31,594 indexed
CVECVE vulnerabilities
31,594 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 3,601–3,650 of 8,314 in Critical · page 73 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-64280 | CVE-2025-64280 CVSS 9.8 | A SQL Injection Vulnerability in CentralSquare Community Development 19.5.7 allows attackers to inject SQL via the permit_no field. |
| CVE-2025-6427 | CVE-2025-6427 CVSS 9.1 | An attacker was able to bypass the `connect-src` directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connectio… |
| CVE-2025-6424 | CVE-2025-6424 CVSS 9.8 | A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability was fixed in Firefox 140, Firefox ESR 115.25, Firefox ESR 128.1… |
| CVE-2025-64236 | CVE-2025-64236 CVSS 9.8 | Authentication Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Tuturn allows Authentication Abuse.This issue affects Tuturn: from n/a bef… |
| CVE-2025-64233 | CVE-2025-64233 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in BoldThemes Codiqa codiqa allows Object Injection.This issue affects Codiqa: from n/a through < 1.2.8. |
| CVE-2025-64231 | CVE-2025-64231 CVSS 9.9 | Unrestricted Upload of File with Dangerous Type vulnerability in RedefiningTheWeb WordPress Contact Form 7 PDF, Google Sheet & Database rtwwcfp-wordpress-conta… |
| CVE-2025-64227 | CVE-2025-64227 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Object Injection.This issue affects Clie… |
| CVE-2025-6421 | CVE-2025-6421 CVSS 9.8 | A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been rated as critical. This issue affects some unknown processin… |
| CVE-2025-64206 | CVE-2025-64206 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in TieLabs Jannah jannah allows Object Injection.This issue affects Jannah: from n/a through <= 7.6.0. |
| CVE-2025-6420 | CVE-2025-6420 CVSS 9.8 | A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been declared as critical. This vulnerability affects unknown cod… |
| CVE-2025-6419 | CVE-2025-6419 CVSS 9.8 | A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been classified as critical. This affects an unknown part of the … |
| CVE-2025-64188 | CVE-2025-64188 CVSS 9.8 | Incorrect Privilege Assignment vulnerability in PenciDesign Soledad soledad allows Privilege Escalation.This issue affects Soledad: from n/a through <= 8.6.9. |
| CVE-2025-64180 | CVE-2025-64180 CVSS 10.0 | Manager-io/Manager is accounting software. In Manager Desktop and Server versions 25.11.1.3085 and below, a critical vulnerability permits unauthorized access … |
| CVE-2025-6418 | CVE-2025-6418 CVSS 9.8 | A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0 and classified as critical. Affected by this issue is some unknown functi… |
| CVE-2025-64164 | CVE-2025-64164 CVSS 9.8 | Dataease is an open source data visualization analysis tool. In versions 2.10.14 and below, DataEase did not properly filter when establishing JDBC connections… |
| CVE-2025-64163 | CVE-2025-64163 CVSS 9.8 | DataEase is an open source data visualization analysis tool. In versions 2.10.14 and below, the vendor added a blacklist to filter ldap:// and ldaps://. Howeve… |
| CVE-2025-64155 | CVE-2025-64155 CVSS 9.8 | An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 throug… |
| CVE-2025-64130 | CVE-2025-64130 CVSS 9.8 | Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could allow a remote attacker to execute arbitrary JavaScript on the v… |
| CVE-2025-64128 | CVE-2025-64128 CVSS 10.0 | An OS command injection vulnerability exists due to incomplete validation of user-supplied input. Validation fails to enforce sufficient formatting rules, wh… |
| CVE-2025-64127 | CVE-2025-64127 CVSS 10.0 | An OS command injection vulnerability exists due to insufficient sanitization of user-supplied input. The application accepts parameters that are later incor… |
| CVE-2025-64126 | CVE-2025-64126 CVSS 10.0 | An OS command injection vulnerability exists due to improper input validation. The application accepts a parameter directly from user input without verifying… |
| CVE-2025-64123 | CVE-2025-64123 CVSS 9.8 | Unintended Proxy or Intermediary vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows Network Boundary Bridging.This issue affects Multi-Stack … |
| CVE-2025-64121 | CVE-2025-64121 CVSS 9.8 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows Authentication Bypass.This issue … |
| CVE-2025-64113 | CVE-2025-64113 CVSS 9.8 | Emby Server is a user-installable home media server. Versions below 4.9.1.81 allow an attacker to gain full administrative access to an Emby Server (for Emby S… |
| CVE-2025-64111 | CVE-2025-64111 CVSS 9.8 | Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, due to the insufficient patch for CVE-2024-56731, it's still possible to update fi… |
