32,086 indexed
CVECVE vulnerabilities
32,086 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 4,551–4,600 of 8,314 in Critical · page 92 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-5295 | CVE-2025-5295 CVSS 9.8 | A vulnerability classified as critical was found in FreeFloat FTP Server 1.0.0. This vulnerability affects unknown code of the component PORT Command Handler. … |
| CVE-2025-52921 | CVE-2025-52921 CVSS 9.9 | In Innoshop through 0.4.1, an authenticated attacker could exploit the File Manager functions in the admin panel to achieve code execution on the server, by up… |
| CVE-2025-52913 | CVE-2025-52913 CVSS 9.8 | A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP2 (9.8.2.12) could allow an unauthenticated attacker to conduc… |
| CVE-2025-52910 | CVE-2025-52910 CVSS 9.8 | An issue was discovered in the GPU in Samsung Mobile Processor and Wearable Processor Exynos 1280, 2200, 1330, 1380, 1480, 2400. A Use-After-Free leads to priv… |
| CVE-2025-52909 | CVE-2025-52909 CVSS 9.8 | An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1280, 1330, 1380, 1480, 1580, W920, W930, and W… |
| CVE-2025-52908 | CVE-2025-52908 CVSS 9.8 | An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1280, 1330, 1380, 1480, 1580, W920, W930, and W… |
| CVE-2025-52906 | CVE-2025-52906 CVSS 9.8 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.This is… |
| CVE-2025-5288 | CVE-2025-5288 CVSS 9.8 | The REST API | Custom API Generator For Cross Platform And Import Export In WP plugin for WordPress is vulnerable to Privilege Escalation due to a missing capa… |
| CVE-2025-52856 | CVE-2025-52856 CVSS 9.8 | An improper authentication vulnerability has been reported to affect VioStor. If a remote attacker, they can then exploit the vulnerability to compromise the s… |
| CVE-2025-52836 | CVE-2025-52836 CVSS 9.8 | Incorrect Privilege Assignment vulnerability in Unity Business Technology Pty Ltd The E-Commerce ERP profitori allows Privilege Escalation.This issue affects T… |
| CVE-2025-52835 | CVE-2025-52835 CVSS 9.6 | Cross-Site Request Forgery (CSRF) vulnerability in ConoHa by GMO WING WordPress Migrator wing-migrator allows Upload a Web Shell to a Web Server.This issue aff… |
| CVE-2025-52834 | CVE-2025-52834 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in favethemes Homey homey allows SQL Injection.This issue af… |
| CVE-2025-52833 | CVE-2025-52833 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in designthemes LMS lms allows SQL Injection.This issue affe… |
| CVE-2025-52832 | CVE-2025-52832 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpo-HR NGG Smart Image Search ngg-smart-image-search allo… |
| CVE-2025-52831 | CVE-2025-52831 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in thanhtungtnt Video List Manager video-list-manager allows… |
| CVE-2025-52830 | CVE-2025-52830 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bSecure – Your Universal Checkout bSecure – Your Universa… |
| CVE-2025-52829 | CVE-2025-52829 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in DirectIQ DirectIQ Email Marketing directiq-wp allows SQL … |
| CVE-2025-52816 | CVE-2025-52816 CVSS 9.8 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themehunk Zita zita allows PHP Local F… |
| CVE-2025-52773 | CVE-2025-52773 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in hiecor HieCOR Payment Gateway Plugin hcv4-payment-gateway… |
| CVE-2025-5277 | CVE-2025-5277 CVSS 9.6 | aws-mcp-server MCP server is vulnerable to command injection. An attacker can craft a prompt that once accessed by the MCP client will run arbitrary commands o… |
| CVE-2025-52761 | CVE-2025-52761 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in manfcarlo WP Funnel Manager wp-funnel-manager allows Object Injection.This issue affects WP Funnel Manager: … |
| CVE-2025-52758 | CVE-2025-52758 CVSS 9.1 | Unrestricted Upload of File with Dangerous Type vulnerability in Gesundheit Bewegt GmbH Zippy zippy allows Using Malicious Files.This issue affects Zippy: from… |
| CVE-2025-52725 | CVE-2025-52725 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in pebas CouponXxL couponxxl allows Object Injection.This issue affects CouponXxL: from n/a through <= 3.0.0. |
| CVE-2025-52724 | CVE-2025-52724 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in BoldThemes Amwerk amwerk allows Object Injection.This issue affects Amwerk: from n/a through <= 1.2.0. |
| CVE-2025-52722 | CVE-2025-52722 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoinWebs Classiera classiera allows SQL Injection.This is… |
| CVE-2025-52720 | CVE-2025-52720 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder superstorefinder-wp allows … |
