31,594 indexed
CVECVE vulnerabilities
31,594 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 4,051–4,100 of 8,314 in Critical · page 82 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-58428 | CVE-2025-58428 CVSS 9.9 | The TLS4B ATG system's SOAP-based interface is vulnerable due to its accessibility through the web services handler. This vulnerability enables remote attacker… |
| CVE-2025-58386 | CVE-2025-58386 CVSS 9.8 | In Terminalfour 8 through 8.4.1.1, the userLevel parameter in the user management function is not subject to proper server-side authorization checks. A Power U… |
| CVE-2025-58384 | CVE-2025-58384 CVSS 10.0 | In DOXENSE WATCHDOC before 6.1.1.5332, Deserialization of Untrusted Data can lead to remote code execution through the .NET Remoting library in the Watchdoc ad… |
| CVE-2025-58372 | CVE-2025-58372 CVSS 9.8 | Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a vulnerability where certain VS Code worksp… |
| CVE-2025-58371 | CVE-2025-58371 CVSS 9.8 | Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.26.6 and below, a Github workflow used unsanitized pull request m… |
| CVE-2025-58361 | CVE-2025-58361 CVSS 9.3 | Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and maintaining LLM-powered applications. All versions contain an non-exhaustive URL scheme … |
| CVE-2025-58360 | OSGeo GeoServer Improper Restriction of XML External Entity Reference Vulnerability KEVCVSS 9.8OSGeo | OSGeo GeoServer contains an improper restriction of XML external entity reference vulnerability that occurs when the application accepts XML input through a sp… |
| CVE-2025-58357 | CVE-2025-58357 CVSS 9.6 | 5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Version 0.13.2 contains a vulnerability in the chat page'… |
| CVE-2025-58349 | CVE-2025-58349 CVSS 9.1 | An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, … |
| CVE-2025-58321 | CVE-2025-58321 CVSS 10.0 | Delta Electronics DIALink has an Directory Traversal Authentication Bypass Vulnerability. |
| CVE-2025-58255 | CVE-2025-58255 CVSS 9.6 | Cross-Site Request Forgery (CSRF) vulnerability in yonisink Custom Post Type Images custom-post-types-image allows Code Injection.This issue affects Custom Pos… |
| CVE-2025-58210 | CVE-2025-58210 CVSS 9.8 | Missing Authorization vulnerability in ThemeMove Makeaholic makeaholic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affec… |
| CVE-2025-5821 | CVE-2025-5821 CVSS 9.8 | The Case Theme User plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.3. This is due to the plugin not prop… |
| CVE-2025-58206 | CVE-2025-58206 CVSS 9.8 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove MaxCoach maxcoach allows PHP… |
| CVE-2025-58143 | CVE-2025-58143 CVSS 9.8 | [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are multiple issues rel… |
| CVE-2025-58142 | CVE-2025-58142 CVSS 9.8 | [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are multiple issues rel… |
| CVE-2025-58130 | CVE-2025-58130 CVSS 9.1 | Insufficiently Protected Credentials vulnerability in Apache Fineract. This issue affects Apache Fineract: through 1.11.0. The issue is fixed in version 1.12.… |
| CVE-2025-58083 | CVE-2025-58083 CVSS 10.0 | General Industrial Controls Lynx+ Gateway is missing critical authentication in the embedded web server which could allow an attacker to remotely reset the d… |
| CVE-2025-58068 | CVE-2025-58068 CVSS 9.1 | Eventlet is a concurrent networking library for Python. Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improp… |
| CVE-2025-58059 | CVE-2025-58059 CVSS 9.1 | Valtimo is a platform for Business Process Automation. In versions before 12.16.0.RELEASE, and from 13.0.0.RELEASE to before 13.1.2.RELEASE, any admin that can… |
| CVE-2025-58053 | CVE-2025-58053 CVSS 9.8 | Galette is a membership management web application for non profit organizations. Prior to version 1.2.0, while updating any existing account with a self forged… |
| CVE-2025-58050 | CVE-2025-58050 CVSS 9.1 | The PCRE2 library is a set of C functions that implement regular expression pattern matching. In version 10.45, a heap-buffer-overflow read vulnerability exist… |
| CVE-2025-58048 | CVE-2025-58048 CVSS 9.9 | Paymenter is a free and open-source webshop solution for hostings. Prior to version 1.2.11, the ticket attachments functionality in Paymenter allows a maliciou… |
| CVE-2025-58046 | CVE-2025-58046 CVSS 9.8 | Dataease is an open-source data visualization and analysis platform. In versions up to and including 2.10.12, the Impala data source is vulnerable to remote co… |
| CVE-2025-58045 | CVE-2025-58045 CVSS 9.8 | Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12, the patch introduced to mitigate DB2 JDBC deserializa… |
| CVE-2025-57870 | CVE-2025-57870 CVSS 10.0 | A SQL Injection vulnerability exists in Esri ArcGIS Server versions 11.3, 11.4 and 11.5 on Windows, Linux and Kubernetes. This vulnerability allows a remote, u… |
