31,594 indexed
CVECVE vulnerabilities
31,594 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 3,451–3,500 of 8,314 in Critical · page 70 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-6612 | CVE-2025-6612 CVSS 9.8 | A vulnerability was found in code-projects Inventory Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the fi… |
| CVE-2025-6611 | CVE-2025-6611 CVSS 9.8 | A vulnerability was found in code-projects Inventory Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the fi… |
| CVE-2025-66078 | CVE-2025-66078 CVSS 9.1 | Improper Control of Generation of Code ('Code Injection') vulnerability in jetmonsters Hotel Booking Lite motopress-hotel-booking-lite allows Remote Code Inclu… |
| CVE-2025-66074 | CVE-2025-66074 CVSS 9.0 | Unrestricted Upload of File with Dangerous Type vulnerability in Cozmoslabs WP Webhooks wp-webhooks allows Path Traversal.This issue affects WP Webhooks: from … |
| CVE-2025-66050 | CVE-2025-66050 CVSS 9.8 | Vivotek IP7137 camera with firmware version 0200a by default dos not require to provide any password when logging in as an administrator. While it is possible … |
| CVE-2025-66048 | CVE-2025-66048 CVSS 9.8 | Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER fi… |
| CVE-2025-66047 | CVE-2025-66047 CVSS 9.8 | Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER fi… |
| CVE-2025-66046 | CVE-2025-66046 CVSS 9.8 | Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER fi… |
| CVE-2025-66045 | CVE-2025-66045 CVSS 9.8 | Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER fi… |
| CVE-2025-66044 | CVE-2025-66044 CVSS 9.8 | Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER fi… |
| CVE-2025-66043 | CVE-2025-66043 CVSS 9.8 | Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER fi… |
| CVE-2025-66039 | CVE-2025-66039 CVSS 9.8 | FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions are vulnerable to authentication bypass when the authenticat… |
| CVE-2025-66034 | CVE-2025-66034 CVSS 9.8 | fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib (or python3 -m fontTools.varLi… |
| CVE-2025-66032 | CVE-2025-66032 CVSS 9.8 | Claude Code is an agentic coding tool. Prior to 1.0.93, Due to errors in parsing shell commands related to $IFS and short CLI flags, it was possible to bypass … |
| CVE-2025-66024 | CVE-2025-66024 CVSS 9.0 | The XWiki blog application allows users of the XWiki platform to create and manage blog posts. Versions prior to 9.15.7 are vulnerable to Stored Cross-Site Scr… |
| CVE-2025-66022 | CVE-2025-66022 CVSS 9.8 | FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to version 1.7.1, an extension execution path in Faction’s extension framework per… |
| CVE-2025-65896 | CVE-2025-65896 CVSS 9.8 | SQL injection vulnerability in long2ice assyncmy thru 0.2.10 allows attackers to execute arbitrary SQL commands via crafted dict keys. |
| CVE-2025-65882 | CVE-2025-65882 CVSS 9.8 | An issue was discovered in openmptcprouter thru 0.64 in file common/package/utils/sys-upgrade-helper/src/tools/sysupgrade.c in function create_xor_ipad_opad al… |
| CVE-2025-65875 | CVE-2025-65875 CVSS 9.8 | An arbitrary file upload vulnerability in the AddFont() function of FPDF v1.86 and earlier allows attackers to execute arbitrary code via uploading a crafted P… |
| CVE-2025-65856 | CVE-2025-65856 CVSS 9.8 | Authentication bypass vulnerability in Xiongmai XM530 IP cameras on Firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06 allows unauthenticated remote attack… |
| CVE-2025-65854 | CVE-2025-65854 CVSS 9.8 | Insecure permissions in the scheduled tasks feature of MineAdmin v3.x allows attackers to execute arbitrary commands and execute a full account takeover. |
| CVE-2025-65849 | CVE-2025-65849 CVSS 9.1 | A cryptanalytic break in Altcha Proof-of-Work obfuscation mode version 0.8.0 and later allows for remote visitors to recover the Proof-of-Work nonce in constan… |
| CVE-2025-65836 | CVE-2025-65836 CVSS 9.1 | PublicCMS V5.202506.b is vulnerable to SSRF. in the chat interface of SimpleAiAdminController. |
| CVE-2025-65834 | CVE-2025-65834 CVSS 9.8 | Meltytech Shotcut 25.10.31 is vulnerable to Buffer Overflow. A memory access violation occurs when processing MLT project files with manipulated width and heig… |
| CVE-2025-65830 | CVE-2025-65830 CVSS 9.1 | Due to a lack of certificate validation, all traffic from the mobile application can be intercepted. As a result, an adversary located "upstream" can decrypt t… |
| CVE-2025-65827 | CVE-2025-65827 CVSS 9.1 | The mobile application is configured to allow clear text traffic to all domains and communicates with an API server over HTTP. As a result, an adversary locate… |
