31,594 indexed
CVECVE vulnerabilities
31,594 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 3,201–3,250 of 8,314 in Critical · page 65 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-69308 | CVE-2025-69308 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Nestbyte Core nestbyte-core allows Blind SQL… |
| CVE-2025-69307 | CVE-2025-69307 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Medinik Core medinik-core allows Blind SQL I… |
| CVE-2025-69306 | CVE-2025-69306 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Electio Core electio-core allows Blind SQL I… |
| CVE-2025-69305 | CVE-2025-69305 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Crete Core crete-core allows Blind SQL Injec… |
| CVE-2025-69304 | CVE-2025-69304 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Allmart allmart-core allows Blind SQL Inject… |
| CVE-2025-69301 | CVE-2025-69301 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in ThemeGoods PhotoMe photome allows Object Injection.This issue affects PhotoMe: from n/a through <= 5.6.11. |
| CVE-2025-69295 | CVE-2025-69295 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Coven Core coven-core allows Blind SQL Injec… |
| CVE-2025-69288 | CVE-2025-69288 CVSS 9.1 | Titra is open source project time tracking software. Prior to version 0.99.49, Titra allows any authenticated Admin user to modify the timeEntryRule in the dat… |
| CVE-2025-69286 | CVE-2025-69286 CVSS 9.8 | RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions prior to 0.22.0, the use of an insecure key generation algorithm in the API … |
| CVE-2025-69270 | CVE-2025-69270 CVSS 9.8 | Information Exposure Through Query Strings in GET Request vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Session Hijacking.This issue af… |
| CVE-2025-69269 | CVE-2025-69269 CVSS 9.8 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allow… |
| CVE-2025-69264 | CVE-2025-69264 CVSS 9.8 | pnpm is a package manager. Versions 10.0.0 through 10.25 allow git-hosted dependencies to execute arbitrary code during pnpm install, circumventing the v10 sec… |
| CVE-2025-69258 | CVE-2025-69258 CVSS 9.8 | A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executab… |
| CVE-2025-6925 | CVE-2025-6925 CVSS 9.1 | A vulnerability has been found in Dromara RuoYi-Vue-Plus 5.4.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the fi… |
| CVE-2025-69246 | CVE-2025-69246 CVSS 9.8 | Raytha CMS does not have any brute force protection mechanism implemented. It allows an attacker to send multiple automated logon requests without triggering l… |
| CVE-2025-69234 | CVE-2025-69234 CVSS 9.1 | Whale browser before 4.35.351.12 allows an attacker to escape the iframe sandbox in a sidebar environment. |
| CVE-2025-69201 | CVE-2025-69201 CVSS 9.8 | Tugtainer is a self-hosted app for automating updates of docker containers. In versions prior to 1.15.1, arbitary arguments can be injected in tugtainer-agent … |
| CVE-2025-69194 | CVE-2025-69194 CVSS 9.8 | A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink <file… |
| CVE-2025-6919 | CVE-2025-6919 CVSS 9.8 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cats Information Technology Software Development Technolo… |
| CVE-2025-6918 | CVE-2025-6918 CVSS 9.8 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ncvav Virtual PBX Software allows SQL Injection. This is… |
| CVE-2025-6917 | CVE-2025-6917 CVSS 9.8 | A vulnerability has been found in code-projects Online Hotel Booking 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin… |
| CVE-2025-69101 | CVE-2025-69101 CVSS 9.8 | Authentication Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Workreap Core workreap_core allows Authentication Abuse.This issue affects… |
| CVE-2025-69079 | CVE-2025-69079 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in ThemeREX Sound | Musical Instruments Online Store musicplace allows Object Injection.This issue affects Soun… |
| CVE-2025-6907 | CVE-2025-6907 CVSS 9.8 | A vulnerability classified as critical was found in code-projects Car Rental System 1.0. This vulnerability affects unknown code of the file /book_car.php. The… |
| CVE-2025-6906 | CVE-2025-6906 CVSS 9.8 | A vulnerability classified as critical has been found in code-projects Car Rental System 1.0. This affects an unknown part of the file /login.php. The manipula… |
| CVE-2025-69052 | CVE-2025-69052 CVSS 9.8 | Missing Authorization vulnerability in FmeAddons Registration & Login with Mobile Phone Number for WooCommerce registration-login-with-mobile-phone-number allo… |
