31,594 indexed
CVECVE vulnerabilities
31,594 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 3,551–3,600 of 8,314 in Critical · page 72 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-6479 | CVE-2025-6479 CVSS 9.8 | A vulnerability classified as critical has been found in code-projects Simple Pizza Ordering System 1.0. This affects an unknown part of the file /salesreport.… |
| CVE-2025-64767 | CVE-2025-64767 CVSS 9.1 | hpke-js is a Hybrid Public Key Encryption (HPKE) module built on top of Web Cryptography API. Prior to version 1.7.5, the public SenderContext Seal() API has a… |
| CVE-2025-64762 | CVE-2025-64762 CVSS 9.1 | The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In authkit-nextjs ve… |
| CVE-2025-64755 | CVE-2025-64755 CVSS 9.8 | Claude Code is an agentic coding tool. Prior to version 2.0.31, due to an error in sed command parsing, it was possible to bypass the Claude Code read-only val… |
| CVE-2025-64741 | CVE-2025-64741 CVSS 9.8 | Improper authorization handling in Zoom Workplace for Android before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via… |
| CVE-2025-6474 | CVE-2025-6474 CVSS 9.8 | A vulnerability has been found in code-projects Inventory Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file… |
| CVE-2025-64725 | CVE-2025-64725 CVSS 9.8 | Weblate is a web based localization tool. In versions prior to 5.15, it was possible to accept an invitation opened by a different user. Version 5.15. contains… |
| CVE-2025-64721 | CVE-2025-64721 CVSS 10.0 | Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. In versions 1.16.6 and below, the SYSTEM-level servic… |
| CVE-2025-6472 | CVE-2025-6472 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in code-projects Online Bidding System 1.0. Affected by this issue is some unknown functional… |
| CVE-2025-64717 | CVE-2025-64717 CVSS 9.8 | ZITADEL is an open source identity management platform. Starting in version 2.50.0 and prior to versions 2.71.19, 3.4.4, and 4.6.6, a vulnerability in ZITADEL'… |
| CVE-2025-64712 | CVE-2025-64712 CVSS 9.8 | The unstructured library provides open-source components for ingesting and pre-processing images and text documents, such as PDFs, HTML, Word docs, and many mo… |
| CVE-2025-6471 | CVE-2025-6471 CVSS 9.8 | A vulnerability classified as critical was found in code-projects Online Bidding System 1.0. Affected by this vulnerability is an unknown functionality of the … |
| CVE-2025-64709 | CVE-2025-64709 CVSS 9.9 | Typebot is an open-source chatbot builder. In versions prior to 3.13.1, a Server-Side Request Forgery (SSRF) vulnerability in the Typebot webhook block (HTTP R… |
| CVE-2025-6470 | CVE-2025-6470 CVSS 9.8 | A vulnerability classified as critical has been found in code-projects Online Bidding System 1.0. Affected is an unknown function of the file /bidlog.php. The … |
| CVE-2025-64693 | CVE-2025-64693 CVSS 9.8 | Security Point (Windows) of MaLion and MaLionCloud contains a heap-based buffer overflow vulnerability in processing Content-Length. Receiving a specially craf… |
| CVE-2025-6469 | CVE-2025-6469 CVSS 9.8 | A vulnerability was found in code-projects Online Bidding System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /de… |
| CVE-2025-6468 | CVE-2025-6468 CVSS 9.8 | A vulnerability was found in code-projects Online Bidding System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /bi… |
| CVE-2025-64675 | CVE-2025-64675 CVSS 9.6 | Improper neutralization of input during web page generation ('cross-site scripting') in Azure Cosmos DB allows an unauthorized attacker to perform spoofing ove… |
| CVE-2025-64672 | CVE-2025-64672 CVSS 9.0 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform sp… |
| CVE-2025-6467 | CVE-2025-6467 CVSS 9.8 | A vulnerability was found in code-projects Online Bidding System 1.0. It has been classified as critical. This affects an unknown part of the file /login.php. … |
| CVE-2025-6466 | CVE-2025-6466 CVSS 9.8 | A vulnerability was found in ageerle ruoyi-ai 2.0.0 and classified as critical. Affected by this issue is the function speechToTextTranscriptionsV2/upload of t… |
| CVE-2025-64657 | CVE-2025-64657 CVSS 9.8 | Stack-based buffer overflow in Azure Application Gateway allows an unauthorized attacker to elevate privileges over a network. |
| CVE-2025-64656 | CVE-2025-64656 CVSS 9.8 | Out-of-bounds read in Application Gateway allows an unauthorized attacker to elevate privileges over a network. |
| CVE-2025-64655 | CVE-2025-64655 CVSS 9.8 | Improper authorization in Dynamics OmniChannel SDK Storage Containers allows an unauthorized attacker to elevate privileges over a network. |
