31,594 indexed
CVECVE vulnerabilities
31,594 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 3,651–3,700 of 8,314 in Critical · page 74 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-6388 | CVE-2025-6388 CVSS 9.8 | The Spirit Framework plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.2.14. This is due to the custom_action… |
| CVE-2025-6384 | CVE-2025-6384 CVSS 9.1 | Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of CrafterCMS allows authenticated developers to execute OS commands via… |
| CVE-2025-63807 | CVE-2025-63807 CVSS 9.8 | An issue was discovered in weijiang1994 university-bbs (aka Blogin) in commit 9e06bab430bfc729f27b4284ba7570db3b11ce84 (2025-01-13). A weak verification code g… |
| CVE-2025-6380 | CVE-2025-6380 CVSS 9.8 | The ONLYOFFICE Docs plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within its oo.callback REST endpoint in versions 1.… |
| CVE-2025-63747 | CVE-2025-63747 CVSS 9.8 | QaTraq 6.9.2 ships with administrative account credentials which are enabled in default installations and permit immediate login via the web application login … |
| CVE-2025-63742 | CVE-2025-63742 CVSS 9.8 | SQL Injection vulnerability in function setwxqyAction in file webmain/task/api/loginAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers gain sensitive… |
| CVE-2025-63729 | CVE-2025-63729 CVSS 9.0 | An issue was discovered in Syrotech SY-GPON-1110-WDONT SYRO_3.7L_3.1.02-240517 allowing attackers to exctract the SSL Private Key, CA Certificate, SSL Certific… |
| CVE-2025-63706 | CVE-2025-63706 CVSS 9.8 | NPM package next-npm-version1.0.1 is vulnerable to Command injection. |
| CVE-2025-63704 | CVE-2025-63704 CVSS 9.8 | NPM package query-parser-string 1.0.0 is vulnerable to Prototype Pollution. The package does not properly sanitize user supplied query parameters and merges th… |
| CVE-2025-63703 | CVE-2025-63703 CVSS 9.8 | npm package parse-ini v1.0.6 is vulnerable to Prototype Pollution in index.js(). |
| CVE-2025-63695 | CVE-2025-63695 CVSS 9.8 | DzzOffice v2.3.7 and before is vulnerable to Arbitrary File Upload in /dzz/system/ueditor/php/controller.php. |
| CVE-2025-63694 | CVE-2025-63694 CVSS 9.8 | DzzOffice v2.3.7 and before is vulnerable to SQL Injection in explorer/groupmanage. |
| CVE-2025-63691 | CVE-2025-63691 CVSS 9.6 | In pig-mesh In Pig version 3.8.2 and below, within the Token Management function under the System Management module, the token query interface (/api/admin/sys-… |
| CVE-2025-63690 | CVE-2025-63690 CVSS 9.1 | In pig-mesh Pig versions 3.8.2 and below, when setting up scheduled tasks in the Quartz management function under the system management module, it is possible … |
| CVE-2025-63689 | CVE-2025-63689 CVSS 10.0 | Multiple SQL injection vulnerabilitites in ycf1998 money-pos system before commit 11f276bd20a41f089298d804e43cb1c39d041e59 (2025-09-14) allows a remote attacke… |
| CVE-2025-63685 | CVE-2025-63685 CVSS 9.8 | Quark Cloud Drive v3.23.2 has a DLL Hijacking vulnerability. This vulnerability stems from the insecure loading of system libraries. Specifically, the applicat… |
| CVE-2025-63666 | CVE-2025-63666 CVSS 9.8 | Tenda AC15 v15.03.05.18_multi) issues an authentication cookie that exposes the account password hash to the client and uses a short, low-entropy suffix as the… |
| CVE-2025-63665 | CVE-2025-63665 CVSS 9.8 | An issue in GT Edge AI Community Edition Versions before v2.0.12 allows attackers to execute arbitrary code via injecting a crafted JSON payload into the Promp… |
| CVE-2025-6364 | CVE-2025-6364 CVSS 9.8 | A vulnerability has been found in code-projects Simple Pizza Ordering System 1.0 and classified as critical. Affected by this vulnerability is an unknown funct… |
| CVE-2025-6363 | CVE-2025-6363 CVSS 9.8 | A vulnerability, which was classified as critical, was found in code-projects Simple Pizza Ordering System 1.0. Affected is an unknown function of the file /ad… |
| CVE-2025-63624 | CVE-2025-63624 CVSS 9.8 | SQL Injection vulnerability in Shandong Kede Electronics Co., Ltd IoT smart water meter monitoring platform v.1.0 allows a remote attacker to execute arbitrary… |
| CVE-2025-63622 | CVE-2025-63622 CVSS 9.8 | A vulnerability was found in code-projects Online Complaint Site 1.0. This issue affects some unknown processing of the file /cms/admin/subcategory.php. This m… |
| CVE-2025-6362 | CVE-2025-6362 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in code-projects Simple Pizza Ordering System 1.0. This issue affects some unknown processing… |
| CVE-2025-6361 | CVE-2025-6361 CVSS 9.8 | A vulnerability classified as critical was found in code-projects Simple Pizza Ordering System 1.0. This vulnerability affects unknown code of the file /adds.p… |
