31,594 indexed
CVECVE vulnerabilities
31,594 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 3,701–3,750 of 8,314 in Critical · page 75 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-63334 | CVE-2025-63334 CVSS 9.8 | PocketVJ CP PocketVJ-CP-v3 pvj version 3.9.1 contains an unauthenticated remote code execution vulnerability in the submit_opacity.php component. The applicati… |
| CVE-2025-63314 | CVE-2025-63314 CVSS 10.0 | A static password reset token in the password reset function of DDSN Interactive Acora CMS v10.7.1 allows attackers to arbitrarily reset the user password and … |
| CVE-2025-6330 | CVE-2025-6330 CVSS 9.8 | A vulnerability classified as critical has been found in PHPGurukul Directory Management System 1.0. Affected is an unknown function of the file /searchdata.ph… |
| CVE-2025-63289 | CVE-2025-63289 CVSS 9.1 | Sogexia Android App Compile Affected SDK v35, Max SDK 32 and fixed in v36, was discovered to contain hardcoded encryption keys in the encryption_helper.dart fi… |
| CVE-2025-6327 | CVE-2025-6327 CVSS 10.0 | Unrestricted Upload of File with Dangerous Type vulnerability in KingAddons.com King Addons for Elementor king-addons allows Upload a Web Shell to a Web Server… |
| CVE-2025-6325 | CVE-2025-6325 CVSS 9.8 | Incorrect Privilege Assignment vulnerability in KingAddons.com King Addons for Elementor king-addons allows Privilege Escalation.This issue affects King Addons… |
| CVE-2025-6323 | CVE-2025-6323 CVSS 9.8 | A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0. It has been classified as critical. This affects an unknown part of the file /enrollm… |
| CVE-2025-63228 | CVE-2025-63228 CVSS 9.8 | The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains an unauthenticated file upload vulnerability in the /upload_file.php end… |
| CVE-2025-63225 | CVE-2025-63225 CVSS 9.8 | The Eurolab ELTS100_UBX device (firmware version ELTS100v1.UBX) is vulnerable to Broken Access Control due to missing authentication on critical administrative… |
| CVE-2025-63224 | CVE-2025-63224 CVSS 10.0 | The Itel DAB Encoder (IDEnc build 25aec8d) is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid JW… |
| CVE-2025-63223 | CVE-2025-63223 CVSS 9.8 | The Axel Technology StreamerMAX MK II devices (firmware versions 0.8.5 to 1.0.3) are vulnerable to Broken Access Control due to missing authentication on the /… |
| CVE-2025-63221 | CVE-2025-63221 CVSS 9.1 | The Axel Technology puma devices (firmware versions 0.8.5 to 1.0.3) are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFc… |
| CVE-2025-6322 | CVE-2025-6322 CVSS 9.8 | A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0 and classified as critical. Affected by this issue is some unknown functionality of th… |
| CVE-2025-63218 | CVE-2025-63218 CVSS 9.8 | The Axel Technology WOLF1MS and WOLF2MS devices (firmware versions 0.8.5 to 1.0.3) are vulnerable to Broken Access Control due to missing authentication on the… |
| CVE-2025-63217 | CVE-2025-63217 CVSS 9.8 | The Itel DAB MUX (IDMUX build c041640a) is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid JWT t… |
| CVE-2025-63216 | CVE-2025-63216 CVSS 10.0 | The Itel DAB Gateway (IDGat build c041640a) is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid J… |
| CVE-2025-63213 | CVE-2025-63213 CVSS 9.8 | The QVidium Opera11 device (firmware version 2.9.0-Ax4x-opera11) is vulnerable to Remote Code Execution (RCE) due to improper input validation on the /cgi-bin/… |
| CVE-2025-63210 | CVE-2025-63210 CVSS 9.8 | The Newtec Celox UHD (models: CELOXA504, CELOXA820) running firmware version celox-21.6.13 is vulnerable to an authentication bypass. An attacker can exploit t… |
| CVE-2025-63207 | CVE-2025-63207 CVSS 9.8 | The R.V.R Elettronica TEX product (firmware TEXL-000400, Web GUI TLAN-000400) is vulnerable to broken access control due to improper authentication checks on t… |
| CVE-2025-63206 | CVE-2025-63206 CVSS 9.8 | An authentication bypass issue was discovered in Dasan Switch DS2924 web based interface, firmware versions 1.01.18 and 1.02.00, allowing attackers to gain esc… |
| CVE-2025-6318 | CVE-2025-6318 CVSS 9.8 | A vulnerability classified as critical was found in PHPGurukul Pre-School Enrollment System 1.0. This vulnerability affects unknown code of the file /admin/che… |
| CVE-2025-6317 | CVE-2025-6317 CVSS 9.8 | A vulnerability classified as critical has been found in code-projects Online Shoe Store 1.0. This affects an unknown part of the file /admin/confirm.php. The … |
| CVE-2025-6316 | CVE-2025-6316 CVSS 9.8 | A vulnerability was found in code-projects Online Shoe Store 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the fi… |
