVE-2025-69563 | CVE-2025-69563 CVSS 9.8 | code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /ExLogin.php via the Password parameter. |
| CVE-2025-69562 | CVE-2025-69562 CVSS 9.8 | code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /insertmessage.php via the userid parameter. |
| CVE-2025-6956 | CVE-2025-6956 CVSS 9.8 | A vulnerability was found in Campcodes Employee Management System 1.0. It has been classified as critical. This affects an unknown part of the file /changepass… |
| CVE-2025-69559 | CVE-2025-69559 CVSS 9.8 | code-projects Computer Book Store 1.0 is vulnerable to File Upload in admin_add.php. |
| CVE-2025-6955 | CVE-2025-6955 CVSS 9.8 | A vulnerability was found in Campcodes Employee Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the f… |
| CVE-2025-69542 | CVE-2025-69542 CVSS 9.8 | A Command Injection Vulnerability has been discovered in the DHCP daemon service of D-Link DIR895LA1 v102b07. The vulnerability exists in the lease renewal pro… |
| CVE-2025-6954 | CVE-2025-6954 CVSS 9.8 | A vulnerability has been found in Campcodes Employee Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionali… |
| CVE-2025-69515 | CVE-2025-69515 CVSS 9.1 | An issue in JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to force the infotainment system into accepting falsified GPS signals as le… |
| CVE-2025-69405 | CVE-2025-69405 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in ThemeREX Lorem Ipsum | Books & Media Store lorem-ipsum-books-media-store allows Object Injection.This issue … |
| CVE-2025-69404 | CVE-2025-69404 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in ThemeREX Extreme Store extremestore allows Object Injection.This issue affects Extreme Store: from n/a throu… |
| CVE-2025-69403 | CVE-2025-69403 CVSS 9.9 | Unrestricted Upload of File with Dangerous Type vulnerability in Bravis-Themes Bravis Addons bravis-addons allows Using Malicious Files.This issue affects Brav… |
| CVE-2025-69382 | CVE-2025-69382 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in themesflat Themesflat Elementor themesflat-elementor allows Object Injection.This issue affects Themesflat E… |
| CVE-2025-6938 | CVE-2025-6938 CVSS 9.8 | A vulnerability was found in code-projects Simple Pizza Ordering System 1.0. It has been rated as critical. This issue affects some unknown processing of the f… |
| CVE-2025-69372 | CVE-2025-69372 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in AncoraThemes SevenHills sevenhills allows Object Injection.This issue affects SevenHills: from n/a through <… |
| CVE-2025-69371 | CVE-2025-69371 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in AncoraThemes KindlyCare kindlycare allows Object Injection.This issue affects KindlyCare: from n/a through <… |
| CVE-2025-69370 | CVE-2025-69370 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in ThemeGoods Capella capella allows Object Injection.This issue affects Capella: from n/a through <= 2.5.5. |
| CVE-2025-6937 | CVE-2025-6937 CVSS 9.8 | A vulnerability was found in code-projects Simple Pizza Ordering System 1.0. It has been declared as critical. This vulnerability affects unknown code of the f… |
| CVE-2025-69366 | CVE-2025-69366 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Emerce Core emerce-core allows Blind SQL Inj… |
| CVE-2025-69365 | CVE-2025-69365 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Uroan Core uroan-core allows Blind SQL Injec… |
| CVE-2025-6936 | CVE-2025-6936 CVSS 9.8 | A vulnerability was found in code-projects Simple Pizza Ordering System 1.0. It has been classified as critical. This affects an unknown part of the file /addp… |
| CVE-2025-6935 | CVE-2025-6935 CVSS 9.8 | A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the f… |
| CVE-2025-6934 | CVE-2025-6934 CVSS 9.8 | The Opal Estate Pro – Property Management and Submission plugin for WordPress, used by the FullHouse - Real Estate Responsive WordPress Theme, is vulnerable to… |
| CVE-2025-69338 | CVE-2025-69338 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in don-themes Riode Core riode-core allows Blind SQL Injecti… |
| CVE-2025-69337 | CVE-2025-69337 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in don-themes Wolmart Core wolmart-core allows Blind SQL Inj… |
| CVE-2025-69329 | CVE-2025-69329 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in Jthemes Prestige prestige allows Object Injection.This issue affects Prestige: from n/a through < 1.4.1. |
| CVE-2025-69312 | CVE-2025-69312 CVSS 9.1 | Unrestricted Upload of File with Dangerous Type vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows Upload a Web Shell to a Web Server.Thi… |
| CVE-2025-69310 | CVE-2025-69310 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Woodly Core woodly-core allows Blind SQL Inj… |
| CVE-2025-69309 | CVE-2025-69309 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Saasplate Core saasplate-core allows Blind S… |