31,594 indexed
CVECVE vulnerabilities
31,594 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 4,301–4,350 of 8,314 in Critical · page 87 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-54946 | CVE-2025-54946 CVSS 9.8 | A SQL injection vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary SQL commands. |
| CVE-2025-54945 | CVE-2025-54945 CVSS 9.8 | An external control of file name or path vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary… |
| CVE-2025-54944 | CVE-2025-54944 CVSS 9.8 | An unrestricted upload of file with dangerous type vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to write m… |
| CVE-2025-54943 | CVE-2025-54943 CVSS 9.8 | A missing authorization vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to perform unauthorized application d… |
| CVE-2025-54942 | CVE-2025-54942 CVSS 9.8 | A missing authentication for critical function vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to access depl… |
| CVE-2025-5493 | CVE-2025-5493 CVSS 9.8 | A vulnerability was found in Baison Channel Middleware Product 2.0.1 and classified as critical. Affected by this issue is some unknown functionality of the fi… |
| CVE-2025-54914 | CVE-2025-54914 CVSS 9.8 | Azure Networking Elevation of Privilege Vulnerability |
| CVE-2025-54887 | CVE-2025-54887 CVSS 9.1 | jwe is a Ruby implementation of the RFC 7516 JSON Web Encryption (JWE) standard. In versions 1.1.0 and below, authentication tags of encrypted JWEs can be brut… |
| CVE-2025-54875 | CVE-2025-54875 CVSS 9.8 | FreshRSS is a free, self-hostable RSS aggregator. In versions 1.16.0 and above through 1.26.3, an unprivileged attacker can create a new admin user when regist… |
| CVE-2025-54874 | CVE-2025-54874 CVSS 9.8 | OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG from 2.5.1 through 2.5.3, a call to opj_jp2_read_header may lead to OOB heap memory write when the data… |
| CVE-2025-54865 | CVE-2025-54865 CVSS 9.8 | Tilesheets MediaWiki Extension adds a table lookup parser function for an item and returns the requested image. A missing backtick in a query executed by the T… |
| CVE-2025-54863 | CVE-2025-54863 CVSS 9.8 | Radiometrics VizAir is vulnerable to exposure of the system's REST API key through a publicly accessible configuration file. This allows attackers to remotely … |
| CVE-2025-5486 | CVE-2025-5486 CVSS 9.8 | The WP Email Debug plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the WPMDBUG_handle_settings() function in ve… |
| CVE-2025-54857 | CVE-2025-54857 CVSS 9.8 | Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in SkyBridge BASIC MB-A130 Ver.1.5.8 and earlier. If ex… |
| CVE-2025-54816 | CVE-2025-54816 CVSS 9.8 | This vulnerability occurs when a WebSocket endpoint does not enforce proper authentication mechanisms, allowing unauthorized users to establish connections. … |
| CVE-2025-54807 | CVE-2025-54807 CVSS 9.8 | The secret used for validating authentication tokens is hardcoded in device firmware for affected versions. An attacker who obtains the signing key can bypas… |
| CVE-2025-54802 | CVE-2025-54802 CVSS 9.8 | pyLoad is the free and open-source Download Manager written in pure Python. In versions 0.5.0b3.dev89 and below, there is an opportunity for path traversal in … |
| CVE-2025-54795 | CVE-2025-54795 CVSS 9.8 | Claude Code is an agentic coding tool. In versions below 1.0.20, an error in command parsing makes it possible to bypass the Claude Code confirmation prompt to… |
| CVE-2025-54794 | CVE-2025-54794 CVSS 9.1 | Claude Code is an agentic coding tool. In versions below 0.2.111, a path validation flaw using prefix matching instead of canonical path comparison, makes it p… |
| CVE-2025-54762 | CVE-2025-54762 CVSS 9.8 | SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) allows a remote unauthenticated attacker to upload arbitrary files and execute OS commands wi… |
| CVE-2025-54738 | CVE-2025-54738 CVSS 9.8 | Authentication Bypass Using an Alternate Path or Channel vulnerability in NooTheme Jobmonster noo-jobmonster allows Authentication Abuse.This issue affects Job… |
| CVE-2025-54726 | CVE-2025-54726 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Miguel Useche JS Archive List jquery-archive-list-widget … |
