31,594 indexed
CVECVE vulnerabilities
31,594 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 4,201–4,250 of 8,314 in Critical · page 85 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-5577 | CVE-2025-5577 CVSS 9.8 | A vulnerability, which was classified as critical, was found in PHPGurukul Dairy Farm Shop Management System 1.3. Affected is an unknown function of the file /… |
| CVE-2025-5576 | CVE-2025-5576 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in PHPGurukul Dairy Farm Shop Management System 1.3. This issue affects some unknown processi… |
| CVE-2025-55754 | CVE-2025-55754 CVSS 9.6 | Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If … |
| CVE-2025-5575 | CVE-2025-5575 CVSS 9.8 | A vulnerability classified as critical was found in PHPGurukul Dairy Farm Shop Management System 1.3. This vulnerability affects unknown code of the file /add-… |
| CVE-2025-55747 | CVE-2025-55747 CVSS 9.1 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 6.1-milestone-2 through 16.10.6, configur… |
| CVE-2025-5574 | CVE-2025-5574 CVSS 9.8 | A vulnerability classified as critical has been found in PHPGurukul Dairy Farm Shop Management System 1.3. This affects an unknown part of the file /add-compan… |
| CVE-2025-55733 | CVE-2025-55733 CVSS 9.6 | DeepChat is a smart assistant that connects powerful AI to your personal world. DeepChat before 0.3.1 has a one-click remote code execution vulnerability. An … |
| CVE-2025-55730 | CVE-2025-55730 CVSS 10.0 | XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5… |
| CVE-2025-5573 | CVE-2025-5573 CVSS 9.8 | A vulnerability was found in D-Link DCS-932L 2.18.01. It has been rated as critical. Affected by this issue is the function setSystemWizard/setSystemControl of… |
| CVE-2025-55729 | CVE-2025-55729 CVSS 10.0 | XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5… |
| CVE-2025-55728 | CVE-2025-55728 CVSS 9.8 | XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5… |
| CVE-2025-55727 | CVE-2025-55727 CVSS 9.8 | XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5… |
| CVE-2025-55705 | CVE-2025-55705 CVSS 9.8 | This vulnerability occurs when the system permits multiple simultaneous connections to the backend using the same charging station ID. This can result in una… |
| CVE-2025-55637 | CVE-2025-55637 CVSS 9.8 | Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 was discovered to contain a command injection vulnerability via the… |
| CVE-2025-5562 | CVE-2025-5562 CVSS 9.8 | A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionalit… |
| CVE-2025-55619 | CVE-2025-55619 CVSS 9.8 | Reolink v4.54.0.4.20250526 was discovered to contain a hardcoded encryption key and initialization vector. An attacker can leverage this vulnerability to decry… |
| CVE-2025-55613 | CVE-2025-55613 CVSS 9.8 | Tenda O3V2 1.0.0.12(3880) is vulnerable to Buffer Overflow in the fromSafeSetMacFilter function via the mac parameter. |
| CVE-2025-5561 | CVE-2025-5561 CVSS 9.8 | A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown fun… |
| CVE-2025-5560 | CVE-2025-5560 CVSS 9.8 | A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /i… |
| CVE-2025-55591 | CVE-2025-55591 CVSS 9.8 | TOTOLINK-A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability in the devicemac parameter in the formMapDel endpoint. |
| CVE-2025-55583 | CVE-2025-55583 CVSS 9.8 | D-Link DIR-868L B1 router firmware version FW2.05WWB02 contains an unauthenticated OS command injection vulnerability in the fileaccess.cgi component. The endp… |
| CVE-2025-55575 | CVE-2025-55575 CVSS 9.8 | SQL Injection vulnerability in SMM Panel 3.1 allowing remote attackers to gain sensitive information via a crafted HTTP request with action=service_detail. |
| CVE-2025-5553 | CVE-2025-5553 CVSS 9.8 | A vulnerability classified as critical was found in PHPGurukul Rail Pass Management System 1.0. Affected by this vulnerability is an unknown functionality of t… |
| CVE-2025-55526 | CVE-2025-55526 CVSS 9.1 | n8n-workflows Main Commit ee25413 allows attackers to execute a directory traversal via the download_workflow function within api_server.py |
| CVE-2025-5551 | CVE-2025-5551 CVSS 9.8 | A vulnerability was found in FreeFloat FTP Server 1.0. It has been classified as critical. This affects an unknown part of the component SYSTEM Command Handler… |
| CVE-2025-5550 | CVE-2025-5550 CVSS 9.8 | A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. Affected by this issue is some unknown functionality of the component PBSZ Co… |