| CVE-2025-52717 | CVE-2025-52717 CVSS 9.8 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in chrisbadgett LifterLMS lifterlms allows SQL Injection.Thi… |
| CVE-2025-52714 | CVE-2025-52714 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler traveler allows SQL Injection.This is… |
| CVE-2025-52694 | CVE-2025-52694 CVSS 9.8 | Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable s… |
| CVE-2025-52691 | SmarterTools SmarterMail Unrestricted Upload of File with Dangerous Type Vulnerability KEVCVSS 10.0SmarterTools | SmarterTools SmarterMail contains an unrestricted upload of file with dangerous type vulnerability that could allow an unauthenticated attacker to upload arbit… |
| CVE-2025-52689 | CVE-2025-52689 CVSS 9.8 | Successful exploitation of the vulnerability could allow an unauthenticated attacker to obtain a valid session ID with administrator privileges by spoofing the… |
| CVE-2025-52688 | CVE-2025-52688 CVSS 9.8 | Successful exploitation of the vulnerability could allow an attacker to inject commands with root privileges on the access point, potentially leading to the lo… |
| CVE-2025-52665 | CVE-2025-52665 CVSS 10.0 | A malicious actor with access to the management network could exploit a misconfiguration in UniFi’s door access application, UniFi Access, that exposed a manag… |
| CVE-2025-52660 | CVE-2025-52660 CVSS 9.8 | HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution … |
| CVE-2025-52648 | CVE-2025-52648 CVSS 9.8 | HCL AION is affected by a vulnerability where offering images are not digitally signed. Lack of image signing may allow the use of unverified or tampered image… |
| CVE-2025-52635 | CVE-2025-52635 CVSS 9.8 | A rusted types in scripts not enforced in CSP vulnerability has been identified in HCL AION.This issue affects AION: 2.0. |
| CVE-2025-52626 | CVE-2025-52626 CVSS 9.8 | A Potential Command Injection vulnerability in HCL AION. An This can allow unintended command execution, potentially leading to unauthorized actions on the … |
| CVE-2025-52618 | CVE-2025-52618 CVSS 9.8 | HCL BigFix SaaS Authentication Service is affected by a SQL injection vulnerability. The vulnerability allows potential attackers to manipulate SQL queries. |
| CVE-2025-52581 | CVE-2025-52581 CVSS 9.8 | An integer overflow vulnerability exists in the GDF parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially craft… |
| CVE-2025-52579 | CVE-2025-52579 CVSS 9.4 | Emerson ValveLink Products store sensitive information in cleartext in memory. The sensitive memory might be saved to disk, stored in a core dump, or remain … |
| CVE-2025-52572 | CVE-2025-52572 CVSS 10.0 | Hikka, a Telegram userbot, has vulnerability affects all users on all versions of Hikka. Two scenarios are possible. 1. Web interface does not have an authenti… |
| CVE-2025-52571 | CVE-2025-52571 CVSS 9.6 | Hikka is a Telegram userbot. A vulnerability affects all users of versions below 1.6.2, including most of the forks. It allows an unauthenticated attacker to g… |
| CVE-2025-52562 | CVE-2025-52562 CVSS 10.0 | Convoy is a KVM server management panel for hosting businesses. In versions 3.9.0-rc3 to before 4.4.1, there is a directory traversal vulnerability in the Loca… |
| CVE-2025-52553 | CVE-2025-52553 CVSS 9.6 | authentik is an open-source identity provider. After authorizing access to a RAC endpoint, authentik creates a token which is used for a single connection and … |
| CVE-2025-52549 | CVE-2025-52549 CVSS 9.8 | E3 Site Supervisor Control (firmware version < 2.31F01) generates the root linux password on each boot. An attacker can generate the root linux password for a … |
| CVE-2025-5252 | CVE-2025-5252 CVSS 9.8 | A vulnerability was found in PHPGurukul News Portal Project 4.1. It has been declared as critical. This vulnerability affects unknown code of the file /admin/e… |
| CVE-2025-5251 | CVE-2025-5251 CVSS 9.8 | A vulnerability was found in PHPGurukul News Portal Project 4.1. It has been classified as critical. This affects an unknown part of the file /admin/edit-subca… |
| CVE-2025-5250 | CVE-2025-5250 CVSS 9.8 | A vulnerability was found in PHPGurukul News Portal Project 4.1 and classified as critical. Affected by this issue is some unknown functionality of the file /a… |
| CVE-2025-5249 | CVE-2025-5249 CVSS 9.8 | A vulnerability has been found in PHPGurukul News Portal Project 4.1 and classified as critical. Affected by this vulnerability is an unknown functionality of … |
| CVE-2025-52483 | CVE-2025-52483 CVSS 9.8 | Registrator is a GitHub app that automates creation of registration pull requests for julia packages to the General registry. Prior to version 1.9.5, if the cl… |