31,594 indexed
CVECVE vulnerabilities
31,594 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 4,101–4,150 of 8,314 in Critical · page 83 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-57441 | CVE-2025-57441 CVSS 9.8 | The Blackmagic ATEM Mini Pro 2.7 exposes sensitive device and stream configuration information via an unauthenticated Telnet service on port 9990. Upon connect… |
| CVE-2025-57437 | CVE-2025-57437 CVSS 9.8 | The Blackmagic Web Presenter HD firmware version 3.3 exposes sensitive information via an unauthenticated Telnet service on port 9977. When connected, the serv… |
| CVE-2025-57432 | CVE-2025-57432 CVSS 9.8 | Blackmagic Web Presenter version 3.3 exposes a Telnet service on port 9977 that accepts unauthenticated commands. This service allows remote attackers to manip… |
| CVE-2025-57347 | CVE-2025-57347 CVSS 9.8 | A vulnerability exists in the 'dagre-d3-es' Node.js package version 7.0.9, specifically within the 'bk' module's addConflict function, which fails to properly … |
| CVE-2025-57321 | CVE-2025-57321 CVSS 9.8 | A Prototype Pollution vulnerability in the util-deps.addFileDepend function of magix-combine-ex versions thru 1.2.10 allows attackers to inject properties on O… |
| CVE-2025-57285 | CVE-2025-57285 CVSS 9.8 | codeceptjs 3.7.3 contains a command injection vulnerability in the emptyFolder function (lib/utils.js). The execSync command directly concatenates the user-con… |
| CVE-2025-57266 | CVE-2025-57266 CVSS 9.8 | An issue was discovered in file AssistantController.java in ThriveX Blogging Framework 2.5.9 thru 3.1.3 allowing unauthenticated attackers to gain sensitive in… |
| CVE-2025-57247 | CVE-2025-57247 CVSS 9.1 | The BATBToken smart contract (address 0xfbf1388408670c02f0dbbb74251d8ded1d63b7a2, Compiler Version v0.8.26+commit.8a97fa7a) contains incorrect access control i… |
| CVE-2025-57174 | CVE-2025-57174 CVSS 9.8 | An issue was discovered in Siklu Communications Etherhaul 8010TX and 1200FX devices, Firmware 7.4.0 through 10.7.3 and possibly other previous versions. The rf… |
| CVE-2025-57148 | CVE-2025-57148 CVSS 9.1 | phpgurukul Online Shopping Portal 2.0 is vulnerable to Arbitrary File Upload in /admin/insert-product.php, due to the lack of extension validation. |
| CVE-2025-57141 | CVE-2025-57141 CVSS 9.8 | rsbi-os 4.7 is vulnerable to Remote Code Execution (RCE) in sqlite-jdbc. |
| CVE-2025-57140 | CVE-2025-57140 CVSS 9.8 | rsbi-pom 4.7 is vulnerable to SQL Injection in the /bi/service/model/DatasetService path. |
| CVE-2025-57119 | CVE-2025-57119 CVSS 9.8 | An issue in Online Library Management System v.3.0 allows an attacker to escalate privileges via the adminlogin.php component and the Login function |
| CVE-2025-57118 | CVE-2025-57118 CVSS 9.8 | An issue in PHPGurukul Online-Library-Management-System v3.0 allows an attacker to escalate privileges via the index.php |
| CVE-2025-57108 | CVE-2025-57108 CVSS 9.8 | Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap use-after-free vulnerability in vtkGLTFDocumentLoader. The vulnerability manifests during mes… |
| CVE-2025-57105 | CVE-2025-57105 CVSS 9.8 | The DI-7400G+ router has a command injection vulnerability, which allows attackers to execute arbitrary commands on the device. The sub_478D28 function in in m… |
| CVE-2025-57085 | CVE-2025-57085 CVSS 9.8 | Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the v17 parameter in the UploadCfg function. This vulnerability allows attackers to… |
| CVE-2025-5707 | CVE-2025-5707 CVSS 9.8 | A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been rated as critical. Affected by this issue is some unkn… |
| CVE-2025-5706 | CVE-2025-5706 CVSS 9.8 | A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been declared as critical. Affected by this vulnerability i… |
| CVE-2025-57052 | CVE-2025-57052 CVSS 9.8 | cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c, allowing remote attackers to bypass a… |
| CVE-2025-5698 | CVE-2025-5698 CVSS 9.8 | A vulnerability, which was classified as critical, was found in Brilliance Golden Link Secondary System up to 20250424. Affected is an unknown function of the … |
| CVE-2025-5697 | CVE-2025-5697 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in Brilliance Golden Link Secondary System up to 20250424. This issue affects some unknown pr… |
| CVE-2025-5696 | CVE-2025-5696 CVSS 9.8 | A vulnerability classified as critical was found in Brilliance Golden Link Secondary System up to 20250424. This vulnerability affects unknown code of the file… |
| CVE-2025-5685 | CVE-2025-5685 CVSS 9.8 | A vulnerability, which was classified as critical, was found in Tenda CH22 1.0.0.1. This affects the function formNatlimit of the file /goform/Natlimit. The ma… |
| CVE-2025-56819 | CVE-2025-56819 CVSS 9.8 | An issue in Datart v.1.0.0-rc.3 allows a remote attacker to execute arbitrary code via the INIT connection parameter. |