| CVE-2025-57819 | Sangoma FreePBX Authentication Bypass Vulnerability KEVCVSS 9.8Sangoma | Sangoma FreePBX contains an authentication bypass vulnerability due to insufficiently sanitized user-supplied data allows unauthenticated access to FreePBX Adm… |
| CVE-2025-57807 | CVE-2025-57807 CVSS 9.8 | ImageMagick is free and open-source software used for editing and manipulating digital images. ImageMagick versions lower than 14.8.2 include insecure functio… |
| CVE-2025-57801 | CVE-2025-57801 CVSS 9.1 | gnark is a zero-knowledge proof system framework. In versions prior to 0.14.0, the Verify function in eddsa.go and ecdsa.go used the S value from a signature w… |
| CVE-2025-57795 | CVE-2025-57795 CVSS 9.9 | Explorance Blue versions prior to 8.14.13 contain an authenticated remote file download vulnerability in a web service component. In default configurations, th… |
| CVE-2025-57794 | CVE-2025-57794 CVSS 9.1 | Explorance Blue versions prior to 8.14.9 contain an authenticated unrestricted file upload vulnerability in the administrative interface. The application does … |
| CVE-2025-57792 | CVE-2025-57792 CVSS 10.0 | Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validation of user input in a web application endpoint. A… |
| CVE-2025-5778 | CVE-2025-5778 CVSS 9.8 | A vulnerability, which was classified as critical, was found in 1000 Projects ABC Courier Management System 1.0. Affected is an unknown function of the file /a… |
| CVE-2025-57773 | CVE-2025-57773 CVSS 9.8 | DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, because DB2 parameters are not filtered, a JNDI injecti… |
| CVE-2025-57772 | CVE-2025-57772 CVSS 9.8 | DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, there is a H2 JDBC RCE bypass in DataEase. If the JDBC … |
| CVE-2025-57754 | CVE-2025-57754 CVSS 9.8 | eslint-ban-moment is an Eslint plugin for final assignment in VIHU. In 3.0.0 and earlier, a sensitive Supabase URI is exposed in .env. A valid Supabase URI wit… |
| CVE-2025-57735 | CVE-2025-57735 CVSS 9.1 | When user logged out, the JWT token the user had authtenticated with was not invalidated, which could lead to reuse of that token in case it was intercepted. I… |
| CVE-2025-57644 | CVE-2025-57644 CVSS 9.1 | Accela Automation Platform 22.2.3.0.230103 contains multiple vulnerabilities in the Test Script feature. An authenticated administrative user can execute arbit… |
| CVE-2025-57633 | CVE-2025-57633 CVSS 9.8 | A command injection vulnerability in FTP-Flask-python through 5173b68 allows unauthenticated remote attackers to execute arbitrary OS commands. The /ftp.html e… |
| CVE-2025-57631 | CVE-2025-57631 CVSS 9.8 | SQL Injection vulnerability in TDuckCloud v.5.1 allows a remote attacker to execute arbitrary code via the Add a file upload module |
| CVE-2025-57622 | CVE-2025-57622 CVSS 9.8 | An issue in Step-Video-T2V allows a remote attacker to execute arbitrary code via the /vae-api , /caption-api , feature = pickle.loads(request.get_data()) comp… |
| CVE-2025-57602 | CVE-2025-57602 CVSS 9.8 | Insufficient hardening of the proxyuser account in the AiKaan IoT management platform, combined with the use of a shared, hardcoded SSH private key, allows rem… |
| CVE-2025-57601 | CVE-2025-57601 CVSS 9.8 | AiKaan Cloud Controller uses a single hardcoded SSH private key and the username `proxyuser` for remote terminal access to all managed IoT/edge devices. When a… |
| CVE-2025-5759 | CVE-2025-5759 CVSS 9.8 | A vulnerability classified as critical was found in PHPGurukul Local Services Search Engine Management System 2.1. This vulnerability affects unknown code of t… |
| CVE-2025-57567 | CVE-2025-57567 CVSS 9.1 | A remote code execution (RCE) vulnerability exists in the PluXml CMS theme editor, specifically in the minify.php file located under the default theme director… |
| CVE-2025-5756 | CVE-2025-5756 CVSS 9.8 | A vulnerability was found in code-projects Real Estate Property Management System 1.0. It has been declared as critical. Affected by this vulnerability is an u… |
| CVE-2025-57529 | CVE-2025-57529 CVSS 9.8 | YouDataSum CPAS Audit Management System <=v4.9 is vulnerable to SQL Injection in /cpasList/findArchiveReportByDah due to insufficient input validation. This al… |
| CVE-2025-57515 | CVE-2025-57515 CVSS 9.8 | A SQL injection vulnerability has been identified in Uniclare Student Portal v2. This flaw allows remote attackers to inject arbitrary SQL commands via vulnera… |
| CVE-2025-57460 | CVE-2025-57460 CVSS 9.8 | File upload vulnerability in machsol machpanel 8.0.32 allows attacker to gain a webshell. |
| CVE-2025-5746 | CVE-2025-5746 CVSS 9.8 | The Drag and Drop Multiple File Upload (Pro) - WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in … |