31,594 indexed
CVECVE vulnerabilities
31,594 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 3,751–3,800 of 8,314 in Critical · page 76 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-6277 | CVE-2025-6277 CVSS 9.8 | A vulnerability classified as critical has been found in Brilliance Golden Link Secondary System up to 20250609. This affects an unknown part of the file /stor… |
| CVE-2025-6276 | CVE-2025-6276 CVSS 9.8 | A vulnerability was found in Brilliance Golden Link Secondary System up to 20250609. It has been rated as critical. Affected by this issue is some unknown func… |
| CVE-2025-62718 | CVE-2025-62718 CVSS 9.9 | Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when check… |
| CVE-2025-62717 | CVE-2025-62717 CVSS 9.1 | Emlog is an open source website building system. In version 2.5.23, Emlog Pro is vulnerable to a session verification code error due to a clearing logic error.… |
| CVE-2025-62691 | CVE-2025-62691 CVSS 9.8 | Security Point (Windows) of MaLion and MaLionCloud contains a stack-based buffer overflow vulnerability in processing HTTP headers. Receiving a specially craft… |
| CVE-2025-6267 | CVE-2025-6267 CVSS 9.8 | A vulnerability was found in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. It has been rated as critical. This issue affects some unk… |
| CVE-2025-6266 | CVE-2025-6266 CVSS 9.8 | A vulnerability was detected in Teledyne FLIR AX8 up to 1.46. Affected by this vulnerability is an unknown functionality of the file /upload.php. Performing ma… |
| CVE-2025-62650 | CVE-2025-62650 CVSS 9.9 | The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for use of the diagnostic screen. |
| CVE-2025-62645 | CVE-2025-62645 CVSS 9.9 | The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows a remote authenticated attacker to obtain a token with administrative pr… |
| CVE-2025-62630 | CVE-2025-62630 CVSS 9.8 | Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to traverse directories and achieve remote code execution wit… |
| CVE-2025-62616 | CVE-2025-62616 CVSS 9.8 | AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autog… |
| CVE-2025-62615 | CVE-2025-62615 CVSS 9.8 | AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autog… |
| CVE-2025-62608 | CVE-2025-62608 CVSS 9.1 | MLX is an array framework for machine learning on Apple silicon. Prior to version 0.29.4, there is a heap buffer overflow in mlx::core::load() when parsing mal… |
| CVE-2025-6260 | CVE-2025-6260 CVSS 9.8 | The embedded web server on the thermostat listed version ranges contain a vulnerability that allows unauthenticated attackers, either on the local area network… |
| CVE-2025-62596 | CVE-2025-62596 CVSS 10.0 | Youki is a container runtime written in Rust. In versions 0.5.6 and below, youki’s apparmor handling performs insufficiently strict write-target validation, an… |
| CVE-2025-62586 | CVE-2025-62586 CVSS 9.8 | OPEXUS FOIAXpress allows a remote, unauthenticated attacker to reset the administrator password. Fixed in FOIAXpress version 11.13.2.0. |
| CVE-2025-62583 | CVE-2025-62583 CVSS 9.8 | Whale Browser before 4.33.325.17 allows an attacker to escape the iframe sandbox in a dual-tab environment. |
| CVE-2025-62582 | CVE-2025-62582 CVSS 9.8deltaww | Delta Electronics DIAView has multiple vulnerabilities. |
| CVE-2025-62581 | CVE-2025-62581 CVSS 9.8deltaww | Delta Electronics DIAView has multiple vulnerabilities. |
| CVE-2025-62521 | CVE-2025-62521 CVSS 9.8 | ChurchCRM is an open-source church management system. Prior to version 5.21.0, a pre-authentication remote code execution vulnerability in ChurchCRM's setup wi… |
| CVE-2025-62515 | CVE-2025-62515 CVSS 9.8 | pyquokka is a framework for making data lakes work for time series. In versions 0.3.1 and prior, the FlightServer class directly uses pickle.loads() to deseria… |
| CVE-2025-62484 | CVE-2025-62484 CVSS 9.8 | Inefficient regular expression complexity in certain Zoom Workplace Clients before version 6.5.10 may allow an unauthenticated user to conduct an escalation of… |
| CVE-2025-62481 | CVE-2025-62481 CVSS 9.8 | Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.2.… |
| CVE-2025-62373 | CVE-2025-62373 CVSS 9.8 | Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. Versions 0.0.41 through 0.0.93 have a vulnerabili… |
| CVE-2025-6237 | CVE-2025-6237 CVSS 9.8 | A vulnerability in invokeai version v6.0.0a1 and below allows attackers to perform path traversal and arbitrary file deletion via the GET /api/v1/images/downlo… |
| CVE-2025-62368 | CVE-2025-62368 CVSS 9.0 | Taiga is an open source project management platform. In versions 6.8.3 and earlier, a remote code execution vulnerability exists in the Taiga API due to unsafe… |
