31,594 indexed
CVECVE vulnerabilities
31,594 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 3,901–3,950 of 8,314 in Critical · page 79 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-60214 | CVE-2025-60214 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in BoldThemes Goldenblatt goldenblatt allows Object Injection.This issue affects Goldenblatt: from n/a through … |
| CVE-2025-60213 | CVE-2025-60213 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in Whitebox-Studio Scape scape allows Object Injection.This issue affects Scape: from n/a through <= 1.5.13. |
| CVE-2025-60210 | CVE-2025-60210 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in wpeverest Everest Forms - Frontend Listing everest-forms-frontend-listing allows Object Injection.This issue… |
| CVE-2025-60209 | CVE-2025-60209 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets wp-gravity-forms-spreadsheets allows Object Injectio… |
| CVE-2025-60207 | CVE-2025-60207 CVSS 10.0 | Unrestricted Upload of File with Dangerous Type vulnerability in Addify Custom User Registration Fields for WooCommerce user-registration-plugin-for-woocommerc… |
| CVE-2025-60206 | CVE-2025-60206 CVSS 10.0 | Improper Control of Generation of Code ('Code Injection') vulnerability in Beplusthemes Alone alone allows Code Injection.This issue affects Alone: from n/a th… |
| CVE-2025-60195 | CVE-2025-60195 CVSS 9.8 | Incorrect Privilege Assignment vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Privilege Escalation.This issue affects Atarim: from n/a t… |
| CVE-2025-60180 | CVE-2025-60180 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Salesforce gf-salesforce-crmperks allows Object Injection.This issue affects WP G… |
| CVE-2025-60178 | CVE-2025-60178 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms HubSpot gf-hubspot allows Object Injection.This issue affects WP Gravity Forms Hu… |
| CVE-2025-60174 | CVE-2025-60174 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Constant Contact Plugin gf-constant-contact allows Object Injection.This issue af… |
| CVE-2025-60156 | CVE-2025-60156 CVSS 9.6 | Cross-Site Request Forgery (CSRF) vulnerability in webandprint AR For WordPress ar-for-wordpress allows Upload a Web Shell to a Web Server.This issue affects A… |
| CVE-2025-60091 | CVE-2025-60091 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Zoho CRM and Bigin gf-zoho allows Object Injection.This issue affects WP Gravity … |
| CVE-2025-60090 | CVE-2025-60090 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Insightly gf-insightly allows Object Injection.This issue affects WP Gravity Form… |
| CVE-2025-60089 | CVE-2025-60089 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms FreshDesk Plugin gf-freshdesk allows Object Injection.This issue affects WP Gravi… |
| CVE-2025-60062 | CVE-2025-60062 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mmetrodw tPlayer tplayer-html5-audio-player-with-playlist… |
| CVE-2025-60039 | CVE-2025-60039 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in rascals Noisa noisa allows Object Injection.This issue affects Noisa: from n/a through <= 2.6.0. |
| CVE-2025-60021 | CVE-2025-60021 CVSS 9.8 | Remote command injection vulnerability in heap profiler builtin service in Apache bRPC ((all versions < 1.15.0)) on all platforms allows attacker to inject rem… |
| CVE-2025-6000 | CVE-2025-6000 CVSS 9.1 | A privileged Vault operator within the root namespace with write permission to {{sys/audit}} may obtain code execution on the underlying host if a plugin direc… |
| CVE-2025-59978 | CVE-2025-59978 CVSS 9.0 | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to sto… |
| CVE-2025-59954 | CVE-2025-59954 CVSS 9.8 | Knowage is an open source analytics and business intelligence suite. Versions 8.1.26 and below are vulnerable to Remote Code Exection through using an unsafe o… |
| CVE-2025-59951 | CVE-2025-59951 CVSS 9.1 | Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The official Docker image for Termix versions 1.… |
| CVE-2025-59947 | CVE-2025-59947 CVSS 9.0 | NanoMQ is a messaging broker/bus for IoT Edge & SDV. Versions prior to 0.24.4 have a buffer overflow case while the PUBLISH packets trigger both shared subscri… |
| CVE-2025-59944 | CVE-2025-59944 CVSS 9.8 | Cursor is a code editor built for programming with AI. Versions 1.6.23 and below contain case-sensitive checks in the way Cursor IDE protects its sensitive fil… |
| CVE-2025-59943 | CVE-2025-59943 CVSS 9.8 | phpMyFAQ is an open source FAQ web application. Versions 4.0-nightly-2025-10-03 and below do not enforce uniqueness of email addresses during user registration… |
