31,594 indexed
CVECVE vulnerabilities
31,594 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 3,251–3,300 of 8,314 in Critical · page 66 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-68723 | CVE-2025-68723 CVSS 9.0 | Axigen Mail Server before 10.5.57 contains multiple stored Cross-Site Scripting (XSS) vulnerabilities in the WebAdmin interface. Three instances exist: (1) the… |
| CVE-2025-68717 | CVE-2025-68717 CVSS 9.4 | KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 allow authentication bypass during session validation. If any user is logged in, endpoints such as /cgi-bin/sy… |
| CVE-2025-68715 | CVE-2025-68715 CVSS 9.1 | An issue was discovered in Panda Wireless PWRU0 devices with firmware 2.2.9 that exposes multiple HTTP endpoints (/goform/setWan, /goform/setLan, /goform/wirel… |
| CVE-2025-6871 | CVE-2025-6871 CVSS 9.8 | A vulnerability classified as critical has been found in SourceCodester Simple Company Website 1.0. This affects an unknown part of the file /classes/Login.php… |
| CVE-2025-68706 | CVE-2025-68706 CVSS 9.8 | A stack-based buffer overflow exists in the GoAhead-Webs HTTP daemon on KuWFi 4G LTE AC900 devices with firmware 1.0.13. The /goform/formMultiApnSetting handle… |
| CVE-2025-68705 | CVE-2025-68705 CVSS 9.8 | RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 to 1.0.0-alpha.78, RustFS contains a path traversal vulnerability in th… |
| CVE-2025-68670 | CVE-2025-68670 CVSS 9.8 | xrdp is an open source RDP server. xrdp before v0.10.5 contains an unauthenticated stack-based buffer overflow vulnerability. The issue stems from improper bou… |
| CVE-2025-68669 | CVE-2025-68669 CVSS 9.6 | 5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. In versions 0.15.2 and prior, an RCE vulnerability exists… |
| CVE-2025-68668 | CVE-2025-68668 CVSS 9.9 | n8n is an open source workflow automation platform. From version 1.0.0 to before 2.0.0, a sandbox bypass vulnerability exists in the Python Code Node that uses… |
| CVE-2025-68665 | CVE-2025-68665 CVSS 9.1 | LangChain is a framework for building LLM-powered applications. Prior to @langchain/core versions 0.3.80 and 1.1.8, and prior to langchain versions 0.3.37 and … |
| CVE-2025-68662 | CVE-2025-68662 CVSS 9.9 | Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, a hostname validation issue in FinalDestinatio… |
| CVE-2025-68637 | CVE-2025-68637 CVSS 9.1 | The Uniffle HTTP client is configured to trust all SSL certificates and disables hostname verification by default. This insecure configuration exposes all RES… |
| CVE-2025-6863 | CVE-2025-6863 CVSS 9.8 | A vulnerability classified as critical was found in PHPGurukul Local Services Search Engine Management System 2.1. Affected by this vulnerability is an unknown… |
| CVE-2025-68620 | CVE-2025-68620 CVSS 9.1 | Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 expose two features that can be chained together to stea… |
| CVE-2025-68615 | CVE-2025-68615 CVSS 9.8 | net-snmp is a SNMP application library, tools and daemon. Prior to versions 5.9.5 and 5.10.pre2, a specially crafted packet to an net-snmp snmptrapd daemon can… |
| CVE-2025-68562 | CVE-2025-68562 CVSS 9.9 | Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG allows Upload a Web Shell to a Web Server.This issue affects MapSVG: from n/a… |
| CVE-2025-68555 | CVE-2025-68555 CVSS 9.9 | Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Nutrie nutrie allows Upload a Web Shell to a Web Server.This issue affects Nutrie: … |
| CVE-2025-68554 | CVE-2025-68554 CVSS 9.9 | Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Keenarch keenarch allows Using Malicious Files.This issue affects Keenarch: from n/… |
| CVE-2025-68553 | CVE-2025-68553 CVSS 9.9 | Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Lendiz lendiz allows Upload a Web Shell to a Web Server.This issue affects Lendiz: … |
| CVE-2025-68549 | CVE-2025-68549 CVSS 9.9 | Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Wiguard wiguard allows Upload a Web Shell to a Web Server.This issue affects Wiguar… |
| CVE-2025-68541 | CVE-2025-68541 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in BoldThemes Ippsum ippsum allows Object Injection.This issue affects Ippsum: from n/a through <= 1.2.0. |
| CVE-2025-6853 | CVE-2025-6853 CVSS 9.8 | A vulnerability classified as critical has been found in chatchat-space Langchain-Chatchat up to 0.3.1. This affects the function upload_temp_docs of the file … |
| CVE-2025-68472 | CVE-2025-68472 CVSS 9.1 | MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload… |
| CVE-2025-6847 | CVE-2025-6847 CVSS 9.8 | A vulnerability classified as critical was found in code-projects Simple Forum 1.0. This vulnerability affects unknown code of the file /forum_edit.php. The ma… |