| CVE-2025-56795 | CVE-2025-56795 CVSS 9.0 | Mealie 3.0.1 and earlier is vulnerable to Stored Cross-Site Scripting (XSS) in the recipe creation functionality. Unsanitized user input in the "note" and "tex… |
| CVE-2025-5677 | CVE-2025-5677 CVSS 9.8 | A vulnerability was found in Campcodes Online Recruitment Management System 1.0. It has been rated as critical. This issue affects some unknown processing of t… |
| CVE-2025-5676 | CVE-2025-5676 CVSS 9.8 | A vulnerability was found in Campcodes Online Recruitment Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of t… |
| CVE-2025-56752 | CVE-2025-56752 CVSS 9.4 | A vulnerability in the Ruijie RG-ES series switch firmware ESW_1.0(1)B1P39 enables remote attackers to fully bypass authentication mechanisms, providing them w… |
| CVE-2025-5675 | CVE-2025-5675 CVSS 9.8 | A vulnerability was found in Campcodes Online Teacher Record Management System 1.0. It has been classified as critical. This affects an unknown part of the fil… |
| CVE-2025-56749 | CVE-2025-56749 CVSS 9.4 | Creativeitem Academy LMS up to and including 6.14 uses a hardcoded default JWT secret for token signing. This predictable secret allows attackers to forge vali… |
| CVE-2025-56683 | CVE-2025-56683 CVSS 9.6 | A cross-site scripting (XSS) vulnerability in the component /app/marketplace.html of Logseq v0.10.9 allows attackers to execute arbitrary code via injecting ar… |
| CVE-2025-5667 | CVE-2025-5667 CVSS 9.8 | A vulnerability was found in FreeFloat FTP Server 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the component REI… |
| CVE-2025-5666 | CVE-2025-5666 CVSS 9.8 | A vulnerability was found in FreeFloat FTP Server 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the comp… |
| CVE-2025-5665 | CVE-2025-5665 CVSS 9.8 | A vulnerability was found in FreeFloat FTP Server 1.0. It has been classified as critical. Affected is an unknown function of the component XCWD Command Handle… |
| CVE-2025-56643 | CVE-2025-56643 CVSS 9.1 | Requarks Wiki.js 2.5.307 does not properly revoke or invalidate active JWT tokens when a user logs out. As a result, previously issued tokens remain valid and … |
| CVE-2025-5664 | CVE-2025-5664 CVSS 9.8 | A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. This issue affects some unknown processing of the component RESTART Command H… |
| CVE-2025-5663 | CVE-2025-5663 CVSS 9.8 | A vulnerability has been found in PHPGurukul Auto Taxi Stand Management System 1.0 and classified as critical. This vulnerability affects unknown code of the f… |
| CVE-2025-5662 | CVE-2025-5662 CVSS 9.8 | A deserialization vulnerability exists in the H2O-3 REST API (POST /99/ImportSQLTable) that affects all versions up to 3.46.0.7. This vulnerability allows remo… |
| CVE-2025-56590 | CVE-2025-56590 CVSS 9.8 | An issue was discovered in the InsertFromURL() function of the Apryse HTML2PDF SDK thru 11.10. This vulnerability could allow an attacker to execute arbitrary … |
| CVE-2025-56557 | CVE-2025-56557 CVSS 9.1 | An issue discovered in the Tuya Smart Life App 5.6.1 allows attackers to unprivileged control Matter devices via the Matter protocol. |
| CVE-2025-56513 | CVE-2025-56513 CVSS 9.8 | NiceHash QuickMiner 6.12.0 perform software updates over HTTP without validating digital signatures or hash checks. An attacker capable of intercepting or redi… |
| CVE-2025-5650 | CVE-2025-5650 CVSS 9.8 | A vulnerability classified as critical was found in 1000projects Online Notice Board 1.0. This vulnerability affects unknown code of the file /register.php. Th… |
| CVE-2025-56447 | CVE-2025-56447 CVSS 9.8 | TM2 Monitoring v3.04 contains an authentication bypass and plaintext credential disclosure. |
| CVE-2025-56425 | CVE-2025-56425 CVSS 9.1 | An issue was discovered in the AppConnector component version 10.10.0.183 and earlier of enaio 10.10, in the AppConnector component version 11.0.0.183 and earl… |
| CVE-2025-56422 | CVE-2025-56422 CVSS 9.8 | A deserialization vulnerability in LimeSurvey before v6.15.0+250623 allows a remote attacker to execute arbitrary code on the server. |
| CVE-2025-5639 | CVE-2025-5639 CVSS 9.8 | A vulnerability was found in PHPGurukul Notice Board System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /f… |
| CVE-2025-56385 | CVE-2025-56385 CVSS 9.8 | A SQL injection vulnerability exists in the login functionality of WellSky Harmony version 4.1.0.2.83 within the 'xmHarmony.asp' endpoint. User-supplied input … |
| CVE-2025-5637 | CVE-2025-5637 CVSS 9.8 | A vulnerability, which was classified as critical, was found in PCMan FTP Server 2.0.7. Affected is an unknown function of the component SYSTEM Command Handler… |
| CVE-2025-5636 | CVE-2025-5636 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. This issue affects some unknown processing of the component SET Co… |