31,594 indexed
CVECVE vulnerabilities
31,594 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 3,801–3,850 of 8,314 in Critical · page 77 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-61913 | CVE-2025-61913 CVSS 9.9 | Flowise is a drag & drop user interface to build a customized large language model flow. In versions prior to 3.0.8, WriteFileTool and ReadFileTool in Flowise … |
| CVE-2025-61882 | Oracle E-Business Suite Unspecified Vulnerability KEVCVSS 9.8Oracle | Oracle E-Business Suite contains an unspecified vulnerability in the BI Publisher Integration component. The vulnerability allows unauthenticated attacker with… |
| CVE-2025-6187 | CVE-2025-6187 CVSS 9.8 | The bSecure plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within its order_info REST endpoint in versions 1.3.7 throu… |
| CVE-2025-6185 | CVE-2025-6185 CVSS 9.3 | Leviton AcquiSuite and Energy Monitoring Hub are susceptible to a cross-site scripting vulnerability, allowing an attacker to craft a malicious payload in UR… |
| CVE-2025-61811 | CVE-2025-61811 CVSS 9.1 | ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution… |
| CVE-2025-61809 | CVE-2025-61809 CVSS 9.1 | ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature byp… |
| CVE-2025-61808 | CVE-2025-61808 CVSS 9.1 | ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could lead to ar… |
| CVE-2025-6179 | CVE-2025-6179 CVSS 9.8 | Permissions Bypass in Extension Management in Google ChromeOS 16181.27.0 on managed Chrome devices allows a local attacker to disable extensions and ac… |
| CVE-2025-61781 | CVE-2025-61781 CVSS 9.1 | OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.8.1, the GraphQL mutation "WorkspacePop… |
| CVE-2025-61777 | CVE-2025-61777 CVSS 9.1 | Flag Forge is a Capture The Flag (CTF) platform. Starting in version 2.0.0 and prior to version 2.3.2, the `/api/admin/badge-templates` (GET) and `/api/admin/b… |
| CVE-2025-61757 | Oracle Fusion Middleware Missing Authentication for Critical Function Vulnerability KEVCVSS 9.8Oracle | Oracle Fusion Middleware contains a missing authentication for critical function vulnerability, allowing unauthenticated remote attackers to take over Identity… |
| CVE-2025-6172 | CVE-2025-6172 CVSS 9.8 | Permission vulnerability in the mobile application (com.afmobi.boomplayer) may lead to the risk of unauthorized operation. |
| CVE-2025-6169 | CVE-2025-6169 CVSS 9.8 | The WIMP website co-construction management platform from HAMASTAR Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to i… |
| CVE-2025-61686 | CVE-2025-61686 CVSS 9.1 | React Router is a router for React. In @react-router/node versions 7.0.0 through 7.9.3, @remix-run/deno prior to version 2.17.2, and @remix-run/node prior to v… |
| CVE-2025-6167 | CVE-2025-6167 CVSS 9.8 | A vulnerability classified as critical has been found in themanojdesai python-a2a up to 0.5.5. Affected is the function create_workflow of the file python_a2a/… |
| CVE-2025-61622 | CVE-2025-61622 CVSS 9.8 | Deserialization of untrusted data in python in pyfory versions 0.12.0 through 0.12.2, or the legacy pyfury versions from 0.1.0 through 0.10.3: allows arbitrary… |
| CVE-2025-6161 | CVE-2025-6161 CVSS 9.8 | A vulnerability, which was classified as critical, was found in SourceCodester Simple Food Ordering System 1.0. Affected is an unknown function of the file /ed… |
| CVE-2025-61605 | CVE-2025-61605 CVSS 9.8 | WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain an SQL Injection vulnerability which was identif… |
| CVE-2025-61603 | CVE-2025-61603 CVSS 9.8 | WeGIA is a Web manager for charitable institutions. Versions 3.4.12 and below include an SQL Injection vulnerability which was identified in the /controle/cont… |
| CVE-2025-6160 | CVE-2025-6160 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in SourceCodester Client Database Management System 1.0. This issue affects some unknown proc… |
| CVE-2025-6159 | CVE-2025-6159 CVSS 9.8 | A vulnerability classified as critical was found in code-projects Hostel Management System 1.0. This vulnerability affects unknown code of the file /allocate_r… |
| CVE-2025-6157 | CVE-2025-6157 CVSS 9.8 | A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functi… |
| CVE-2025-6155 | CVE-2025-6155 CVSS 9.8 | A vulnerability was found in PHPGurukul Hostel Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /includes… |
| CVE-2025-61548 | CVE-2025-61548 CVSS 9.8 | SQL Injection is present on the hfInventoryDistFormID parameter in the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Sho… |
| CVE-2025-61546 | CVE-2025-61546 CVSS 9.1 | There is an issue on the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.69) t… |