| CVE-2025-64103 | CVE-2025-64103 CVSS 9.8 | Starting from 2.53.6, 2.54.3, and 2.55.0, Zitadel only required multi factor authentication in case the login policy has either enabled requireMFA or requireMF… |
| CVE-2025-64102 | CVE-2025-64102 CVSS 9.8 | Zitadel is open-source identity infrastructure software. Prior to 4.6.0, 3.4.3, and 2.71.18, an attacker can perform an online brute-force attack on OTP, TOTP,… |
| CVE-2025-64097 | CVE-2025-64097 CVSS 9.8 | NervesHub is a web service that allows users to manage over-the-air (OTA) firmware updates of devices in the field. A vulnerability present starting in version… |
| CVE-2025-64095 | CVE-2025-64095 CVSS 9.8 | DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor provider… |
| CVE-2025-64093 | CVE-2025-64093 CVSS 9.8 | Remote Code Execution vulnerability that allows unauthenticated attackers to inject arbitrary commands into the hostname of the device. |
| CVE-2025-6409 | CVE-2025-6409 CVSS 9.8 | A vulnerability was found in PHPGurukul Art Gallery Management System 1.1 and classified as critical. This issue affects some unknown processing of the file /a… |
| CVE-2025-64087 | CVE-2025-64087 CVSS 9.8 | A Server-Side Template Injection (SSTI) vulnerability in the FreeMarker component of opensagres XDocReport v1.0.0 to v2.1.0 allows attackers to execute arbitra… |
| CVE-2025-64081 | CVE-2025-64081 CVSS 9.8 | SQL injection vulnerability in /php/api_patient_schedule.php in SourceCodester Patients Waiting Area Queue Management System v1 allows attackers to execute arb… |
| CVE-2025-6408 | CVE-2025-6408 CVSS 9.8 | A vulnerability has been found in Campcodes Online Hospital Management System 1.0 and classified as critical. This vulnerability affects unknown code of the fi… |
| CVE-2025-64075 | CVE-2025-64075 CVSS 10.0 | A path traversal vulnerability in the check_token function of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote attackers to bypass authenticati… |
| CVE-2025-6407 | CVE-2025-6407 CVSS 9.8 | A vulnerability, which was classified as critical, was found in Campcodes Online Hospital Management System 1.0. This affects an unknown part of the file /user… |
| CVE-2025-64063 | CVE-2025-64063 CVSS 9.8 | Primakon Pi Portal 1.0.18 API endpoints fail to enforce sufficient authorization checks when processing requests. Specifically, a standard user can exploit thi… |
| CVE-2025-6406 | CVE-2025-6406 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in Campcodes Online Hospital Management System 1.0. Affected by this issue is some unknown fu… |
| CVE-2025-64055 | CVE-2025-64055 CVSS 9.8 | An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to access administrative functions of the device (e.g… |
| CVE-2025-64054 | CVE-2025-64054 CVSS 9.6 | A reflected Cross Site Scripting (XSS) vulnerability on Fanvil x210 2.12.20 devices allows attackers to cause a denial of service or potentially execute arbitr… |
| CVE-2025-6405 | CVE-2025-6405 CVSS 9.8 | A vulnerability classified as critical was found in Campcodes Online Teacher Record Management System 1.0. Affected by this vulnerability is an unknown functio… |
| CVE-2025-6404 | CVE-2025-6404 CVSS 9.8 | A vulnerability classified as critical has been found in Campcodes Online Teacher Record Management System 1.0. Affected is an unknown function of the file /ad… |
| CVE-2025-6403 | CVE-2025-6403 CVSS 9.8 | A vulnerability was found in code-projects School Fees Payment System 1.0. It has been rated as critical. This issue affects some unknown processing of the fil… |
| CVE-2025-63994 | CVE-2025-63994 CVSS 9.8 | An arbitrary file upload vulnerability in the /php/UploadHandler.php component of RichFilemanager v2.7.6 allows attackers to execute arbitrary code via uploadi… |
| CVE-2025-63958 | CVE-2025-63958 CVSS 9.8 | MILLENSYS Vision Tools Workspace 6.5.0.2585 exposes a sensitive configuration endpoint (/MILLENSYS/settings) that is accessible without authentication. This pa… |
| CVE-2025-6394 | CVE-2025-6394 CVSS 9.8 | A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been declared as critical. Affected by this vulnerability is an u… |
| CVE-2025-63939 | CVE-2025-63939 CVSS 9.8 | Improper input handling in /Grocery/search_products_itname.php, in anirudhkannan Grocery Store Management System 1.0, allows SQL injection via the sitem_name P… |
| CVE-2025-6391 | CVE-2025-6391 CVSS 9.1 | Brocade ASCG before 3.3.0 logs JSON Web Tokens (JWT) in log files. An attacker with access to the log files can withdraw the unencrypted tokens with securit… |
| CVE-2025-6389 | CVE-2025-6389 CVSS 9.8 | The Sneeit Framework plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 8.3 via the sneeit_articles_pagination_c… |
| CVE-2025-63888 | CVE-2025-63888 CVSS 9.8 | The read function in file thinkphp\library\think\template\driver\File.php in ThinkPHP 5.0.24 contains a remote code execution vulnerability. |