| CVE-2025-54725 | CVE-2025-54725 CVSS 9.8 | Authentication Bypass Using an Alternate Path or Channel vulnerability in uxper Golo golo allows Authentication Abuse.This issue affects Golo: from n/a through… |
| CVE-2025-54723 | CVE-2025-54723 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in BoldThemes DentiCare denticare allows Object Injection.This issue affects DentiCare: from n/a through < 1.4.… |
| CVE-2025-54720 | CVE-2025-54720 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SteelThemes Nest Addons nest-addons allows SQL Injection.… |
| CVE-2025-54713 | CVE-2025-54713 CVSS 9.8 | Authentication Bypass Using an Alternate Path or Channel vulnerability in magepeopleteam Taxi Booking Manager for WooCommerce ecab-taxi-booking-manager allows … |
| CVE-2025-54707 | CVE-2025-54707 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter a… |
| CVE-2025-54701 | CVE-2025-54701 CVSS 9.8 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Unicamp unicamp allows PHP L… |
| CVE-2025-54700 | CVE-2025-54700 CVSS 9.8 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Makeaholic makeaholic allows… |
| CVE-2025-54693 | CVE-2025-54693 CVSS 9.0 | Unrestricted Upload of File with Dangerous Type vulnerability in epiphyt Form Block form-block allows Upload a Web Shell to a Web Server.This issue affects For… |
| CVE-2025-54686 | CVE-2025-54686 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in scriptsbundle Exertio exertio allows Object Injection.This issue affects Exertio: from n/a through <= 1.3.2. |
| CVE-2025-54678 | CVE-2025-54678 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows… |
| CVE-2025-54669 | CVE-2025-54669 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RomanCode MapSVG mapsvg allows SQL Injection.This issue a… |
| CVE-2025-54617 | CVE-2025-54617 CVSS 9.8 | Stack-based buffer overflow vulnerability in the dms_fwk module. Impact: Successful exploitation of this vulnerability can cause RCE. |
| CVE-2025-54594 | CVE-2025-54594 CVSS 9.1 | react-native-bottom-tabs is a library of Native Bottom Tabs for React Native. In versions 0.9.2 and below, the github/workflows/release-canary.yml GitHub Actio… |
| CVE-2025-54592 | CVE-2025-54592 CVSS 9.8 | FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below do not properly terminate the session during logout. After a user logs out, the ses… |
| CVE-2025-54576 | CVE-2025-54576 CVSS 9.1 | OAuth2-Proxy is an open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into existing reverse proxy or load … |
| CVE-2025-54574 | CVE-2025-54574 CVSS 9.8 | Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when p… |
| CVE-2025-54539 | CVE-2025-54539 CVSS 9.8 | A Deserialization of Untrusted Data vulnerability exists in the Apache ActiveMQ NMS AMQP Client. This issue affects all versions of Apache ActiveMQ NMS AMQP u… |
| CVE-2025-54531 | CVE-2025-54531 CVSS 9.4 | In JetBrains TeamCity before 2025.07 path traversal was possible via plugin unpacking on Windows |
| CVE-2025-54530 | CVE-2025-54530 CVSS 9.8 | In JetBrains TeamCity before 2025.07 privilege escalation was possible due to incorrect directory permissions |
| CVE-2025-54494 | CVE-2025-54494 CVSS 9.8 | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A spec… |
| CVE-2025-54493 | CVE-2025-54493 CVSS 9.8 | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A spec… |
| CVE-2025-54492 | CVE-2025-54492 CVSS 9.8 | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A spec… |
| CVE-2025-54491 | CVE-2025-54491 CVSS 9.8 | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A spec… |
| CVE-2025-54490 | CVE-2025-54490 CVSS 9.8 | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A spec… |
| CVE-2025-54489 | CVE-2025-54489 CVSS 9.8 | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A spec… |
| CVE-2025-54488 | CVE-2025-54488 CVSS 9.8 | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A spec… |
| CVE-2025-54487 | CVE-2025-54487 CVSS 9.8 | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A spec… |
| CVE-2025-54486 | CVE-2025-54486 CVSS 9.8 | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A spec… |