31,594 indexed
CVECVE vulnerabilities
31,594 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 4,251–4,300 of 8,314 in Critical · page 86 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-55244 | CVE-2025-55244 CVSS 9.0 | Azure Bot Service Elevation of Privilege Vulnerability |
| CVE-2025-55241 | CVE-2025-55241 CVSS 10.0 | Azure Entra ID Elevation of Privilege Vulnerability |
| CVE-2025-55234 | CVE-2025-55234 CVSS 9.8 | SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform rel… |
| CVE-2025-55232 | CVE-2025-55232 CVSS 9.8 | Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an unauthorized attacker to execute code over a network. |
| CVE-2025-55213 | CVE-2025-55213 CVSS 9.8 | OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.9.3 to v1.9.4 ( ope… |
| CVE-2025-55208 | CVE-2025-55208 CVSS 9.0 | Chamilo is a learning management system. Versions prior to 1.11.34 have a Stored XSS through insecure file uploads in `Social Networks`. Through it, a low-priv… |
| CVE-2025-55205 | CVE-2025-55205 CVSS 9.0 | Capsule is a multi-tenancy and policy-based framework for Kubernetes. A namespace label injection vulnerability in Capsule v0.10.3 and earlier allows authentic… |
| CVE-2025-55204 | CVE-2025-55204 CVSS 9.6 | muffon is a cross-platform music streaming client for desktop. Versions prior to 2.3.0 have a one-click Remote Code Execution (RCE) vulnerability in. An attack… |
| CVE-2025-55190 | CVE-2025-55190 CVSS 9.9 | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. In versions 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0 through 3.0.12 and 3… |
| CVE-2025-55187 | CVE-2025-55187 CVSS 9.9 | In DriveLock 24.1.4 before 24.1.5, 24.2.5 before 24.2.6, and 25.1.2 before 25.1.4, attackers can gain elevated privileges. |
| CVE-2025-55182 | Meta React Server Components Remote Code Execution Vulnerability KEVCVSS 10.0Meta | Meta React Server Components contains a remote code execution vulnerability that could allow unauthenticated remote code execution by exploiting a flaw in how … |
| CVE-2025-55168 | CVE-2025-55168 CVSS 9.8 | WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a SQL Injection vulnerability … |
| CVE-2025-55167 | CVE-2025-55167 CVSS 9.8 | WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a SQL Injection vulnerability … |
| CVE-2025-55161 | CVE-2025-55161 CVSS 9.8 | Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/markdown… |
| CVE-2025-55151 | CVE-2025-55151 CVSS 9.8 | Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, the "convert file to pdf" functionality… |
| CVE-2025-55150 | CVE-2025-55150 CVSS 9.8 | Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/html/pdf… |
| CVE-2025-55130 | CVE-2025-55130 CVSS 9.1 | A flaw in Node.js’s Permissions model allows attackers to bypass `--allow-fs-read` and `--allow-fs-write` restrictions using crafted relative symlink paths. By… |
| CVE-2025-55125 | CVE-2025-55125 CVSS 9.8 | This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as root by creating a malicious backup configuration file. |
| CVE-2025-5512 | CVE-2025-5512 CVSS 9.8 | A vulnerability, which was classified as critical, was found in quequnlong shiyi-blog up to 1.2.1. Affected is an unknown function of the file /api/sys/user/ve… |
| CVE-2025-55113 | CVE-2025-55113 CVSS 10.0 | If the Access Control List is enforced by the Control-M/Agent and the C router is in use (default in Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 a… |
| CVE-2025-55109 | CVE-2025-55109 CVSS 9.0 | An authentication bypass vulnerability exists in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions when… |
| CVE-2025-55108 | CVE-2025-55108 CVSS 10.0 | The Control-M/Agent is vulnerable to unauthenticated remote code execution, arbitrary file read and write and similar unauthorized actions when mutual SSL/TLS … |
| CVE-2025-55100 | CVE-2025-55100 CVSS 9.1 | In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_audio10_sam_parse_… |
| CVE-2025-5510 | CVE-2025-5510 CVSS 9.8 | A vulnerability classified as critical was found in quequnlong shiyi-blog up to 1.2.1. This vulnerability affects unknown code of the file /app/sys/article/opt… |
| CVE-2025-5509 | CVE-2025-5509 CVSS 9.8 | A vulnerability classified as critical has been found in quequnlong shiyi-blog up to 1.2.1. This affects an unknown part of the file /api/file/upload. The mani… |