| CVE-2025-62354 | CVE-2025-62354 CVSS 9.8 | Improper neutralization of special elements used in an OS command ('command injection') in Cursor allows an unauthorized attacker to execute commands that are … |
| CVE-2025-62353 | CVE-2025-62353 CVSS 9.8 | A path traversal vulnerability in all versions of the Windsurf IDE enables a threat actor to read and write arbitrary local files in and outside of current pro… |
| CVE-2025-62319 | CVE-2025-62319 CVSS 9.8hcltech | Boolean-Based SQL Injection is a type of blind SQL injection where an attacker manipulates SQL queries by injecting Boolean conditions (TRUE or FALSE) into app… |
| CVE-2025-6222 | CVE-2025-6222 CVSS 9.8 | The WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User Wallet theme for WordPress is vulnerable to arbitrary file uploa… |
| CVE-2025-62207 | CVE-2025-62207 CVSS 9.8 | Azure Monitor Elevation of Privilege Vulnerability |
| CVE-2025-62193 | CVE-2025-62193 CVSS 9.8 | Sites running NOAA PMEL Live Access Server (LAS) are vulnerable to remote code execution via specially crafted requests that include PyFerret expressions. By l… |
| CVE-2025-62161 | CVE-2025-62161 CVSS 10.0 | Youki is a container runtime written in Rust. In versions 0.5.6 and below, the initial validation of the source /dev/null is insufficient, allowing container e… |
| CVE-2025-6216 | CVE-2025-6216 CVSS 9.8 | Allegra calculateTokenExpDate Password Recovery Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on aff… |
| CVE-2025-62065 | CVE-2025-62065 CVSS 9.9 | Unrestricted Upload of File with Dangerous Type vulnerability in Rometheme RTMKit rometheme-for-elementor.This issue affects RTMKit: from n/a through <= 1.6.5. |
| CVE-2025-62064 | CVE-2025-62064 CVSS 9.8 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Elated-Themes Search & Go search-and-go allows Password Recovery Exploitation.This is… |
| CVE-2025-62056 | CVE-2025-62056 CVSS 9.9 | Unrestricted Upload of File with Dangerous Type vulnerability in blazethemes News Event news-event.This issue affects News Event: from n/a through <= 1.0.1. |
| CVE-2025-62050 | CVE-2025-62050 CVSS 9.9 | Unrestricted Upload of File with Dangerous Type vulnerability in blazethemes Blogmatic blogmatic.This issue affects Blogmatic: from n/a through <= 1.0.3. |
| CVE-2025-6205 | Dassault Systèmes DELMIA Apriso Missing Authorization Vulnerability KEVCVSS 9.1Dassault Systèmes | Dassault Systèmes DELMIA Apriso contains a missing authorization vulnerability that could allow an attacker to gain privileged access to the application. |
| CVE-2025-62047 | CVE-2025-62047 CVSS 9.9 | Unrestricted Upload of File with Dangerous Type vulnerability in Case-Themes Case Addons case-addons.This issue affects Case Addons: from n/a through < 1.3.0. |
| CVE-2025-62025 | CVE-2025-62025 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in eyecix JobSearch wp-jobsearch.This issue affects JobSearch: from n/a through < 3.0.8. |
| CVE-2025-62023 | CVE-2025-62023 CVSS 9.0 | Improper Control of Generation of Code ('Code Injection') vulnerability in Cristián Lávaque s2Member s2member.This issue affects s2Member: from n/a through <= … |
| CVE-2025-62016 | CVE-2025-62016 CVSS 9.9 | Unrestricted Upload of File with Dangerous Type vulnerability in hogash KALLYAS kallyas.This issue affects KALLYAS: from n/a through <= 4.22.0. |
| CVE-2025-61956 | CVE-2025-61956 CVSS 9.8 | Radiometrics VizAir is vulnerable to a lack of authentication mechanisms for critical functions, such as admin access and API requests. Attackers can modify co… |
| CVE-2025-61945 | CVE-2025-61945 CVSS 9.8 | Radiometrics VizAir is vulnerable to any remote attacker via access to the admin panel of the VizAir system without authentication. Once inside, the attacker c… |
| CVE-2025-61937 | CVE-2025-61937 CVSS 10.0 | The vulnerability, if exploited, could allow an unauthenticated miscreant to achieve remote code execution under OS system privileges of “taoimr” service, po… |
| CVE-2025-61934 | CVE-2025-61934 CVSS 10.0 | A binding to an unrestricted IP address vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an unauthentica… |
| CVE-2025-61932 | Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability KEVCVSS 9.8Motex | Motex LANSCOPE Endpoint Manager contains an improper verification of source of a communication channel vulnerability allowing an attacker to execute arbitrary … |
| CVE-2025-61929 | CVE-2025-61929 CVSS 9.6 | Cherry Studio is a desktop client that supports for multiple LLM providers. Cherry Studio registers a custom protocol called `cherrystudio://`. When handling t… |
| CVE-2025-61922 | CVE-2025-61922 CVSS 9.1 | PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. Starting in version 1.3.0 and prior to versions 4.4.1 and 5.0.5, miss… |