31,594 indexed
CVECVE vulnerabilities
31,594 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 3,851–3,900 of 8,314 in Critical · page 78 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-6116 | CVE-2025-6116 CVSS 9.8 | A vulnerability was found in Das Parking Management System 停车场管理系统 6.2.0. It has been classified as critical. This affects an unknown part of the file /IntraFi… |
| CVE-2025-61140 | CVE-2025-61140 CVSS 9.8 | The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution. |
| CVE-2025-61128 | CVE-2025-61128 CVSS 9.1 | Stack-based buffer overflow vulnerability in WAVLINK QUANTUM D3G/WL-WN530HG3 firmware M30HG3_V240730, and possibly other wavlink models allows attackers to exe… |
| CVE-2025-61045 | CVE-2025-61045 CVSS 9.8 | TOTOLINK X18 V9.1.0cu.2053_B20230309 was discovered to contain a command injection vulnerability via the mac parameter in the setEasyMeshAgentCfg function. |
| CVE-2025-61044 | CVE-2025-61044 CVSS 9.8 | TOTOLINK X18 V9.1.0cu.2053_B20230309 was discovered to contain a command injection vulnerability via the agentName parameter in the setEasyMeshAgentCfg functio… |
| CVE-2025-61043 | CVE-2025-61043 CVSS 9.1 | An out-of-bounds read vulnerability has been discovered in Monkey's Audio 11.31, specifically in the CAPECharacterHelper::GetUTF16FromUTF8 function. The issue … |
| CVE-2025-6098 | CVE-2025-6098 CVSS 9.8 | A vulnerability was found in UTT 进取 750W up to 5.0. It has been classified as critical. This affects the function strcpy of the file /goform/setSysAdm of the c… |
| CVE-2025-6097 | CVE-2025-6097 CVSS 9.8 | A vulnerability was found in UTT 进取 750W up to 5.0 and classified as critical. Affected by this issue is the function formDefineManagement of the file /goform/… |
| CVE-2025-60965 | CVE-2025-60965 CVSS 9.1 | OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary… |
| CVE-2025-60964 | CVE-2025-60964 CVSS 9.1 | OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary… |
| CVE-2025-60957 | CVE-2025-60957 CVSS 9.9 | OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary… |
| CVE-2025-6095 | CVE-2025-6095 CVSS 9.8 | A vulnerability, which was classified as critical, was found in codesiddhant Jasmin Ransomware 1.0.1. Affected is an unknown function of the file /checklogin.p… |
| CVE-2025-60889 | CVE-2025-60889 CVSS 9.8 | Insecure deserialization of untrusted input in StellarGroup HPX 1.11.0 under certain conditions may allow attackers to execute arbitrary code or other unspecif… |
| CVE-2025-6087 | CVE-2025-6087 CVSS 9.1 | A Server-Side Request Forgery (SSRF) vulnerability was identified in the @opennextjs/cloudflare package. The vulnerability stems from an unimplemented feature … |
| CVE-2025-60854 | CVE-2025-60854 CVSS 9.8 | A vulnerability has been found in D-Link R15 (AX1500) 1.20.01 and below. By manipulating the model name parameter during a password change request in the web a… |
| CVE-2025-60803 | CVE-2025-60803 CVSS 9.8 | Antabot White-Jotter up to commit 9bcadc was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the component /api/aaa;/../… |
| CVE-2025-60772 | CVE-2025-60772 CVSS 9.8 | Improper authentication in the web-based management interface of NETLINK HG322G V1.0.00-231017, allows a remote unauthenticated attacker to escalate privileges… |
| CVE-2025-6077 | CVE-2025-6077 CVSS 9.8 | Partner Software's Partner Software Product and corresponding Partner Web application use the same default username and password for the administrator account … |
| CVE-2025-60739 | CVE-2025-60739 CVSS 9.6 | Cross Site Request Forgery (CSRF) vulnerability in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before, Logic Version v6.00 - 2025_07_21 allows a r… |
| CVE-2025-60738 | CVE-2025-60738 CVSS 9.8 | An issue in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before Logic Version v6.00 - 2025_07_21 and before allows a remote attacker to execute arb… |
| CVE-2025-60736 | CVE-2025-60736 CVSS 9.8 | code-projects Online Medicine Guide 1.0 is vulnerable to SQL Injection in /login.php via the upass parameter. |
| CVE-2025-60724 | CVE-2025-60724 CVSS 9.8 | Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network. |
| CVE-2025-6065 | CVE-2025-6065 CVSS 9.1 | The Image Resizer On The Fly plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'delete' task in all… |
| CVE-2025-6058 | CVE-2025-6058 CVSS 9.8 | The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image_upload_handle() function hooked via … |
| CVE-2025-60554 | CVE-2025-60554 CVSS 9.8 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetEnableWizard. |
| CVE-2025-60553 | CVE-2025-60553 CVSS 9.8 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWAN_Wizard52. |