| CVE-2025-55089 | CVE-2025-55089 CVSS 9.8 | In FileX before 6.4.2, the file support module for Eclipse Foundation ThreadX, there was a possible buffer overflow in the FileX RAM disk driver. It could caus… |
| CVE-2025-55086 | CVE-2025-55086 CVSS 9.8 | In NetXDuo version before 6.4.4, a networking support module for Eclipse Foundation ThreadX, in the DHCPV6 client there was an unchecked index extracting the s… |
| CVE-2025-55081 | CVE-2025-55081 CVSS 9.1 | In Eclipse Foundation NextX Duo before 6.4.4, a module of ThreadX, the _nx_secure_tls_process_clienthello() function was missing length verification of certai… |
| CVE-2025-55058 | CVE-2025-55058 CVSS 9.8 | CWE-20 Improper Input Validation |
| CVE-2025-55055 | CVE-2025-55055 CVSS 9.8 | CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
| CVE-2025-55051 | CVE-2025-55051 CVSS 10.0 | CWE-1392: Use of Default Credentials |
| CVE-2025-55050 | CVE-2025-55050 CVSS 9.8 | CWE-1242: Inclusion of Undocumented Features |
| CVE-2025-55049 | CVE-2025-55049 CVSS 9.1 | Use of Default Cryptographic Key (CWE-1394) |
| CVE-2025-55048 | CVE-2025-55048 CVSS 9.8 | Multiple CWE-78 |
| CVE-2025-55037 | CVE-2025-55037 CVSS 9.8 | Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in TkEasyGUI versions prior to v1.0.22. If this vulnera… |
| CVE-2025-55031 | CVE-2025-55031 CVSS 9.8 | Malicious pages could use Firefox for iOS to pass FIDO: links to the OS and trigger the hybrid passkey transport. An attacker within Bluetooth range could have… |
| CVE-2025-5502 | CVE-2025-5502 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in TOTOLINK X15 1.0.0-B20230714.1105. Affected by this issue is the function formMapReboot of… |
| CVE-2025-54997 | CVE-2025-54997 CVSS 9.1 | OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and … |
| CVE-2025-5499 | CVE-2025-5499 CVSS 9.8 | A vulnerability classified as critical has been found in slackero phpwcms up to 1.9.45/1.10.8. Affected is the function is_file/getimagesize of the file image_… |
| CVE-2025-54987 | CVE-2025-54987 CVSS 9.8 | A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute co… |
| CVE-2025-54982 | CVE-2025-54982 CVSS 9.6 | An improper verification of cryptographic signature in Zscaler's SAML authentication mechanism on the server-side allowed an authentication abuse. |
| CVE-2025-5497 | CVE-2025-5497 CVSS 9.8 | A vulnerability was detected in slackero phpwcms up to 1.9.45/1.10.8. The impacted element is an unknown function of the file include/inc_module/mod_feedimport… |
| CVE-2025-54957 | CVE-2025-54957 CVSS 9.8 | An issue was discovered in Dolby UDC 4.5 through 4.13. A crash of the DD+ decoder process can occur when a malformed DD+ bitstream is processed. When Evolution… |
| CVE-2025-54952 | CVE-2025-54952 CVSS 9.8 | An integer overflow vulnerability in the loading of ExecuTorch models can cause smaller-than-expected memory regions to be allocated, potentially resulting in … |
| CVE-2025-54951 | CVE-2025-54951 CVSS 9.8 | A group of related buffer overflow vulnerabilities in the loading of ExecuTorch models can cause the runtime to crash and potentially result in code execution … |
| CVE-2025-54950 | CVE-2025-54950 CVSS 9.8 | An out-of-bounds access vulnerability in the loading of ExecuTorch models can cause the runtime to crash and potentially result in code execution or other unde… |
| CVE-2025-5495 | CVE-2025-5495 CVSS 9.8 | A vulnerability was found in Netgear WNR614 1.1.0.28_1.0.1WW. It has been classified as critical. This affects an unknown part of the component URL Handler. Th… |
| CVE-2025-54949 | CVE-2025-54949 CVSS 9.8 | A heap buffer overflow vulnerability in the loading of ExecuTorch models can potentially result in code execution or other undesirable effects. This issue affe… |
| CVE-2025-54948 | Trend Micro Apex One OS Command Injection Vulnerability KEVCVSS 9.8Trend Micro | Trend Micro Apex One Management Console (on-premise) contains an OS command injection vulnerability that could allow a pre-authenticated remote attacker to upl… |
| CVE-2025-54947 | CVE-2025-54947 CVSS 9.8 | In Apache StreamPark versions 2.0.0 through 2.1.7, a security vulnerability involving a hard-coded encryption key exists. This vulnerability occurs because the… |