| CVE-2025-59937 | CVE-2025-59937 CVSS 9.1 | go-mail is a comprehensive library for sending mails with Go. In versions 0.7.0 and below, due to incorrect handling of the mail.Address values when a sender- … |
| CVE-2025-59936 | CVE-2025-59936 CVSS 9.4 | get-jwks contains fetch utils for JWKS keys. In versions prior to 11.0.2, a vulnerability in get-jwks can lead to cache poisoning in the JWKS key-fetching mech… |
| CVE-2025-59934 | CVE-2025-59934 CVSS 9.4 | Formbricks is an open source qualtrics alternative. Prior to version 4.0.1, Formbricks is missing JWT signature verification. This vulnerability stems from a t… |
| CVE-2025-59870 | CVE-2025-59870 CVSS 9.8 | HCL MyXalytics is affected by improper management of a static JWT signing secret in the web application, where the secret lacks rotation , introducing a secur… |
| CVE-2025-59852 | CVE-2025-59852 CVSS 9.1 | HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability where data is transmitted over the network without encryption, which… |
| CVE-2025-59851 | CVE-2025-59851 CVSS 9.8 | HCL DFXAnalytics is affected by a Using Components with Known Vulnerabilities flaw where the application utilizes unpatched libraries or sub-components, which … |
| CVE-2025-59841 | CVE-2025-59841 CVSS 9.8 | Flag Forge is a Capture The Flag (CTF) platform. In versions from 2.2.0 to before 2.3.1, the FlagForge web application improperly handles session invalidation.… |
| CVE-2025-59834 | CVE-2025-59834 CVSS 9.8 | ADB MCP Server is a MCP (Model Context Protocol) server for interacting with Android devices through ADB. In versions 0.1.0 and prior, the MCP Server is writte… |
| CVE-2025-59832 | CVE-2025-59832 CVSS 9.9 | Horilla is a free and open source Human Resource Management System (HRMS). Prior to version 1.4.0, there is a stored XSS vulnerability in the ticket comment ed… |
| CVE-2025-59828 | CVE-2025-59828 CVSS 9.8 | Claude Code is an agentic coding tool. Prior to Claude Code version 1.0.39, when using Claude Code with Yarn versions 2.0+, Yarn plugins are auto-executed when… |
| CVE-2025-59827 | CVE-2025-59827 CVSS 9.8 | Flag Forge is a Capture The Flag (CTF) platform. In version 2.1.0, the /api/admin/assign-badge endpoint lacks proper access control, allowing any authenticated… |
| CVE-2025-59823 | CVE-2025-59823 CVSS 9.9 | Project Gardener implements the automated management and operation of Kubernetes clusters as a service. Code injection may be possible in Gardener Extensions f… |
| CVE-2025-59818 | CVE-2025-59818 CVSS 9.8 | This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name of an uploaded file. |
| CVE-2025-5980 | CVE-2025-5980 CVSS 9.8 | A vulnerability classified as critical was found in code-projects Restaurant Order System 1.0. This vulnerability affects unknown code of the file /order.php. … |
| CVE-2025-59793 | CVE-2025-59793 CVSS 9.9 | Rocket TRUfusion Enterprise through 7.10.5 exposes the endpoint at /axis2/services/WsPortalV6UpDwAxis2Impl to authenticated users to be able to upload files. H… |
| CVE-2025-5979 | CVE-2025-5979 CVSS 9.8 | A vulnerability classified as critical has been found in code-projects School Fees Payment System 1.0. This affects an unknown part of the file /branch.php. Th… |
| CVE-2025-59786 | CVE-2025-59786 CVSS 9.8 | 2N Access Commander version 3.4.2 and prior improperly invalidates session tokens, allowing multiple session cookies to remain active after logout in web appli… |
| CVE-2025-5977 | CVE-2025-5977 CVSS 9.8 | A vulnerability was found in code-projects School Fees Payment System 1.0 and classified as critical. This issue affects some unknown processing of the file /d… |
| CVE-2025-59743 | CVE-2025-59743 CVSS 9.8 | SQL injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability could allow an attacker to retrieve, create, update, and delete databases by sending … |
| CVE-2025-59742 | CVE-2025-59742 CVSS 9.8 | SQL injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability could allow an attacker to retrieve, create, update, and delete databases by sending … |
| CVE-2025-59741 | CVE-2025-59741 CVSS 9.8 | Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the s… |
| CVE-2025-59740 | CVE-2025-59740 CVSS 9.8 | Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the s… |
| CVE-2025-59739 | CVE-2025-59739 CVSS 9.8 | Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the s… |
| CVE-2025-59738 | CVE-2025-59738 CVSS 9.8 | Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the s… |
| CVE-2025-59737 | CVE-2025-59737 CVSS 9.8 | Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the s… |
| CVE-2025-59736 | CVE-2025-59736 CVSS 9.8 | Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the s… |