31,594 indexed
CVECVE vulnerabilities
31,594 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 4,351–4,400 of 8,314 in Critical · page 88 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-54485 | CVE-2025-54485 CVSS 9.8 | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A spec… |
| CVE-2025-54484 | CVE-2025-54484 CVSS 9.8 | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A spec… |
| CVE-2025-54483 | CVE-2025-54483 CVSS 9.8 | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A spec… |
| CVE-2025-54482 | CVE-2025-54482 CVSS 9.8 | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A spec… |
| CVE-2025-54481 | CVE-2025-54481 CVSS 9.8 | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A spec… |
| CVE-2025-54480 | CVE-2025-54480 CVSS 9.8 | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A spec… |
| CVE-2025-5447 | CVE-2025-5447 CVSS 9.8 | A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been dec… |
| CVE-2025-54469 | CVE-2025-54469 CVSS 9.9 | A vulnerability was identified in NeuVector, where the enforcer used environment variables CLUSTER_RPC_PORT and CLUSTER_LAN_PORT to generate a command to be ex… |
| CVE-2025-54466 | CVE-2025-54466 CVSS 9.8 | Improper Control of Generation of Code ('Code Injection') vulnerability leading to a possible RCE in Apache OFBiz scrum plugin. This issue affects Apache OFBi… |
| CVE-2025-54462 | CVE-2025-54462 CVSS 9.8 | A heap-based buffer overflow vulnerability exists in the Nex parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specia… |
| CVE-2025-5446 | CVE-2025-5446 CVSS 9.8 | A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been cla… |
| CVE-2025-54455 | CVE-2025-54455 CVSS 9.8 | Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects MagicINFO 9 Server: less … |
| CVE-2025-54454 | CVE-2025-54454 CVSS 9.8 | Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects MagicINFO 9 Server: less … |
| CVE-2025-54453 | CVE-2025-54453 CVSS 9.8 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.Th… |
| CVE-2025-54452 | CVE-2025-54452 CVSS 9.8 | Improper Authentication vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects MagicINFO 9 Server: less than 2… |
| CVE-2025-54451 | CVE-2025-54451 CVSS 9.8 | Improper Control of Generation of Code ('Code Injection') vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects Magi… |
| CVE-2025-54450 | CVE-2025-54450 CVSS 9.8 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.Th… |
| CVE-2025-5445 | CVE-2025-5445 CVSS 9.8 | A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 and classified a… |
| CVE-2025-54449 | CVE-2025-54449 CVSS 9.8 | Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Se… |
| CVE-2025-54448 | CVE-2025-54448 CVSS 9.8 | Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Se… |
| CVE-2025-54447 | CVE-2025-54447 CVSS 9.8 | Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Se… |
| CVE-2025-54446 | CVE-2025-54446 CVSS 9.8 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Upload a Web Shel… |
| CVE-2025-54445 | CVE-2025-54445 CVSS 9.8 | Improper Restriction of XML External Entity Reference vulnerability in Samsung Electronics MagicINFO 9 Server allows Server Side Request Forgery.This issue aff… |
| CVE-2025-54444 | CVE-2025-54444 CVSS 9.8 | Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Se… |
| CVE-2025-54443 | CVE-2025-54443 CVSS 9.8 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Upload a Web Shel… |
| CVE-2025-54442 | CVE-2025-54442 CVSS 9.8 | Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Se… |
| CVE-2025-54440 | CVE-2025-54440 CVSS 9.8 | Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Se… |
| CVE-2025-5444 | CVE-2025-5444 CVSS 9.8 | A vulnerability has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 and classif… |
| CVE-2025-54438 | CVE-2025-54438 CVSS 9.8 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Upload a Web Shel… |
| CVE-2025-54430 | CVE-2025-54430 CVSS 9.1 | dedupe is a python library that uses machine learning to perform fuzzy matching, deduplication and entity resolution quickly on structured data. Before commit … |
| CVE-2025-5443 | CVE-2025-5443 CVSS 9.8 | A vulnerability, which was classified as critical, was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1… |
| CVE-2025-54428 | CVE-2025-54428 CVSS 9.8 | RevelaCode is an AI-powered faith-tech project that decodes biblical verses, prophecies and global events into accessible language. In versions below 1.0.1, a … |
| CVE-2025-54424 | CVE-2025-54424 CVSS 9.8 | 1Panel is a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on a Linux server. In versions 2.0.5 and below, the HTTP… |
| CVE-2025-5442 | CVE-2025-5442 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.00… |
| CVE-2025-54419 | CVE-2025-54419 CVSS 10.0 | A SAML library not dependent on any frameworks that runs in Node. In version 5.0.1, Node-SAML loads the assertion from the (unsigned) original response documen… |
| CVE-2025-54418 | CVE-2025-54418 CVSS 9.8 | CodeIgniter is a PHP full-stack web framework. A command injection vulnerability present in versions prior to 4.6.2 affects applications that use the ImageMagi… |
| CVE-2025-54416 | CVE-2025-54416 CVSS 9.1 | tj-actions/branch-names is a Github actions repository that contains workflows to retrieve branch or tag names with support for all events. In versions 8.2.1 a… |
| CVE-2025-5441 | CVE-2025-5441 CVSS 9.8 | A vulnerability classified as critical was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.… |
| CVE-2025-54391 | CVE-2025-54391 CVSS 9.1 | A vulnerability in the EnableTwoFactorAuthRequest SOAP endpoint of Zimbra Collaboration (ZCS) allows an attacker with valid user credentials to bypass Two-Fact… |
| CVE-2025-54387 | CVE-2025-54387 CVSS 9.8 | IPX is an image optimizer powered by sharp and svgo. In versions 1.3.1 and below, 2.0.0-0 through 2.1.0, and 3.0.0 through 3.1.0, the approach used to check wh… |
| CVE-2025-54386 | CVE-2025-54386 CVSS 9.8 | Traefik is an HTTP reverse proxy and load balancer. In versions 2.11.27 and below, 3.0.0 through 3.4.4 and 3.5.0-rc1, a path traversal vulnerability was discov… |
| CVE-2025-54385 | CVE-2025-54385 CVSS 9.8 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions between 17.0.0-rc1 to 17.2.2 and versions … |
| CVE-2025-54381 | CVE-2025-54381 CVSS 9.9 | BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.0 until 1.4.19, the file upload proc… |
| CVE-2025-54379 | CVE-2025-54379 CVSS 9.8 | LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. In versions before 2.2.1, there i… |
| CVE-2025-54351 | CVE-2025-54351 CVSS 10.0 | In iperf before 3.19.1, net.c has a buffer overflow when --skip-rx-copy is used (for MSG_TRUNC in recv). |
| CVE-2025-54349 | CVE-2025-54349 CVSS 10.0 | In iperf before 3.19.1, iperf_auth.c has an off-by-one error and resultant heap-based buffer overflow. |
| CVE-2025-54347 | CVE-2025-54347 CVSS 9.9 | A Directory Traversal vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to writ… |
| CVE-2025-54343 | CVE-2025-54343 CVSS 9.6 | An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 exploitable remotely for E… |
| CVE-2025-54339 | CVE-2025-54339 CVSS 10.0 | An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 exploitable remotely for E… |
| CVE-2025-54336 | CVE-2025-54336 CVSS 9.8 | In Plesk Obsidian 18.0.70, _isAdminPasswordValid uses an == comparison. Thus, if the correct password is "0e" followed by any digit string, then an attacker ca… |