31,594 indexed
CVECVE vulnerabilities
31,594 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 3,301–3,350 of 8,314 in Critical · page 67 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-68114 | CVE-2025-68114 CVSS 9.8 | Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, an unchecked vsnprintf return in SStream_concat lets a malicious cs_opt_mem.vsnprintf … |
| CVE-2025-6811 | CVE-2025-6811 CVSS 9.8 | Mescius ActiveReports.NET TypeResolutionService Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attacke… |
| CVE-2025-6810 | CVE-2025-6810 CVSS 9.8 | Mescius ActiveReports.NET ReadValue Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execut… |
| CVE-2025-6805 | CVE-2025-6805 CVSS 9.1 | Marvell QConvergeConsole deleteEventLogFile Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arb… |
| CVE-2025-68034 | CVE-2025-68034 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CleverReach® CleverReach® WP cleverreach-wp allows SQL In… |
| CVE-2025-6802 | CVE-2025-6802 CVSS 9.8 | Marvell QConvergeConsole getFileFromURL Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arb… |
| CVE-2025-68018 | CVE-2025-68018 CVSS 9.4 | Missing Authorization vulnerability in StackWC Order Listener for WooCommerce woc-order-alert allows Exploiting Incorrectly Configured Access Control Security … |
| CVE-2025-68015 | CVE-2025-68015 CVSS 9.0 | Improper Control of Generation of Code ('Code Injection') vulnerability in Vollstart Event Tickets with Ticket Scanner event-tickets-with-ticket-scanner allows… |
| CVE-2025-68001 | CVE-2025-68001 CVSS 10.0 | Unrestricted Upload of File with Dangerous Type vulnerability in garidium g-FFL Checkout g-ffl-checkout allows Upload a Web Shell to a Web Server.This issue af… |
| CVE-2025-67997 | CVE-2025-67997 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in BoldThemes Travelicious travelicious allows Object Injection.This issue affects Travelicious: from n/a throu… |
| CVE-2025-67996 | CVE-2025-67996 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in BoldThemes Nestin nestin allows Object Injection.This issue affects Nestin: from n/a through < 1.2.6. |
| CVE-2025-67995 | CVE-2025-67995 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in LoftOcean PatioTime patiotime allows Object Injection.This issue affects PatioTime: from n/a through < 2.1. |
| CVE-2025-6798 | CVE-2025-6798 CVSS 9.1 | Marvell QConvergeConsole deleteAppFile Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrar… |
| CVE-2025-67979 | CVE-2025-67979 CVSS 9.9 | Improper Control of Generation of Code ('Code Injection') vulnerability in WesternDeal WPForms Google Sheet Connector gsheetconnector-wpforms allows Code Injec… |
| CVE-2025-67968 | CVE-2025-67968 CVSS 9.9 | Unrestricted Upload of File with Dangerous Type vulnerability in InspiryThemes Real Homes CRM realhomes-crm allows Using Malicious Files.This issue affects Rea… |
| CVE-2025-67945 | CVE-2025-67945 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MailerLite MailerLite – WooCommerce integration woo-maile… |
| CVE-2025-67944 | CVE-2025-67944 CVSS 9.1 | Improper Control of Generation of Code ('Code Injection') vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Code Injection.This issue af… |
| CVE-2025-6794 | CVE-2025-6794 CVSS 9.8 | Marvell QConvergeConsole saveAsText Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary co… |
| CVE-2025-6793 | CVE-2025-6793 CVSS 9.4 | Marvell QConvergeConsole QLogicDownloadImpl Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability. This vulnerability allows rem… |
| CVE-2025-67928 | CVE-2025-67928 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in themesuite Automotive Listings automotive allows Blind SQ… |
| CVE-2025-67924 | CVE-2025-67924 CVSS 9.9 | Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Corpkit corpkit allows Upload a Web Shell to a Web Server.This issue affects Corpki… |
| CVE-2025-67911 | CVE-2025-67911 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in Tribulant Software Newsletters newsletters-lite allows Object Injection.This issue affects Newsletters: from… |
| CVE-2025-67910 | CVE-2025-67910 CVSS 9.1 | Unrestricted Upload of File with Dangerous Type vulnerability in contentstudio Contentstudio contentstudio allows Upload a Web Shell to a Web Server.This issue… |
| CVE-2025-67906 | CVE-2025-67906 CVSS 9.0 | In MISP before 2.5.28, app/View/Elements/Workflows/executionPath.ctp allows XSS in the workflow execution path. |
| CVE-2025-67896 | CVE-2025-67896 CVSS 9.8 | Exim before 4.99.1, with certain non-default rate-limit configurations, allows a remote heap-based buffer overflow because database records are cast directly t… |
