32,086 indexed
CVECVE vulnerabilities
32,086 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 4,401–4,450 of 8,314 in Critical · page 89 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-54328 | CVE-2025-54328 CVSS 10.0 | An issue was discovered in SMS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400,… |
| CVE-2025-54322 | CVE-2025-54322 CVSS 9.8 | Xspeeder SXZOS through 2025-12-26 allows root remote code execution via base64-encoded Python code in the chkid parameter to vLogin.py. The title and oIP param… |
| CVE-2025-54321 | CVE-2025-54321 CVSS 9.8 | In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the reset password function, leading to an email bombing vulnerability. An authentica… |
| CVE-2025-5432 | CVE-2025-5432 CVSS 9.8 | A vulnerability has been found in AssamLook CMS 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /view_te… |
| CVE-2025-54309 | CrushFTP Unprotected Alternate Channel Vulnerability KEVCVSS 9.8CrushFTP | CrushFTP contains an unprotected alternate channel vulnerability. When the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows rem… |
| CVE-2025-54304 | CVE-2025-54304 CVSS 9.8 | An issue was discovered on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. When they are powered on, an X11 display server is started. The display ser… |
| CVE-2025-54303 | CVE-2025-54303 CVSS 9.8 | The Thermo Fisher Torrent Suite Django application 5.18.1 has weak default credentials, which are stored as fixtures for the Django ORM API. The ionadmin user … |
| CVE-2025-5430 | CVE-2025-5430 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in AssamLook CMS 1.0. This issue affects some unknown processing of the file /product.php. Th… |
| CVE-2025-54261 | CVE-2025-54261 CVSS 10.0 | ColdFusion versions 2025.3, 2023.15, 2021.21 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vuln… |
| CVE-2025-54253 | Adobe Experience Manager Forms Code Execution Vulnerability KEVCVSS 10.0Adobe | Adobe Experience Manager Forms in JEE contains an unspecified vulnerability that allows for arbitrary code execution. |
| CVE-2025-54236 | Adobe Commerce and Magento Improper Input Validation Vulnerability KEVCVSS 9.1Adobe | Adobe Commerce and Magento Open Source contain an improper input validation vulnerability that could allow an attacker to take over customer accounts through t… |
| CVE-2025-54145 | CVE-2025-54145 CVSS 9.1 | The QR scanner could allow arbitrary websites to be opened if a user was tricked into scanning a malicious link that leveraged Firefox's open-text URL scheme. … |
| CVE-2025-54143 | CVE-2025-54143 CVSS 9.8 | Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page. This vu… |
| CVE-2025-54135 | CVE-2025-54135 CVSS 9.8 | Cursor is a code editor built for programming with AI. Cursor allows writing in-workspace files with no user approval in versions below 1.3.9, If the file is a… |
| CVE-2025-54133 | CVE-2025-54133 CVSS 9.6 | Cursor is a code editor built for programming with AI. In versions 1.17 through 1.2, there is a UI information disclosure vulnerability in Cursor's MCP (Model … |
| CVE-2025-54130 | CVE-2025-54130 CVSS 9.8 | Cursor is a code editor built for programming with AI. Cursor allows writing in-workspace files with no user approval in versions less than 1.3.9. If the file … |
| CVE-2025-54127 | CVE-2025-54127 CVSS 9.8 | HAXcms with nodejs backend allows users to start the server in any HAXsite or HAXcms instance. In versions 11.0.6 and below, the NodeJS version of HAXcms uses … |
| CVE-2025-54123 | CVE-2025-54123 CVSS 9.8 | Hoverfly is an open source API simulation tool. In versions 1.11.3 and prior, the middleware functionality in Hoverfly is vulnerable to command injection vulne… |
| CVE-2025-54122 | CVE-2025-54122 CVSS 10.0 | Manager-io/Manager is accounting software. A critical unauthenticated full read Server-Side Request Forgery (SSRF) vulnerability has been identified in the pro… |
| CVE-2025-54119 | CVE-2025-54119 CVSS 10.0 | ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. In versions 5.22.9 and below, improper escaping… |
| CVE-2025-5409 | CVE-2025-5409 CVSS 9.8 | A vulnerability was found in Mist Community Edition up to 4.7.1. It has been classified as critical. This affects the function create_token of the file src/mis… |
| CVE-2025-5408 | CVE-2025-5408 CVSS 9.8 | A vulnerability was found in WAVLINK QUANTUM D2G, QUANTUM D3G, WL-WN530G3A, WL-WN530HG3, WL-WN532A3 and WL-WN576K1 up to V1410_240222 and classified as critica… |
| CVE-2025-54074 | CVE-2025-54074 CVSS 9.8 | Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.2.5 to 1.5.1, Cherry Studio is vulnerable to OS Command Injection d… |
| CVE-2025-54068 | Laravel Livewire Code Injection Vulnerability KEVCVSS 9.8Laravel | Laravel Livewire contain a code injection vulnerability that could allow unauthenticated attackers to achieve remote command execution in specific scenarios. |