| CVE-2025-65826 | CVE-2025-65826 CVSS 9.8 | The mobile application was found to contain stored credentials for the network it was developed on. If an attacker retrieved this, and found the physical locat… |
| CVE-2025-65823 | CVE-2025-65823 CVSS 9.8 | The Meatmeet Pro was found to be shipped with hardcoded Wi-Fi credentials in the firmware, for the test network it was developed on. If an attacker retrieved t… |
| CVE-2025-65820 | CVE-2025-65820 CVSS 9.8 | An issue was discovered in Meatmeet Android Mobile Application 1.1.2.0. An exported activity can be spawned with the mobile application which opens a hidden pa… |
| CVE-2025-6580 | CVE-2025-6580 CVSS 9.8 | A vulnerability classified as critical has been found in SourceCodester Best Salon Management System 1.0. Affected is an unknown function of the component Logi… |
| CVE-2025-65792 | CVE-2025-65792 CVSS 9.1 | DataGear v5.5.0 is vulnerable to Arbitrary File Deletion. |
| CVE-2025-65791 | CVE-2025-65791 CVSS 9.8 | ZoneMinder v1.36.34 is vulnerable to Command Injection in web/views/image.php. The application passes unsanitized user input directly to the exec() function. N… |
| CVE-2025-6579 | CVE-2025-6579 CVSS 9.8 | A vulnerability was found in code-projects Car Rental System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /messag… |
| CVE-2025-65783 | CVE-2025-65783 CVSS 9.8 | An arbitrary file upload vulnerability in the /utils/uploadFile component of Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows attackers to execute ar… |
| CVE-2025-6578 | CVE-2025-6578 CVSS 9.8 | A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been declared as critical. This vulnerability affects unknown cod… |
| CVE-2025-6577 | CVE-2025-6577 CVSS 9.8 | Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce… |
| CVE-2025-65741 | CVE-2025-65741 CVSS 9.8 | Sublime Text 3 Build 3208 or prior for MacOS is vulnerable to Dylib Injection. An attacker could compile a .dylib file and force the execution of this library … |
| CVE-2025-6573 | CVE-2025-6573 CVSS 9.8 | Kernel software installed and running inside an untrusted/rich execution environment (REE) could leak information from the trusted execution environment (TEE). |
| CVE-2025-65719 | CVE-2025-65719 CVSS 9.8 | An issue in Open Source Kubectl MCP Server v1.1.1 allows attackers to execute arbitrary code on a victim system via user interaction with a crafted HTML page. |
| CVE-2025-6567 | CVE-2025-6567 CVSS 9.8 | A vulnerability was found in Campcodes Online Recruitment Management System 1.0. It has been rated as critical. This issue affects some unknown processing of t… |
| CVE-2025-65669 | CVE-2025-65669 CVSS 9.1 | An issue was discovered in classroomio 0.1.13. Student accounts are able to delete courses from the Explore page without any authorization or authentication ch… |
| CVE-2025-65656 | CVE-2025-65656 CVSS 9.8 | dcat-admin v2.2.3-beta and before is vulnerable to file inclusion in admin/src/Extend/VersionManager.php. |
| CVE-2025-6561 | CVE-2025-6561 CVSS 9.8 | Certain hybrid DVR models ((HBF-09KD and HBF-16NK)) from Hunt Electronic have an Exposure of Sensitive Information vulnerability, allowing unauthenticated remo… |
| CVE-2025-65602 | CVE-2025-65602 CVSS 9.8 | A template injection vulnerability in the /vip/v1/file/save component of ChanCMS v3.3.4 allows attackers to execute arbitrary code via a crafted POST request. |
| CVE-2025-6560 | CVE-2025-6560 CVSS 9.8 | Multiple wireless router models from Sapido have an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to directly acce… |
| CVE-2025-6559 | CVE-2025-6559 CVSS 9.8 | Multiple wireless router models from Sapido have an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS comman… |
| CVE-2025-65570 | CVE-2025-65570 CVSS 9.8 | A type confusion in jsish 2.0 allows incorrect control flow during execution of the OP_NEXT opcode. When an “instanceof” expression uses an array element acces… |
| CVE-2025-65552 | CVE-2025-65552 CVSS 9.8 | D3D Wi-Fi Home Security System ZX-G12 v2.1.1 is vulnerable to RF replay attacks on the 433 MHz sensor communication channel. The system does not implement roll… |
| CVE-2025-65548 | CVE-2025-65548 CVSS 9.1 | NUT-14 allows cashu tokens to be created with a preimage hash. However, nutshell (cashubtc/nuts) before 0.18.0 do not validate the size of preimage when the to… |
| CVE-2025-6553 | CVE-2025-6553 CVSS 9.8 | The Ovatheme Events Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the process_checkout() function… |