31,594 indexed
CVECVE vulnerabilities
31,594 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 3,951–4,000 of 8,314 in Critical · page 80 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-59735 | CVE-2025-59735 CVSS 9.8 | Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the s… |
| CVE-2025-59719 | CVE-2025-59719 CVSS 9.8fortinet | An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9 may al… |
| CVE-2025-59718 | Fortinet Multiple Products Improper Verification of Cryptographic Signature Vulnerability KEVCVSS 9.8Fortinet | Fortinet FortiOS, FortiSwitchMaster, FortiProxy, and FortiWeb contain an improper verification of cryptographic signature vulnerability that may allow an unaut… |
| CVE-2025-59717 | CVE-2025-59717 CVSS 9.8 | In the @digitalocean/do-markdownit package through 1.16.1 (in npm), the callout and fence_environment plugins perform .includes substring matching if allowedCl… |
| CVE-2025-59707 | CVE-2025-59707 CVSS 9.8 | In N2W before 4.3.2 and 4.4.x before 4.4.1, there is potential remote code execution and account credentials theft because of a spoofing vulnerability. |
| CVE-2025-59706 | CVE-2025-59706 CVSS 9.8 | In N2W before 4.3.2 and 4.4.0 before 4.4.1, improper validation of API request parameters enables remote code execution. |
| CVE-2025-59703 | CVE-2025-59703 CVSS 9.1 | Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a Physically Proximate Attacker to access the internal components of t… |
| CVE-2025-59695 | CVE-2025-59695 CVSS 9.8 | Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a user with OS root access to alter firmware on the Chassis Management… |
| CVE-2025-59693 | CVE-2025-59693 CVSS 9.8 | The Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allows a physically proximate attacker to ob… |
| CVE-2025-59683 | CVE-2025-59683 CVSS 9.1 | Pexip Infinity 15.0 through 38.0 before 38.1 has Improper Access Control in the Secure Scheduler for Exchange service, when used with Office 365 Legacy Exchang… |
| CVE-2025-59681 | CVE-2025-59681 CVSS 9.8 | An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate(), QuerySet.alias(), QuerySet.aggregate(), and … |
| CVE-2025-59557 | CVE-2025-59557 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThemeMove Learts Addons learts-addons allows SQL Injectio… |
| CVE-2025-59545 | CVE-2025-59545 CVSS 9.0 | DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, the Prompt module allows… |
| CVE-2025-59543 | CVE-2025-59543 CVSS 9.0 | Chamilo is a learning management system. Prior to version 1.11.34, there is a stored cross-site scripting (XSS) vulnerability. By injecting malicious JavaScrip… |
| CVE-2025-59542 | CVE-2025-59542 CVSS 9.0 | Chamilo is a learning management system. Prior to version 1.11.34, there is a stored cross-site scripting (XSS) vulnerability. By injecting malicious JavaScrip… |
| CVE-2025-5954 | CVE-2025-5954 CVSS 9.8 | The Service Finder SMS System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.0.0. This… |
| CVE-2025-59528 | CVE-2025-59528 CVSS 10.0 | Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, Flowise is vulnerable to remote code execution. The … |
| CVE-2025-59503 | CVE-2025-59503 CVSS 9.8 | Server-side request forgery (ssrf) in Azure Compute Gallery allows an unauthorized attacker to elevate privileges over a network. |
| CVE-2025-5948 | CVE-2025-5948 CVSS 9.8 | The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0. This is … |
| CVE-2025-59470 | CVE-2025-59470 CVSS 9.0 | This vulnerability allows a Backup Operator to perform remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter. |
| CVE-2025-5947 | CVE-2025-5947 CVSS 9.8 | The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via authentication bypass in all versions up to, and including, 6.0. Thi… |
| CVE-2025-59469 | CVE-2025-59469 CVSS 9.0 | This vulnerability allows a Backup or Tape Operator to write files as root. |
| CVE-2025-59468 | CVE-2025-59468 CVSS 9.1 | This vulnerability allows a Backup Administrator to perform remote code execution (RCE) as the postgres user by sending a malicious password parameter. |
| CVE-2025-59467 | CVE-2025-59467 CVSS 9.6 | A Cross-Site Scripting (XSS) vulnerability in the UCRM Argentina AFIP invoices Plugin (v1.2.0 and earlier) could allow privilege escalation if an Administrator… |
| CVE-2025-59461 | CVE-2025-59461 CVSS 9.8 | A remote unauthenticated attacker may use the unauthenticated C++ API to access or modify sensitive data and disrupt services. |