| CVE-2025-63601 | CVE-2025-63601 CVSS 9.9 | Snipe-IT before version 8.3.3 contains a remote code execution vulnerability that allows an authenticated attacker to upload a malicious backup file containing… |
| CVE-2025-6360 | CVE-2025-6360 CVSS 9.8 | A vulnerability classified as critical has been found in code-projects Simple Pizza Ordering System 1.0. This affects an unknown part of the file /portal.php. … |
| CVE-2025-6359 | CVE-2025-6359 CVSS 9.8 | A vulnerability was found in code-projects Simple Pizza Ordering System 1.0. It has been rated as critical. Affected by this issue is some unknown functionalit… |
| CVE-2025-6358 | CVE-2025-6358 CVSS 9.8 | A vulnerability was found in code-projects Simple Pizza Ordering System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown fun… |
| CVE-2025-6357 | CVE-2025-6357 CVSS 9.8 | A vulnerability was found in code-projects Simple Pizza Ordering System 1.0. It has been classified as critical. Affected is an unknown function of the file /p… |
| CVE-2025-6356 | CVE-2025-6356 CVSS 9.8 | A vulnerability was found in code-projects Simple Pizza Ordering System 1.0 and classified as critical. This issue affects some unknown processing of the file … |
| CVE-2025-6355 | CVE-2025-6355 CVSS 9.8 | A vulnerability has been found in SourceCodester Online Hotel Reservation System 1.0 and classified as critical. This vulnerability affects unknown code of the… |
| CVE-2025-6354 | CVE-2025-6354 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in code-projects Online Shoe Store 1.0. Affected by this issue is some unknown functionality … |
| CVE-2025-63531 | CVE-2025-63531 CVSS 9.8 | A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the receiverLogin.php component. The application fails to properly sanitize… |
| CVE-2025-6352 | CVE-2025-6352 CVSS 9.1 | A vulnerability classified as problematic has been found in code-projects Automated Voting System 1.0. Affected is an unknown function of the file /vote.php of… |
| CVE-2025-6351 | CVE-2025-6351 CVSS 9.8 | A vulnerability was found in itsourcecode Employee Record Management System 1.0. It has been rated as critical. This issue affects some unknown processing of t… |
| CVE-2025-6346 | CVE-2025-6346 CVSS 9.8 | A vulnerability was found in SourceCodester Advance Charity Management System 1.0. It has been classified as critical. This affects an unknown part of the file… |
| CVE-2025-63453 | CVE-2025-63453 CVSS 9.8 | Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/contact.php. |
| CVE-2025-63452 | CVE-2025-63452 CVSS 9.4 | Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/forgot-pass.php. |
| CVE-2025-63451 | CVE-2025-63451 CVSS 9.8 | Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/sign-in.php. |
| CVE-2025-6344 | CVE-2025-6344 CVSS 9.8 | A vulnerability has been found in code-projects Online Shoe Store 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of… |
| CVE-2025-6343 | CVE-2025-6343 CVSS 9.8 | A vulnerability, which was classified as critical, was found in code-projects Online Shoe Store 1.0. Affected is an unknown function of the file /admin/admin_p… |
| CVE-2025-6342 | CVE-2025-6342 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in code-projects Online Shoe Store 1.0. This issue affects some unknown processing of the fil… |
| CVE-2025-63416 | CVE-2025-63416 CVSS 9.1 | ** exclusively-hosted-service ** A Stored Cross-Site Scripting (XSS) vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticat… |
| CVE-2025-63414 | CVE-2025-63414 CVSS 10.0 | A Path Traversal vulnerability in the Allsky WebUI version v2024.12.06_06 allows an unauthenticated remote attacker to achieve arbitrary command execution. By … |
| CVE-2025-6339 | CVE-2025-6339 CVSS 9.8 | A vulnerability was found in ponaravindb Hospital Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of… |
| CVE-2025-63389 | CVE-2025-63389 CVSS 9.8 | A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and including v0.12.3. The platform exposes multi… |
| CVE-2025-63388 | CVE-2025-63388 CVSS 9.1 | A Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/system-features endpoint. The endpoint implemen… |
| CVE-2025-63386 | CVE-2025-63386 CVSS 9.1 | A Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/setup endpoint. The endpoint implements an inse… |
| CVE-2025-63362 | CVE-2025-63362 CVSS 9.8 | Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway Firmware V3.1.1.0: HW 4.3.2.1: Webpage V7.04T.07.002880.0301 allows attackers to set the A… |
| CVE-2025-63353 | CVE-2025-63353 CVSS 9.8 | A vulnerability in FiberHome GPON ONU HG6145F1 RP4423 allows the device's factory default Wi-Fi password (WPA/WPA2 pre-shared key) to be predicted from the SSI… |