31,594 indexed
CVECVE vulnerabilities
31,594 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 4,001–4,050 of 8,314 in Critical · page 81 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-59247 | CVE-2025-59247 CVSS 9.8 | Azure PlayFab Elevation of Privilege Vulnerability |
| CVE-2025-59246 | CVE-2025-59246 CVSS 9.8 | Azure Entra ID Elevation of Privilege Vulnerability |
| CVE-2025-59245 | CVE-2025-59245 CVSS 9.8 | Microsoft SharePoint Online Elevation of Privilege Vulnerability |
| CVE-2025-59218 | CVE-2025-59218 CVSS 9.6 | Azure Entra ID Elevation of Privilege Vulnerability |
| CVE-2025-59171 | CVE-2025-59171 CVSS 9.8 | Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to traverse directories and achieve remote code execution wit… |
| CVE-2025-59159 | CVE-2025-59159 CVSS 9.6 | SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-… |
| CVE-2025-5913 | CVE-2025-5913 CVSS 9.8 | A vulnerability was found in PHPGurukul Vehicle Record Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the … |
| CVE-2025-5906 | CVE-2025-5906 CVSS 9.8 | A vulnerability classified as critical has been found in code-projects Laundry System 1.0. This affects an unknown part of the file /data/. The manipulation le… |
| CVE-2025-59059 | CVE-2025-59059 CVSS 9.8 | Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in Apache Ranger versions <= 2.7.0. Users are recommended to upgrade to version 2… |
| CVE-2025-59053 | CVE-2025-59053 CVSS 9.6 | AIRI is a self-hosted, artificial intelligence based Grok Companion. In v0.7.2-beta.2 in the `packages/stage-ui/src/components/MarkdownRenderer.vue` path, the … |
| CVE-2025-59046 | CVE-2025-59046 CVSS 9.8 | The npm package `interactive-git-checkout` is an interactive command-line tool that allows users to checkout a git branch while it prompts for the branch name … |
| CVE-2025-59041 | CVE-2025-59041 CVSS 9.8 | Claude Code is an agentic coding tool. At startup, Claude Code executed a command templated in with `git config user.email`. Prior to version 1.0.105, a malici… |
| CVE-2025-59007 | CVE-2025-59007 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in themesflat TF Woo Product Grid Addon For Elementor tf-woo-product-grid allows Object Injection.This issue af… |
| CVE-2025-58998 | CVE-2025-58998 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in Cristián Lávaque s2Member s2member allows Object Injection.This issue affects s2Member: from n/a through <= … |
| CVE-2025-58997 | CVE-2025-58997 CVSS 9.6 | Cross-Site Request Forgery (CSRF) vulnerability in Frenify Mow mow allows Code Injection.This issue affects Mow: from n/a through <= 4.10. |
| CVE-2025-58996 | CVE-2025-58996 CVSS 9.1 | Unrestricted Upload of File with Dangerous Type vulnerability in Helmut Wandl Advanced Settings advanced-settings allows Upload a Web Shell to a Web Server.Thi… |
| CVE-2025-58963 | CVE-2025-58963 CVSS 10.0 | Unrestricted Upload of File with Dangerous Type vulnerability in 7oroof Medcity medcity allows Upload a Web Shell to a Web Server.This issue affects Medcity: f… |
| CVE-2025-58951 | CVE-2025-58951 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in smartcms Advance Seat Reservation Management for WooComme… |
| CVE-2025-58935 | CVE-2025-58935 CVSS 9.8 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Lunna lunna allows PHP Loc… |
| CVE-2025-5893 | CVE-2025-5893 CVSS 9.8 | Smart Parking Management System from Honding Technology has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to ac… |
| CVE-2025-58819 | CVE-2025-58819 CVSS 9.1 | Unrestricted Upload of File with Dangerous Type vulnerability in CreedAlly Bulk Featured Image bulk-featured-image allows Upload a Web Shell to a Web Server.Th… |
| CVE-2025-5881 | CVE-2025-5881 CVSS 9.8 | A vulnerability was found in code-projects Chat System up to 1.0 and classified as critical. This issue affects some unknown processing of the file /user/confi… |
| CVE-2025-58768 | CVE-2025-58768 CVSS 9.6 | DeepChat is a smart assistant uses artificial intelligence. Prior to version 0.3.5, in the Mermaid chart rendering component, there is a risky operation of dir… |
| CVE-2025-58766 | CVE-2025-58766 CVSS 9.0 | Dyad is a local AI app builder. A critical security vulnerability has been discovered that affected Dyad v0.19.0 and earlier versions that allows attackers to … |
| CVE-2025-58764 | CVE-2025-58764 CVSS 9.8 | Claude Code is an agentic coding tool. Due to an error in command parsing, versions prior to 1.0.105 were vulnerable to a bypass of the Claude Code confirmatio… |
| CVE-2025-58750 | CVE-2025-58750 CVSS 9.1 | rAthena is an open-source cross-platform massively multiplayer online role playing game (MMORPG) server. Versions prior to commit 0cc348b are missing a bound c… |