| CVE-2025-6315 | CVE-2025-6315 CVSS 9.8 | A vulnerability was found in code-projects Online Shoe Store 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality … |
| CVE-2025-6314 | CVE-2025-6314 CVSS 9.8 | A vulnerability was found in Campcodes Sales and Inventory System 1.0. It has been classified as critical. Affected is an unknown function of the file /pages/c… |
| CVE-2025-6313 | CVE-2025-6313 CVSS 9.8 | A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. This issue affects some unknown processing of the file /pages… |
| CVE-2025-6312 | CVE-2025-6312 CVSS 9.8 | A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. This vulnerability affects unknown code of the file /pag… |
| CVE-2025-6311 | CVE-2025-6311 CVSS 9.8 | A vulnerability, which was classified as critical, was found in Campcodes Sales and Inventory System 1.0. This affects an unknown part of the file /pages/accou… |
| CVE-2025-6310 | CVE-2025-6310 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this issue is some unknown f… |
| CVE-2025-6307 | CVE-2025-6307 CVSS 9.8 | A vulnerability was found in code-projects Online Shoe Store 1.0. It has been rated as critical. This issue affects some unknown processing of the file /functi… |
| CVE-2025-6306 | CVE-2025-6306 CVSS 9.8 | A vulnerability was found in code-projects Online Shoe Store 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/… |
| CVE-2025-6305 | CVE-2025-6305 CVSS 9.8 | A vulnerability was found in code-projects Online Shoe Store 1.0. It has been classified as critical. This affects an unknown part of the file /admin/admin_fea… |
| CVE-2025-6304 | CVE-2025-6304 CVSS 9.8 | A vulnerability was found in code-projects Online Shoe Store 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /… |
| CVE-2025-6303 | CVE-2025-6303 CVSS 9.8 | A vulnerability has been found in code-projects Online Shoe Store 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of… |
| CVE-2025-6300 | CVE-2025-6300 CVSS 9.8 | A vulnerability classified as critical was found in PHPGurukul Employee Record Management System 1.3. This vulnerability affects unknown code of the file /admi… |
| CVE-2025-6296 | CVE-2025-6296 CVSS 9.8 | A vulnerability was found in code-projects Hostel Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of… |
| CVE-2025-62959 | CVE-2025-62959 CVSS 9.1 | Improper Control of Generation of Code ('Code Injection') vulnerability in videowhisper Paid Videochat Turnkey Site ppv-live-webcams allows Remote Code Inclusi… |
| CVE-2025-6295 | CVE-2025-6295 CVSS 9.8 | A vulnerability was found in code-projects Hostel Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functio… |
| CVE-2025-6294 | CVE-2025-6294 CVSS 9.8 | A vulnerability was found in code-projects Hostel Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /conta… |
| CVE-2025-6293 | CVE-2025-6293 CVSS 9.8 | A vulnerability was found in code-projects Hostel Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /con… |
| CVE-2025-62878 | CVE-2025-62878 CVSS 9.9 | A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensiti… |
| CVE-2025-62877 | CVE-2025-62877 CVSS 9.8 | Projects using the SUSE Virtualization (Harvester) environment may expose the OS default ssh login password if they are using the 1.5.x or 1.6.x interactive i… |
| CVE-2025-62864 | CVE-2025-62864 CVSS 9.8 | Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices before 4.4.5.2, and AmpereOne M devices before 5.4.5.1 allow an incorrectly formed SMC cal… |
| CVE-2025-62863 | CVE-2025-62863 CVSS 9.8 | Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices before 4.4.5.2, and AmpereOne M devices before 5.4.5.1 allow an incorrectly formed SMC cal… |
| CVE-2025-62849 | CVE-2025-62849 CVSS 9.8 | An SQL injection vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to e… |
| CVE-2025-6282 | CVE-2025-6282 CVSS 9.8 | A vulnerability was found in xlang-ai OpenAgents up to ff2e46440699af1324eb25655b622c4a131265bb and classified as critical. Affected by this issue is the funct… |
| CVE-2025-62818 | CVE-2025-62818 CVSS 9.8 | An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, … |
| CVE-2025-6280 | CVE-2025-6280 CVSS 9.8 | A vulnerability, which was classified as critical, was found in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function download_attachment of the f… |
| CVE-2025-62799 | CVE-2025-62799 CVSS 9.8 | Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6… |
| CVE-2025-6278 | CVE-2025-6278 CVSS 9.8 | A vulnerability classified as critical was found in Upsonic up to 0.55.6. This vulnerability affects the function os.path.join of the file markdown/server.py. … |