| CVE-2025-60548 | CVE-2025-60548 CVSS 9.8 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formLanSetupRouterSettings. |
| CVE-2025-60534 | CVE-2025-60534 CVSS 9.8 | Blue Access Cobalt v02.000.195 suffers from an authentication bypass vulnerability, which allows an attacker to selectively proxy requests in order to operate … |
| CVE-2025-60355 | CVE-2025-60355 CVSS 9.8 | zhangyd-c OneBlog v2.3.9 and before was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates. |
| CVE-2025-60316 | CVE-2025-60316 CVSS 9.4 | SourceCodester Pet Grooming Management Software 1.0 is vulnerable to SQL Injection in admin/view_customer.php via the ID parameter. |
| CVE-2025-60307 | CVE-2025-60307 CVSS 9.8 | code-projects Computer Laboratory System 1.0 has a SQL injection vulnerability, where entering a universal password in the Password field on the login page can… |
| CVE-2025-60306 | CVE-2025-60306 CVSS 9.9 | code-projects Simple Car Rental System 1.0 has a permission bypass issue where low privilege users can forge high privilege sessions and perform sensitive oper… |
| CVE-2025-60291 | CVE-2025-60291 CVSS 9.1 | An issue was discovered in eTimeTrackLite Web thru 12.0 (20250704). There is a permission control flaw that allows unauthorized attackers to access specific ro… |
| CVE-2025-60279 | CVE-2025-60279 CVSS 9.6 | A server-side request forgery (SSRF) vulnerability in Illia Cloud illia-Builder before v4.8.5 allows authenticated users to send arbitrary requests to internal… |
| CVE-2025-60269 | CVE-2025-60269 CVSS 9.4 | JEEWMS 20250820 is vulnerable to SQL Injection in the exportXls function located in the src/main/java/org/jeecgframework/web/cgreport/controller/excel/CgExport… |
| CVE-2025-60262 | CVE-2025-60262 CVSS 9.8 | An issue in H3C M102G HM1A0V200R010 wireless controller and BA1500L SWBA1A0V100R006 wireless access point, there is a misconfiguration vulnerability about vsft… |
| CVE-2025-60245 | CVE-2025-60245 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in WP User Manager WP User Manager wp-user-manager allows Object Injection.This issue affects WP User Manager: … |
| CVE-2025-60243 | CVE-2025-60243 CVSS 9.8 | Incorrect Privilege Assignment vulnerability in Holest Engineering Selling Commander for WooCommerce selling-commander-connector allows Privilege Escalation.Th… |
| CVE-2025-60238 | CVE-2025-60238 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in universam UNIVERSAM universam-demo allows Object Injection.This issue affects UNIVERSAM: from n/a through <=… |
| CVE-2025-60237 | CVE-2025-60237 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in Themeton Finag allows Object Injection.This issue affects Finag: from n/a through 1.5.0. |
| CVE-2025-60235 | CVE-2025-60235 CVSS 10.0 | Unrestricted Upload of File with Dangerous Type vulnerability in Plugify Support Ticket System for WooCommerce (Premium) support-ticket-system-for-woocommerce … |
| CVE-2025-60233 | CVE-2025-60233 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in Themeton Zuut allows Object Injection.This issue affects Zuut: from n/a through 1.4.2. |
| CVE-2025-60232 | CVE-2025-60232 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in quantumcloud KBx Pro Ultimate knowledgebase-helpdesk-pro allows Object Injection.This issue affects KBx Pro … |
| CVE-2025-60226 | CVE-2025-60226 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in axiomthemes White Rabbit whiterabbit allows Object Injection.This issue affects White Rabbit: from n/a throu… |
| CVE-2025-60225 | CVE-2025-60225 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in AncoraThemes BugsPatrol bugspatrol allows Object Injection.This issue affects BugsPatrol: from n/a through <… |
| CVE-2025-60224 | CVE-2025-60224 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in wpshuffle Subscribe to Download subscribe-to-download allows Object Injection.This issue affects Subscribe t… |
| CVE-2025-60221 | CVE-2025-60221 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in captivateaudio Captivate Sync captivatesync-trade allows Object Injection.This issue affects Captivate Sync:… |
| CVE-2025-60220 | CVE-2025-60220 CVSS 9.8 | Incorrect Privilege Assignment vulnerability in pebas CouponXxL couponxxl allows Privilege Escalation.This issue affects CouponXxL: from n/a through <= 3.0.0. |
| CVE-2025-60219 | CVE-2025-60219 CVSS 10.0 | Unrestricted Upload of File with Dangerous Type vulnerability in HaruTheme WooCommerce Designer Pro wc-designer-pro allows Upload a Web Shell to a Web Server.T… |
| CVE-2025-60216 | CVE-2025-60216 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in BoldThemes Addison addison allows Object Injection.This issue affects Addison: from n/a through < 1.4.8. |