| CVE-2025-6154 | CVE-2025-6154 CVSS 9.8 | A vulnerability was found in PHPGurukul Hostel Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /includ… |
| CVE-2025-6153 | CVE-2025-6153 CVSS 9.8 | A vulnerability has been found in PHPGurukul Hostel Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admi… |
| CVE-2025-6152 | CVE-2025-6152 CVSS 9.8 | A vulnerability, which was classified as critical, was found in Steel Browser up to 0.1.3. This affects the function handleFileUpload of the file api/src/modul… |
| CVE-2025-61506 | CVE-2025-61506 CVSS 9.8 | An issue was discovered in MediaCrush thru 1.0.1 allowing remote unauthenticated attackers to upload arbitrary files of any size to the /upload endpoint. |
| CVE-2025-61492 | CVE-2025-61492 CVSS 10.0 | A command injection vulnerability in the execute_command function of terminal-controller-mcp 0.1.7 allows attackers to execute arbitrary commands via a crafted… |
| CVE-2025-61481 | CVE-2025-61481 CVSS 10.0 | An issue in MikroTik RouterOS v.7.14.2 and SwOS v.2.18 exposes the WebFig management interface over cleartext HTTP by default, allowing an on-path attacker to … |
| CVE-2025-61455 | CVE-2025-61455 CVSS 9.8 | SQL Injection vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the signup.inc.php endpoint. The application directly incorporates unsa… |
| CVE-2025-61385 | CVE-2025-61385 CVSS 9.6 | SQL injection vulnerability in tlocke pg8000 1.31.4 allows remote attackers to execute arbitrary SQL commands via a specially crafted Python list input to func… |
| CVE-2025-6136 | CVE-2025-6136 CVSS 9.8 | A vulnerability was found in Projectworlds Life Insurance Management System 1.0. It has been rated as critical. This issue affects some unknown processing of t… |
| CVE-2025-6135 | CVE-2025-6135 CVSS 9.8 | A vulnerability was found in Projectworlds Life Insurance Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of t… |
| CVE-2025-6134 | CVE-2025-6134 CVSS 9.8 | A vulnerability was found in Projectworlds Life Insurance Management System 1.0. It has been classified as critical. This affects an unknown part of the file /… |
| CVE-2025-6133 | CVE-2025-6133 CVSS 9.8 | A vulnerability was found in Projectworlds Life Insurance Management System 1.0 and classified as critical. Affected by this issue is some unknown functionalit… |
| CVE-2025-6132 | CVE-2025-6132 CVSS 9.8 | A vulnerability has been found in Chanjet CRM 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /sysconfig… |
| CVE-2025-61318 | CVE-2025-61318 CVSS 9.1 | Emlog Pro 2.5.20 has an arbitrary file deletion vulnerability. This vulnerability stems from the admin/template.php component and the admin/plugin.php componen… |
| CVE-2025-61304 | CVE-2025-61304 CVSS 9.8 | OS command injection vulnerability in Dynatrace ActiveGate ping extension up to 1.016 via crafted ip address. |
| CVE-2025-61303 | CVE-2025-61303 CVSS 9.8 | Hatching Triage Sandbox Windows 10 build 2004 (2025-08-14) and Windows 10 LTSC 2021(2025-08-14) contains a vulnerability in its Windows behavioral analysis eng… |
| CVE-2025-61260 | CVE-2025-61260 CVSS 9.8 | A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP (Model Context Protocol) configuration … |
| CVE-2025-61246 | CVE-2025-61246 CVSS 9.8 | indieka900 online-shopping-system-php 1.0 is vulnerable to SQL Injection in master/review_action.php via the proId parameter. |
| CVE-2025-6124 | CVE-2025-6124 CVSS 9.8 | A vulnerability was found in code-projects Restaurant Order System 1.0 and classified as critical. This issue affects some unknown processing of the file /tabl… |
| CVE-2025-61235 | CVE-2025-61235 CVSS 9.1 | An issue was discovered in Dataphone A920 v2025.07.161103. A custom packet based on public documentation can be crafted, where some fields can contain arbitrar… |
| CVE-2025-6123 | CVE-2025-6123 CVSS 9.8 | A vulnerability has been found in code-projects Restaurant Order System 1.0 and classified as critical. This vulnerability affects unknown code of the file /pa… |
| CVE-2025-6121 | CVE-2025-6121 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in D-Link DIR-632 FW103B08. Affected by this issue is the function get_pure_content of the co… |
| CVE-2025-6118 | CVE-2025-6118 CVSS 9.8 | A vulnerability was found in Das Parking Management System 停车场管理系统 6.2.0. It has been rated as critical. This issue affects some unknown processing of the file… |
| CVE-2025-6117 | CVE-2025-6117 CVSS 9.8 | A vulnerability was found in Das Parking Management System 停车场管理系统 6.2.0. It has been declared as critical. This vulnerability affects unknown code of the file… |
| CVE-2025-61168 | CVE-2025-61168 CVSS 9.8 | An issue in the cms_rest.php component of SIGB PMB v8.0.1.14 allows attackers to execute arbitrary code via unserializing an arbitrary file. |