| CVE-2025-68456 | CVE-2025-68456 CVSS 9.1 | Craft is a platform for creating digital experiences. In versions 5.0.0-RC1 through 5.8.20 and 3.0.0 through 4.16.16, unauthenticated users can trigger databa… |
| CVE-2025-6845 | CVE-2025-6845 CVSS 9.8 | A vulnerability was found in code-projects Simple Forum 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /r… |
| CVE-2025-6844 | CVE-2025-6844 CVSS 9.8 | A vulnerability was found in code-projects Simple Forum 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of th… |
| CVE-2025-68435 | CVE-2025-68435 CVSS 9.1 | Zerobyte is a backup automation tool Zerobyte versions prior to 0.18.5 and 0.19.0 contain an authentication bypass vulnerability where authentication middlewar… |
| CVE-2025-6843 | CVE-2025-6843 CVSS 9.8 | A vulnerability was found in code-projects Simple Photo Gallery 1.0. It has been classified as critical. Affected is an unknown function of the file /upload-ph… |
| CVE-2025-6840 | CVE-2025-6840 CVSS 9.8 | A vulnerability, which was classified as critical, was found in code-projects Product Inventory System 1.0. This affects an unknown part of the file /index.php… |
| CVE-2025-68398 | CVE-2025-68398 CVSS 9.1 | Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to overwrite Git configuration remotely and override some of its behavio… |
| CVE-2025-6837 | CVE-2025-6837 CVSS 9.8 | A vulnerability classified as critical was found in code-projects Library System 1.0. Affected by this vulnerability is an unknown functionality of the file /p… |
| CVE-2025-6836 | CVE-2025-6836 CVSS 9.8 | A vulnerability classified as critical has been found in code-projects Library System 1.0. Affected is an unknown function of the file /profile.php. The manipu… |
| CVE-2025-6835 | CVE-2025-6835 CVSS 9.8 | A vulnerability was found in code-projects Library System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /student-i… |
| CVE-2025-6834 | CVE-2025-6834 CVSS 9.8 | A vulnerability was found in code-projects Inventory Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the fi… |
| CVE-2025-6830 | CVE-2025-6830 CVSS 9.8 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xpoda Türkiye Information Technology Inc. Password Module… |
| CVE-2025-6828 | CVE-2025-6828 CVSS 9.8 | A vulnerability has been found in code-projects Inventory Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file… |
| CVE-2025-68271 | CVE-2025-68271 CVSS 10.0 | OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From 5.0.0 to 6.10.1, OpenC3 COSMOS con… |
| CVE-2025-68270 | CVE-2025-68270 CVSS 9.9 | The Open edX Platform is a learning management platform. Prior to commit 05d0d0936daf82c476617257aa6c35f0cd4ca060, CourseLimitedStaffRole users are able to acc… |
| CVE-2025-6827 | CVE-2025-6827 CVSS 9.8 | A vulnerability, which was classified as critical, was found in code-projects Inventory Management System 1.0. This affects an unknown part of the file /php_ac… |
| CVE-2025-68263 | CVE-2025-68263 CVSS 9.8 | In the Linux kernel, the following vulnerability has been resolved: ksmbd: ipc: fix use-after-free in ipc_msg_send_request ipc_msg_send_request() waits for a… |
| CVE-2025-6826 | CVE-2025-6826 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in code-projects Payroll Management System 1.0. Affected by this issue is some unknown functi… |
| CVE-2025-6823 | CVE-2025-6823 CVSS 9.8 | A vulnerability was found in code-projects Inventory Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the fi… |
| CVE-2025-6822 | CVE-2025-6822 CVSS 9.8 | A vulnerability was found in code-projects Inventory Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the fi… |
| CVE-2025-6821 | CVE-2025-6821 CVSS 9.8 | A vulnerability was found in code-projects Inventory Management System 1.0. It has been classified as critical. This affects an unknown part of the file /php_a… |
| CVE-2025-6820 | CVE-2025-6820 CVSS 9.8 | A vulnerability was found in code-projects Inventory Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of … |
| CVE-2025-6819 | CVE-2025-6819 CVSS 9.8 | A vulnerability has been found in code-projects Inventory Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functi… |
| CVE-2025-68145 | CVE-2025-68145 CVSS 9.1 | In mcp-server-git versions prior to 2025.12.17, when the server is started with the --repository flag to restrict operations to a specific repository path, it … |
| CVE-2025-68121 | CVE-2025-68121 CVSS 10.0 | During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed han… |
| CVE-2025-68118 | CVE-2025-68118 CVSS 9.1 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.20.0, a vulnerability exists in FreeRDP’s certificate handling code on Wind… |