| CVE-2025-67895 | CVE-2025-67895 CVSS 9.8 | Edge3 Worker RPC RCE on Airflow 2. This issue affects Apache Airflow Providers Edge3: before 2.0.0 - and only if you installed and configured it on Airflow 2.… |
| CVE-2025-67887 | CVE-2025-67887 CVSS 9.8 | 1C-Bitrix through 25.100.500 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code b… |
| CVE-2025-67856 | CVE-2025-67856 CVSS 9.8 | A flaw was found in Moodle. An authorization logic flaw, specifically due to incomplete role checks during the badge awarding process, allowed badges to be gra… |
| CVE-2025-67843 | CVE-2025-67843 CVSS 9.8 | A Server-Side Template Injection (SSTI) vulnerability in the MDX Rendering Engine in Mintlify Platform before 2025-11-15 allows remote attackers to execute arb… |
| CVE-2025-67830 | CVE-2025-67830 CVSS 9.8 | Mura before 10.1.14 allows beanFeed.cfc getQuery sortby SQL injection. |
| CVE-2025-67829 | CVE-2025-67829 CVSS 9.8 | Mura before 10.1.14 allows beanFeed.cfc getQuery sortDirection SQL injection. |
| CVE-2025-67822 | CVE-2025-67822 CVSS 9.4 | A vulnerability in the Provisioning Manager component of Mitel MiVoice MX-ONE 7.3 (7.3.0.0.50) through 7.8 SP1 (7.8.1.0.14) could allow an unauthenticated atta… |
| CVE-2025-67793 | CVE-2025-67793 CVSS 9.8 | An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 through 24.2.*, and 25.1 before 25.1.6. Users with the "Manage roles and permissions" privilege … |
| CVE-2025-67791 | CVE-2025-67791 CVSS 9.8 | An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 through 24.2.*, and 25.1 through 25.1.*. An incomplete configuration (agent authentication) in D… |
| CVE-2025-67787 | CVE-2025-67787 CVSS 9.6 | An issue was discovered in 25.1.2 before 25.1.5. A Cross Site Scripting (XSS) issue in DriveLock Operations Center allows for session takeover over a network. |
| CVE-2025-67781 | CVE-2025-67781 CVSS 9.9 | An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. Local unprivileged users can manipulate privileged process… |
| CVE-2025-6777 | CVE-2025-6777 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in code-projects Food Distributor Site 1.0. This issue affects some unknown processing of the… |
| CVE-2025-6776 | CVE-2025-6776 CVSS 9.8 | A vulnerability classified as critical was found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This vulnerability affects the function Upload of the file app/pl… |
| CVE-2025-6775 | CVE-2025-6775 CVSS 9.8 | A vulnerability classified as critical has been found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This affects the function create_user of the file /app/api/v… |
| CVE-2025-67744 | CVE-2025-67744 CVSS 9.6 | DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to version 0.5.3, a security vulnerability exis… |
| CVE-2025-67728 | CVE-2025-67728 CVSS 9.8 | Fireshare facilitates self-hosted media and link sharing. Versions 1.2.30 and below allow an authenticated user, or unauthenticated user if the Public Uploads … |
| CVE-2025-67727 | CVE-2025-67727 CVSS 9.8 | Parse Server is an open source backend that can be deployed to any infrastructure that runs Node.js. In versions prior to 8.6.0-alpha.2, a GitHub CI workflow i… |
| CVE-2025-67647 | CVE-2025-67647 CVSS 9.1 | SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.49.5, SvelteKit is vulnerable to a server side req… |
| CVE-2025-67617 | CVE-2025-67617 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in themeton Consult Aid consultaid allows Object Injection.This issue affects Consult Aid: from n/a through <= … |
| CVE-2025-6758 | CVE-2025-6758 CVSS 9.8 | The Real Spaces - WordPress Properties Directory Theme theme for WordPress is vulnerable to privilege escalation via the 'imic_agent_register' function in all … |
| CVE-2025-67511 | CVE-2025-67511 CVSS 9.6 | Cybersecurity AI (CAI) is an open-source framework for building and deploying AI-powered offensive and defensive automation. Versions 0.5.9 and below are vulne… |
| CVE-2025-67510 | CVE-2025-67510 CVSS 9.4 | Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the cal… |
| CVE-2025-67506 | CVE-2025-67506 CVSS 9.8 | PipesHub is a fully extensible workplace AI platform for enterprise search and workflow automation. Versions prior to 0.1.0-beta expose POST /api/v1/record/buf… |
| CVE-2025-67504 | CVE-2025-67504 CVSS 9.8 | WBCE CMS is a content management system. Versions 1.6.4 and below use function GenerateRandomPassword() to create passwords using PHP's rand(). rand() is not c… |
| CVE-2025-67493 | CVE-2025-67493 CVSS 9.0 | Homarr is an open-source dashboard. Prior to version 1.45.3, it was possible to craft an input which allowed privilege escalation and getting access to groups … |