| CVE-2025-5549 | CVE-2025-5549 CVSS 9.8 | A vulnerability has been found in FreeFloat FTP Server 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the compon… |
| CVE-2025-5548 | CVE-2025-5548 CVSS 9.8 | A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. Affected is an unknown function of the component NOOP Command Handler… |
| CVE-2025-5547 | CVE-2025-5547 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. This issue affects some unknown processing of the component CDUP… |
| CVE-2025-55469 | CVE-2025-55469 CVSS 9.8 | Incorrect access control in youlai-boot v2.21.1 allows attackers to escalate privileges and access the Administrator backend. |
| CVE-2025-55444 | CVE-2025-55444 CVSS 9.8 | A SQL injection vulnerability exists in the id2 parameter of the cancel_booking.php page in Online Artwork and Fine Arts MCA Project 1.0. A remote attacker can… |
| CVE-2025-55443 | CVE-2025-55443 CVSS 9.1 | Telpo MDM 1.4.6 thru 1.4.9 for Android contains sensitive administrator credentials and MQTT server connection details (IP/port) that are stored in plaintext w… |
| CVE-2025-55423 | CVE-2025-55423 CVSS 9.8 | A command injection vulnerability exists in the upnp_relay() function in multiple ipTIME router models because the controlURL value used to pass port-forwardin… |
| CVE-2025-55398 | CVE-2025-55398 CVSS 9.8 | An issue was discovered in mouse07410 asn1c thru 0.9.29 (2025-03-20) - a fork of vlm asn1c. In UPER (Unaligned Packed Encoding Rules), asn1c-generated decoders… |
| CVE-2025-55346 | CVE-2025-55346 CVSS 9.8 | User-controlled input flows to an unsafe implementation of a dynamic Function constructor, allowing network attackers to run arbitrary unsandboxed JS code in t… |
| CVE-2025-55343 | CVE-2025-55343 CVSS 9.9 | Quipux 4.0.1 through e1774ac allows authenticated users to conduct SQL injection attacks via busqueda/busqueda.php txt_depe_codi, busqueda/busqueda.php txt_usu… |
| CVE-2025-55321 | CVE-2025-55321 CVSS 9.3 | Improper neutralization of input during web page generation ('cross-site scripting') in Azure Monitor allows an unauthorized attacker to perform spoofing over … |
| CVE-2025-55319 | CVE-2025-55319 CVSS 9.8 | Ai command injection in Agentic AI and Visual Studio Code allows an unauthorized attacker to execute code over a network. |
| CVE-2025-55315 | CVE-2025-55315 CVSS 9.9 | Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature ove… |
| CVE-2025-55306 | CVE-2025-55306 CVSS 9.8 | GenX_FX is an advance IA trading platform that will focus on forex trading. A vulnerability was identified in the GenX FX backend where API keys and authentica… |
| CVE-2025-55299 | CVE-2025-55299 CVSS 9.4 | VaulTLS is a modern solution for managing mTLS (mutual TLS) certificates. Prior to 0.9.1, user accounts created through the User web UI have an empty but not N… |
| CVE-2025-55294 | CVE-2025-55294 CVSS 9.8 | screenshot-desktop allows capturing a screenshot of your local machine. This vulnerability is a command injection issue. When user-controlled input is passed i… |
| CVE-2025-55293 | CVE-2025-55293 CVSS 9.8 | Meshtastic is an open source mesh networking solution. Prior to v2.6.3, an attacker can send NodeInfo with a empty publicKey first, then overwrite it with a ne… |
| CVE-2025-55289 | CVE-2025-55289 CVSS 9.0 | Chamilo is a learning management system. Prior to version 1.11.34, there is a stored XSS vulnerability in Chamilo LMS (Verison 1.11.32) allows an attacker to i… |
| CVE-2025-55270 | CVE-2025-55270 CVSS 9.8 | HCL Aftermarket DPC is affected by Improper Input Validation which allows an attacker to inject executable code and can carry out attacks such as XSS, SQL Inje… |
| CVE-2025-55269 | CVE-2025-55269 CVSS 9.8 | HCL Aftermarket DPC is affected by Weak Password Policy vulnerability, which makes it easier for attackers to guess weak passwords or use brute-force technique… |
| CVE-2025-55267 | CVE-2025-55267 CVSS 9.8 | HCL Aftermarket DPC is affected by Unrestricted File Upload vulnerability, allows attacker to upload and execute malicious scripts, gaining full control over t… |
| CVE-2025-55261 | CVE-2025-55261 CVSS 9.8 | HCL Aftermarket DPC is affected by Missing Functional Level Access Control which will allow attacker to escalate his privileges and may compromise the applicat… |
| CVE-2025-55252 | CVE-2025-55252 CVSS 9.8 | HCL AION version 2 is affected by a Weak Password Policy vulnerability. This can allow the use of easily guessable passwords, potentially resulting in unauth… |
| CVE-2025-55251 | CVE-2025-55251 CVSS 9.8 | HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution … |