32,086 indexed
CVECVE vulnerabilities
32,086 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 4,501–4,550 of 8,314 in Critical · page 91 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-53511 | CVE-2025-53511 CVSS 9.8 | A heap-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A speci… |
| CVE-2025-53499 | CVE-2025-53499 CVSS 9.1 | Missing Authorization vulnerability in Wikimedia Foundation Mediawiki - AbuseFilter Extension allows Unauthorized Access.This issue affects Mediawiki - AbuseFi… |
| CVE-2025-53495 | CVE-2025-53495 CVSS 9.1 | Missing Authorization vulnerability in Wikimedia Foundation Mediawiki - AbuseFilter Extension allows Unauthorized Access.This issue affects Mediawiki - AbuseFi… |
| CVE-2025-53484 | CVE-2025-53484 CVSS 9.8 | User-controlled inputs are improperly escaped in: * VotePage.php (poll option input) * ResultPage::getPagesTab() and getErrorsTab() (user-contro… |
| CVE-2025-53433 | CVE-2025-53433 CVSS 9.8 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes EasyEat easyeat allows PH… |
| CVE-2025-53391 | CVE-2025-53391 CVSS 9.3 | The Debian zuluPolkit/CMakeLists.txt file for zuluCrypt through the zulucrypt_6.2.0-1 package has insecure PolicyKit allow_any/allow_inactive/allow_active sett… |
| CVE-2025-53378 | CVE-2025-53378 CVSS 9.8 | A missing authentication vulnerability in Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an unauthenticated attacker to rem… |
| CVE-2025-53371 | CVE-2025-53371 CVSS 9.1 | DiscordNotifications is an extension for MediaWiki that sends notifications of actions in your Wiki to a Discord channel. DiscordNotifications allows sending r… |
| CVE-2025-5332 | CVE-2025-5332 CVSS 9.8 | A vulnerability was found in 1000 Projects Online Notice Board 1.0 and classified as critical. This issue affects some unknown processing of the file /index.ph… |
| CVE-2025-53314 | CVE-2025-53314 CVSS 9.6 | Cross-Site Request Forgery (CSRF) vulnerability in sh1zen WP Optimizer wp-optimizer allows SQL Injection.This issue affects WP Optimizer: from n/a through <= 2… |
| CVE-2025-5331 | CVE-2025-5331 CVSS 9.8 | A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as critical. This vulnerability affects unknown code of the component NLST Command Hand… |
| CVE-2025-5330 | CVE-2025-5330 CVSS 9.8 | A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. This affects an unknown part of the component RETR Command Handler. T… |
| CVE-2025-53299 | CVE-2025-53299 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in ThemeMakers ThemeMakers Visual Content Composer tmm_content_composer allows Object Injection.This issue affe… |
| CVE-2025-5329 | CVE-2025-5329 CVSS 9.8 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Martcode Software Inc. Delta Course Automation allows SQL… |
| CVE-2025-53283 | CVE-2025-53283 CVSS 10.0 | Unrestricted Upload of File with Dangerous Type vulnerability in borisolhor Drop Uploader for CF7 - Drag&Drop File Uploader Addon drop-uploader-for-contact-for… |
| CVE-2025-53260 | CVE-2025-53260 CVSS 9.1 | Unrestricted Upload of File with Dangerous Type vulnerability in getredhawkstudio File Manager Plugin For Wordpress file-manager-plugin-for-wordpress allows Up… |
| CVE-2025-53251 | CVE-2025-53251 CVSS 9.9 | Unrestricted Upload of File with Dangerous Type vulnerability in An-Themes Pin WP pin-wp allows Upload a Web Shell to a Web Server.This issue affects Pin WP: f… |
| CVE-2025-5325 | CVE-2025-5325 CVSS 9.8 | A vulnerability has been found in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0 and classified as critical. Affected by this vulnerabi… |
| CVE-2025-53242 | CVE-2025-53242 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in VictorThemes Seil seil allows Object Injection.This issue affects Seil: from n/a through <= 1.7.1. |
| CVE-2025-53213 | CVE-2025-53213 CVSS 9.9 | Unrestricted Upload of File with Dangerous Type vulnerability in ELEXtensions ReachShip WooCommerce Multi-Carrier & Conditional Shipping elex-reachship-multi-c… |
| CVE-2025-5321 | CVE-2025-5321 CVSS 9.9 | A vulnerability classified as critical was found in aimhubio aim up to 3.29.1. This vulnerability affects the function RestrictedPythonQuery of the file /aim/s… |
| CVE-2025-5319 | CVE-2025-5319 CVSS 9.8 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Emit Informatics and Communication Technologies Industry … |
| CVE-2025-53187 | CVE-2025-53187 CVSS 9.8 | Due to an issue in configuration, code that was intended for debugging purposes was included in the market release of the ASPECT FW allowing an attacker to byp… |
| CVE-2025-53120 | CVE-2025-53120 CVSS 9.4 | A path traversal vulnerability in unauthenticated upload functionality allows a malicious actor to upload binaries and scripts to the server’s configuration an… |
| CVE-2025-53118 | CVE-2025-53118 CVSS 9.8 | An authentication bypass vulnerability exists which allows an unauthenticated attacker to control administrator backup functions, leading to compromise of pass… |
| CVE-2025-53104 | CVE-2025-53104 CVSS 9.1 | gluestack-ui is a library of copy-pasteable components & patterns crafted with Tailwind CSS (NativeWind). Prior to commit e6b4271, a command injection vulnerab… |
| CVE-2025-53102 | CVE-2025-53102 CVSS 9.8 | Discourse is an open-source community discussion platform. Prior to version 3.4.7 on the `stable` branch and version 3.5.0.beta.8 on the `tests-passed` branch,… |
| CVE-2025-53101 | CVE-2025-53101 CVSS 9.8 | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `ma… |
| CVE-2025-5310 | CVE-2025-5310 CVSS 9.8 | Dover Fueling Solutions ProGauge MagLink LX Consoles expose an undocumented and unauthenticated target communication framework (TCF) interface on a specific po… |
| CVE-2025-53091 | CVE-2025-53091 CVSS 9.8 | WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Time-Based Blind SQL Injection vulnerability was dis… |
| CVE-2025-5309 | CVE-2025-5309 CVSS 9.8 | The chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a Server-Side Template Injection vulnerability which can lead t… |
| CVE-2025-53082 | CVE-2025-53082 CVSS 9.1 | An 'Arbitrary File Deletion' in Samsung DMS(Data Management Server) allows attackers to delete arbitrary files from unintended locations on the filesystem. Exp… |
| CVE-2025-53081 | CVE-2025-53081 CVSS 9.1 | An 'Arbitrary File Creation' in Samsung DMS(Data Management Server) allows attackers to create arbitrary files in unintended locations on the filesystem. Explo… |
| CVE-2025-53078 | CVE-2025-53078 CVSS 9.8 | Deserialization of Untrusted Data in Samsung DMS(Data Management Server) allows attackers to execute arbitrary code via write file to system |
| CVE-2025-53076 | CVE-2025-53076 CVSS 9.8 | Improper Input Validation vulnerability in Samsung Open Source rLottie allows Overread Buffers.This issue affects rLottie: V0.2. |
| CVE-2025-53075 | CVE-2025-53075 CVSS 9.8 | Improper Input Validation vulnerability in Samsung Open Source rLottie allows Path Traversal.This issue affects rLottie: V0.2. |
| CVE-2025-53074 | CVE-2025-53074 CVSS 9.1 | Out-of-bounds Read vulnerability in Samsung Open Source rLottie allows Overflow Buffers.This issue affects rLottie: V0.2. |
| CVE-2025-53072 | CVE-2025-53072 CVSS 9.8 | Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.2.… |
| CVE-2025-5306 | CVE-2025-5306 CVSS 9.8 | Improper Neutralization of Special Elements in the Netflow directory field may allow OS command injection. This issue affects Pandora FMS 774 through 778 |
| CVE-2025-5305 | CVE-2025-5305 CVSS 9.8 | The Password Reset with Code for WordPress REST API WordPress plugin before 0.0.17 does not use cryptographically sound algorithms to generate OTP codes, poten… |
| CVE-2025-5304 | CVE-2025-5304 CVSS 9.8 | The PT Project Notebooks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization in the wpnb_pto_new_users_add() function in ve… |
| CVE-2025-53037 | CVE-2025-53037 CVSS 9.8 | Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). … |
| CVE-2025-53014 | CVE-2025-53014 CVSS 9.8 | ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overf… |
| CVE-2025-53006 | CVE-2025-53006 CVSS 9.8 | DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, in both PostgreSQL and Redshift, apart from parameters … |
| CVE-2025-53005 | CVE-2025-53005 CVSS 9.8 | DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's PostgreSQ… |
| CVE-2025-53004 | CVE-2025-53004 CVSS 9.8 | DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's Redshift … |
| CVE-2025-53002 | CVE-2025-53002 CVSS 9.8 | LLaMA-Factory is a tuning library for large language models. A remote code execution vulnerability was discovered in LLaMA-Factory versions up to and including… |
| CVE-2025-52998 | CVE-2025-52998 CVSS 9.8 | Chamilo is a learning management system. Prior to version 1.11.30, in the application, deserialization of data is performed, the data can be spoofed. An attack… |
| CVE-2025-5298 | CVE-2025-5298 CVSS 9.8 | A vulnerability, which was classified as critical, was found in Campcodes Online Hospital Management System 1.0. Affected is an unknown function of the file /a… |
| CVE-2025-52950 | CVE-2025-52950 CVSS 9.6 | A Missing Authorization vulnerability in Juniper Networks Security Director allows an unauthenticated network-based attacker to read or tamper with multiple se… |