| CVE-2025-59458 | CVE-2025-59458 CVSS 9.8 | In JetBrains Junie before 252.284.66, 251.284.66, 243.284.66, 252.284.61, 251.284.61, 243.284.61, 252.284.50, 252.284.54, 251.284.54, 251.284.50, 243.284.54, 2… |
| CVE-2025-59434 | CVE-2025-59434 CVSS 9.6 | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to August 2025 Cloud-Hosted Flowise, an authenticated vulnerabil… |
| CVE-2025-59431 | CVE-2025-59431 CVSS 9.8 | MapServer is a system for developing web-based GIS applications. Prior to 8.4.1, the XML Filter Query directive PropertyName is vulnerably to Boolean-based SQL… |
| CVE-2025-59407 | CVE-2025-59407 CVSS 9.8 | The Flock Safety DetectionProcessing com.flocksafety.android.objects application 6.35.33 for Android (installed on Falcon and Sparrow License Plate Readers and… |
| CVE-2025-59403 | CVE-2025-59403 CVSS 9.8 | The Flock Safety Android Collins application (aka com.flocksafety.android.collins) 6.35.31 for Android lacks authentication. It is responsible for the camera f… |
| CVE-2025-59390 | CVE-2025-59390 CVSS 9.8 | Apache Druid’s Kerberos authenticator uses a weak fallback secret when the `druid.auth.authenticator.kerberos.cookieSignatureSecret` configuration is not expli… |
| CVE-2025-59389 | CVE-2025-59389 CVSS 9.8 | An SQL injection vulnerability has been reported to affect Hyper Data Protector. The remote attackers can then exploit the vulnerability to execute unauthorize… |
| CVE-2025-59388 | CVE-2025-59388 CVSS 9.8 | A use of hard-coded password vulnerability has been reported to affect Hyper Data Protector. The remote attackers can then exploit the vulnerability to gain un… |
| CVE-2025-59385 | CVE-2025-59385 CVSS 9.8 | An authentication bypass by spoofing vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit th… |
| CVE-2025-59383 | CVE-2025-59383 CVSS 9.1 | A buffer overflow vulnerability has been reported to affect Media Streaming Add-On. The remote attackers can then exploit the vulnerability to modify memory or… |
| CVE-2025-59377 | CVE-2025-59377 CVSS 9.8 | feiskyer mcp-kubernetes-server through 0.1.11 allows OS command injection, even in read-only mode, via /mcp/kubectl because shell=True is used. NOTE: this is u… |
| CVE-2025-59374 | ASUS Live Update Embedded Malicious Code Vulnerability KEVCVSS 9.8ASUS | ASUS Live Update contains an embedded malicious code vulnerability client were distributed with unauthorized modifications introduced through a supply chain co… |
| CVE-2025-59367 | CVE-2025-59367 CVSS 9.8 | An authentication bypass vulnerability has been identified in certain DSL series routers, may allow remote attackers to gain unauthorized access into the affec… |
| CVE-2025-59361 | CVE-2025-59361 CVSS 9.8 | The cleanIptables mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated i… |
| CVE-2025-59360 | CVE-2025-59360 CVSS 9.8 | The killProcesses mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated i… |
| CVE-2025-59359 | CVE-2025-59359 CVSS 9.8 | The cleanTcs mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cl… |
| CVE-2025-59352 | CVE-2025-59352 CVSS 9.8 | Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the gRPC API and HTTP APIs allow peers to send requests … |
| CVE-2025-59345 | CVE-2025-59345 CVSS 9.1 | Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, The /api/v1/jobs and /preheats endpoints in Manager web … |
| CVE-2025-59340 | CVE-2025-59340 CVSS 10.0 | jinjava is a Java-based template engine based on django template syntax, adapted to render jinja templates. Priori to 2.8.1, by using mapper.getTypeFactory().c… |
| CVE-2025-59304 | CVE-2025-59304 CVSS 9.8 | A directory traversal issue in Swetrix Web Analytics API 3.1.1 before 7d8b972 allows a remote attacker to achieve Remote Code Execution via a crafted HTTP requ… |
| CVE-2025-59287 | Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability KEVCVSS 9.8Microsoft | Microsoft Windows Server Update Service (WSUS) contains a deserialization of untrusted data vulnerability that allows for remote code execution. |
| CVE-2025-59286 | CVE-2025-59286 CVSS 9.3 | Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to disclose information over a n… |
| CVE-2025-59273 | CVE-2025-59273 CVSS 9.8 | Improper access control in Azure Event Grid allows an unauthorized attacker to elevate privileges over a network. |
| CVE-2025-59272 | CVE-2025-59272 CVSS 9.3 | Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to perform information disclosur… |
| CVE-2025-59252 | CVE-2025-59252 CVSS 9.3 | Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to disclose information over a n… |