| CVE-2025-58748 | CVE-2025-58748 CVSS 9.8 | Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12 the H2 data source implementation (H2.java) does not v… |
| CVE-2025-58746 | CVE-2025-58746 CVSS 9.0 | The Volkov Labs Business Links panel for Grafana provides an interface to navigate using external links, internal dashboards, time pickers, and dropdown menus.… |
| CVE-2025-5869 | CVE-2025-5869 CVSS 9.8 | A vulnerability, which was classified as critical, was found in RT-Thread 5.1.0. Affected is the function sys_recvfrom of the file rt-thread/components/lwp/lwp… |
| CVE-2025-5868 | CVE-2025-5868 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in RT-Thread 5.1.0. This issue affects the function sys_thread_sigprocmask of the file rt-thr… |
| CVE-2025-5867 | CVE-2025-5867 CVSS 9.8 | A vulnerability classified as critical was found in RT-Thread 5.1.0. This vulnerability affects the function csys_sendto of the file rt-thread/components/lwp/l… |
| CVE-2025-58668 | CVE-2025-58668 CVSS 9.8 | Missing Authorization vulnerability in VibeThemes WPLMS wplms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLMS… |
| CVE-2025-5866 | CVE-2025-5866 CVSS 9.8 | A vulnerability classified as critical has been found in RT-Thread 5.1.0. This affects the function sys_sigprocmask of the file rt-thread/components/lwp/lwp_sy… |
| CVE-2025-5865 | CVE-2025-5865 CVSS 9.8 | A vulnerability was found in RT-Thread 5.1.0. It has been rated as critical. Affected by this issue is the function sys_select of the file rt-thread/components… |
| CVE-2025-58636 | CVE-2025-58636 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Keap/Infusionsoft gf-infusionsoft allows Object Injection.This issue affects WP G… |
| CVE-2025-5863 | CVE-2025-5863 CVSS 9.8 | A vulnerability was found in Tenda AC5 15.03.06.47. It has been classified as critical. Affected is the function formSetRebootTimer of the file /goform/SetRebo… |
| CVE-2025-58628 | CVE-2025-58628 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav Miraculous miraculous allows Blind SQL Injec… |
| CVE-2025-58627 | CVE-2025-58627 CVSS 9.8 | Authorization Bypass Through User-Controlled Key vulnerability in kamleshyadav Miraculous Core Plugin miraculouscore allows Exploiting Incorrectly Configured A… |
| CVE-2025-5862 | CVE-2025-5862 CVSS 9.8 | A vulnerability was found in Tenda AC7 15.03.06.44 and classified as critical. This issue affects the function formSetPPTPUserList of the file /goform/setPptpU… |
| CVE-2025-5861 | CVE-2025-5861 CVSS 9.8 | A vulnerability has been found in Tenda AC7 15.03.06.44 and classified as critical. This vulnerability affects the function fromadvsetlanip of the file /goform… |
| CVE-2025-5860 | CVE-2025-5860 CVSS 9.8 | A vulnerability, which was classified as critical, was found in PHPGurukul Maid Hiring Management System 1.0. This affects an unknown part of the file /admin/s… |
| CVE-2025-58587 | CVE-2025-58587 CVSS 9.8 | The application does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it possible for an … |
| CVE-2025-5856 | CVE-2025-5856 CVSS 9.8 | A vulnerability has been found in PHPGurukul BP Monitoring Management System 1.0 and classified as critical. This vulnerability affects unknown code of the fil… |
| CVE-2025-5855 | CVE-2025-5855 CVSS 9.8 | A vulnerability, which was classified as critical, was found in Tenda AC6 15.03.05.16. This affects the function formSetRebootTimer of the file /goform/SetRebo… |
| CVE-2025-58462 | CVE-2025-58462 CVSS 9.8 | OPEXUS FOIAXpress Public Access Link (PAL) before version 11.13.1.0 allows SQL injection via SearchPopularDocs.aspx. A remote, unauthenticated attacker could r… |
| CVE-2025-58448 | CVE-2025-58448 CVSS 9.8 | rAthena is an open-source cross-platform massively multiplayer online role playing game (MMORPG) server. Versions prior to commit 0d89ae0 have a SQL Injection … |
| CVE-2025-58447 | CVE-2025-58447 CVSS 9.8 | rAthena is an open-source cross-platform massively multiplayer online role playing game (MMORPG) server. Versions prior to commit 2f5248b have a heap-based buf… |
| CVE-2025-58443 | CVE-2025-58443 CVSS 9.1 | FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1673 and below contain an authentication bypass vulnerabili… |
| CVE-2025-58439 | CVE-2025-58439 CVSS 9.1 | ERP is a free and open source Enterprise Resource Planning tool. In versions below 14.89.2 and 15.0.0 through 15.75.1, lack of validation of parameters left ce… |
| CVE-2025-58434 | CVE-2025-58434 CVSS 9.8 | Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5 and earlier, the `forgot-password` endpoint in Flowis… |