| CVE-2025-6905 | CVE-2025-6905 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in code-projects Car Rental System 1.0. This issue affects some unknown processing of the fil… |
| CVE-2025-6904 | CVE-2025-6904 CVSS 9.8 | A vulnerability was found in code-projects Car Rental System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the fi… |
| CVE-2025-6903 | CVE-2025-6903 CVSS 9.8 | A vulnerability was found in code-projects Car Rental System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality … |
| CVE-2025-6902 | CVE-2025-6902 CVSS 9.8 | A vulnerability was found in code-projects Inventory Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /ph… |
| CVE-2025-6901 | CVE-2025-6901 CVSS 9.8 | A vulnerability was found in code-projects Inventory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /… |
| CVE-2025-6900 | CVE-2025-6900 CVSS 9.8 | A vulnerability has been found in code-projects Library System 1.0 and classified as critical. This vulnerability affects unknown code of the file /add-book.ph… |
| CVE-2025-68986 | CVE-2025-68986 CVSS 9.9 | Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Miion miion allows Upload a Web Shell to a Web Server.This issue affects Miion: fro… |
| CVE-2025-6897 | CVE-2025-6897 CVSS 9.8 | A vulnerability classified as critical was found in D-Link DI-7300G+ 19.12.25A1. Affected by this vulnerability is an unknown functionality of the file httpd_d… |
| CVE-2025-68952 | CVE-2025-68952 CVSS 9.8 | Eigent is a multi-agent Workforce. In version 0.0.60, a 1-click Remote Code Execution (RCE) vulnerability has been identified in Eigent. This vulnerability all… |
| CVE-2025-6895 | CVE-2025-6895 CVSS 9.8 | The Melapress Login Security plugin for WordPress is vulnerable to Authentication Bypass due to missing authorization within the get_valid_user_based_on_token(… |
| CVE-2025-68932 | CVE-2025-68932 CVSS 9.8 | FreshRSS is a free, self-hostable RSS aggregator. Prior to version 1.28.0, FreshRSS uses cryptographically weak random number generators (mt_rand() and uniqid(… |
| CVE-2025-68929 | CVE-2025-68929 CVSS 9.0 | Frappe is a full-stack web application framework. Prior to versions 14.99.6 and 15.88.1, an authenticated user with specific permissions could be tricked into … |
| CVE-2025-68926 | CVE-2025-68926 CVSS 9.8 | RustFS is a distributed object storage system built in Rust. In versions prior to 1.0.0-alpha.78, RustFS implements gRPC authentication using a hardcoded stati… |
| CVE-2025-68910 | CVE-2025-68910 CVSS 9.9 | Unrestricted Upload of File with Dangerous Type vulnerability in blazethemes Blogzee blogzee allows Using Malicious Files.This issue affects Blogzee: from n/a … |
| CVE-2025-6891 | CVE-2025-6891 CVSS 9.8 | A vulnerability classified as critical has been found in code-projects Inventory Management System 1.0. Affected is an unknown function of the file /php_action… |
| CVE-2025-68909 | CVE-2025-68909 CVSS 9.9 | Unrestricted Upload of File with Dangerous Type vulnerability in blazethemes Blogistic blogistic allows Using Malicious Files.This issue affects Blogistic: fro… |
| CVE-2025-68897 | CVE-2025-68897 CVSS 9.9 | Improper Control of Generation of Code ('Code Injection') vulnerability in Mohammad I. Okfie IF AS Shortcode if-as-shortcode allows Code Injection.This issue a… |
| CVE-2025-6889 | CVE-2025-6889 CVSS 9.8 | A vulnerability was found in code-projects Movie Ticketing System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /l… |
| CVE-2025-6888 | CVE-2025-6888 CVSS 9.8 | A vulnerability was found in PHPGurukul Teachers Record Management System 2.1. It has been classified as critical. This affects an unknown part of the file /ad… |
| CVE-2025-68869 | CVE-2025-68869 CVSS 9.8 | Incorrect Privilege Assignment vulnerability in LazyCoders LLC LazyTasks lazytasks-project-task-management allows Privilege Escalation.This issue affects LazyT… |
| CVE-2025-68865 | CVE-2025-68865 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infility Infility Global infility-global allows SQL Injec… |
| CVE-2025-68860 | CVE-2025-68860 CVSS 9.8 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Mobile Builder Mobile builder mobile-builder allows Authentication Abuse.This issue a… |
| CVE-2025-68857 | CVE-2025-68857 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ichurakov Paid Downloads paid-downloads allows Blind SQL … |
| CVE-2025-6885 | CVE-2025-6885 CVSS 9.8 | A vulnerability, which was classified as critical, was found in PHPGurukul Teachers Record Management System 2.1. Affected is an unknown function of the file /… |