| CVE-2025-54063 | CVE-2025-54063 CVSS 9.6 | Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.4.8 to 1.5.0, there is a one-click remote code execution vulnerabil… |
| CVE-2025-54049 | CVE-2025-54049 CVSS 9.9 | Incorrect Privilege Assignment vulnerability in miniOrange Custom API for WP custom-api-for-wp allows Privilege Escalation.This issue affects Custom API for WP… |
| CVE-2025-54048 | CVE-2025-54048 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in miniOrange Custom API for WP custom-api-for-wp allows SQL… |
| CVE-2025-5402 | CVE-2025-5402 CVSS 9.8 | A vulnerability was found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. It has been rated as critical. Affected by this issue is so… |
| CVE-2025-54014 | CVE-2025-54014 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in QuanticaLabs MediCenter - Health Medical Clinic medicenter allows Object Injection.This issue affects MediCe… |
| CVE-2025-54010 | CVE-2025-54010 CVSS 9.6 | Cross-Site Request Forgery (CSRF) vulnerability in Shahjahan Jewel FluentSnippets easy-code-manager allows Cross Site Request Forgery.This issue affects Fluent… |
| CVE-2025-5401 | CVE-2025-5401 CVSS 9.8 | A vulnerability was found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. It has been declared as critical. Affected by this vulnerab… |
| CVE-2025-54001 | CVE-2025-54001 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in ThemeREX Classter classter allows Object Injection.This issue affects Classter: from n/a through <= 2.5. |
| CVE-2025-5400 | CVE-2025-5400 CVSS 9.8 | A vulnerability was found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. It has been classified as critical. Affected is an unknown … |
| CVE-2025-53970 | CVE-2025-53970 CVSS 9.8 | SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) allows a remote unauthenticated attacker to upload arbitrary files and execute OS commands wi… |
| CVE-2025-5397 | CVE-2025-5397 CVSS 9.8 | The Noo JobMonster theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.8.1. This is due to the check_login() fun… |
| CVE-2025-53964 | CVE-2025-53964 CVSS 9.6 | GoldenDict 1.5.0 and 1.5.1 has an exposed dangerous method that allows reading and modifying files when a user adds a crafted dictionary and then searches for … |
| CVE-2025-53963 | CVE-2025-53963 CVSS 9.8 | An issue was discovered on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. They run an SSH server accessible over the default port 22. The root accoun… |
| CVE-2025-5396 | CVE-2025-5396 CVSS 9.8 | The Bears Backup plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.0. This is due to the bbackup_ajax_handl… |
| CVE-2025-5394 | CVE-2025-5394 CVSS 9.8 | The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on th… |
| CVE-2025-53937 | CVE-2025-53937 CVSS 9.8 | WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the `/… |
| CVE-2025-5393 | CVE-2025-5393 CVSS 9.1 | The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validati… |
| CVE-2025-53928 | CVE-2025-53928 CVSS 9.8 | MaxKB is an open-source AI assistant for enterprise. Prior to versions 1.10.9-lts and 2.0.0, a Remote Command Execution vulnerability exists in the MCP call. V… |
| CVE-2025-5392 | CVE-2025-5392 CVSS 9.8 | The GB Forms DB plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.2 via the gbfdb_talk_to_front() function.… |
| CVE-2025-5390 | CVE-2025-5390 CVSS 9.8 | A vulnerability, which was classified as critical, was found in JeeWMS up to 20250504. This affects the function filedeal of the file /systemController/filedea… |
| CVE-2025-53890 | CVE-2025-53890 CVSS 9.8 | pyload is an open-source Download Manager written in pure Python. An unsafe JavaScript evaluation vulnerability in pyLoad’s CAPTCHA processing code allows unau… |
| CVE-2025-5389 | CVE-2025-5389 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in JeeWMS up to 20250504. Affected by this issue is the function dogenerateOne2Many of the fi… |
| CVE-2025-53888 | CVE-2025-53888 CVSS 9.8 | RIOT-OS, an operating system that supports Internet of Things devices, has an ineffective size check implemented with `assert()` can lead to buffer overflow in… |
| CVE-2025-5388 | CVE-2025-5388 CVSS 9.8 | A vulnerability classified as critical was found in JeeWMS up to 20250504. Affected by this vulnerability is the function dogenerate of the file /generateContr… |
| CVE-2025-5387 | CVE-2025-5387 CVSS 9.8 | A vulnerability classified as critical has been found in JeeWMS up to 20250504. Affected is the function dogenerate of the file /generateController.do?dogenera… |
| CVE-2025-53867 | CVE-2025-53867 CVSS 9.8 | Island Lake WebBatch before 2025C allows Remote Code Execution via a crafted URL. |