| CVE-2025-6458 | CVE-2025-6458 CVSS 9.8 | A vulnerability has been found in code-projects Online Hotel Reservation System 1.0 and classified as critical. This vulnerability affects unknown code of the … |
| CVE-2025-6457 | CVE-2025-6457 CVSS 9.8 | A vulnerability, which was classified as critical, was found in code-projects Online Hotel Reservation System 1.0. This affects an unknown part of the file /re… |
| CVE-2025-6456 | CVE-2025-6456 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in code-projects Online Hotel Reservation System 1.0. Affected by this issue is some unknown … |
| CVE-2025-6455 | CVE-2025-6455 CVSS 9.8 | A vulnerability classified as critical was found in code-projects Online Hotel Reservation System 1.0. Affected by this vulnerability is an unknown functionali… |
| CVE-2025-64539 | CVE-2025-64539 CVSS 9.3 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could lead to arbitrary code exe… |
| CVE-2025-64538 | CVE-2025-64538 CVSS 9.3 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could lead to arbitrary code exe… |
| CVE-2025-64537 | CVE-2025-64537 CVSS 9.3 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could lead to arbitrary code exe… |
| CVE-2025-6451 | CVE-2025-6451 CVSS 9.8 | A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been declared as critical. This vulnerability affects unknown cod… |
| CVE-2025-6450 | CVE-2025-6450 CVSS 9.8 | A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been classified as critical. This affects an unknown part of the … |
| CVE-2025-6449 | CVE-2025-6449 CVSS 9.8 | A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0 and classified as critical. Affected by this issue is some unknown functi… |
| CVE-2025-6448 | CVE-2025-6448 CVSS 9.8 | A vulnerability has been found in code-projects Simple Online Hotel Reservation System 1.0 and classified as critical. Affected by this vulnerability is an unk… |
| CVE-2025-6447 | CVE-2025-6447 CVSS 9.8 | A vulnerability, which was classified as critical, was found in code-projects Simple Online Hotel Reservation System 1.0. Affected is an unknown function of th… |
| CVE-2025-6446 | CVE-2025-6446 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in code-projects Client Details System 1.0. This issue affects some unknown processing of the… |
| CVE-2025-64459 | CVE-2025-64459 CVSS 9.1 | An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. The methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get… |
| CVE-2025-64446 | Fortinet FortiWeb Path Traversal Vulnerability KEVCVSS 9.8Fortinet | Fortinet FortiWeb contains a relative path traversal vulnerability that may allow an unauthenticated attacker to execute administrative commands on the system … |
| CVE-2025-64443 | CVE-2025-64443 CVSS 9.6 | MCP Gateway allows easy and secure running and deployment of MCP servers. In versions 0.27.0 and earlier, when MCP Gateway runs in sse or streaming transport m… |
| CVE-2025-64428 | CVE-2025-64428 CVSS 9.8 | Dataease is an open source data visualization analysis tool. Versions prior to 2.10.17 are vulnerable to JNDI injection. A blacklist was added in the patch for… |
| CVE-2025-6441 | CVE-2025-6441 CVSS 9.8 | The Webinar Solution: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition plugin for WordPress is vulnerable to unauthen… |
| CVE-2025-6440 | CVE-2025-6440 CVSS 9.8 | The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design Services WordPress theme, is vulnerable to arbitrary file upl… |
| CVE-2025-6439 | CVE-2025-6439 CVSS 9.8 | The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design Services WordPress theme, is vulnerable to arbitrary file del… |
| CVE-2025-64374 | CVE-2025-64374 CVSS 9.9 | Unrestricted Upload of File with Dangerous Type vulnerability in StylemixThemes Motors motors allows Using Malicious Files.This issue affects Motors: from n/a … |
| CVE-2025-64338 | CVE-2025-64338 CVSS 9.0 | ClipBucket v5 is an open source video sharing platform. In versions 5.5.2 - #156 and below, an authenticated regular user can create a photo collection whose C… |
| CVE-2025-6433 | CVE-2025-6433 CVSS 9.8 | If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would… |
| CVE-2025-64325 | CVE-2025-64325 CVSS 9.0 | Emby Server is a personal media server. Prior to version 4.8.1.0 and prior to Beta version 4.9.0.0-beta, a malicious user can send an authentication request wi… |
| CVE-2025-64310 | CVE-2025-64310 CVSS 9.8 | EPSON WebConfig and Epson Web Control for SEIKO EPSON Projector Products do not restrict excessive authentication attempts. An administrative user's password m… |
| CVE-2025-64281 | CVE-2025-64281 CVSS 9.8 | An Authentication Bypass issue in CentralSquare Community Development 19.5.7 allows attackers to access the admin panel without admin credentials. |