32,086 indexed
CVECVE vulnerabilities
32,086 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 4,601–4,650 of 8,314 in Critical · page 93 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-52480 | CVE-2025-52480 CVSS 9.8 | Registrator is a GitHub app that automates creation of registration pull requests for julia packages to the General registry. Prior to version 1.9.5, if the cl… |
| CVE-2025-5248 | CVE-2025-5248 CVSS 9.8 | A vulnerability, which was classified as critical, was found in PHPGurukul Company Visitor Management System 1.0. Affected is an unknown function of the file /… |
| CVE-2025-52474 | CVE-2025-52474 CVSS 9.8 | WeGIA is a web manager for charitable institutions. Prior to version 3.4.2, a SQL Injection vulnerability was identified in the id parameter of the /WeGIA/cont… |
| CVE-2025-52471 | CVE-2025-52471 CVSS 9.8 | ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. An integer underflow vulnerability has been identified in the ESP-NOW protocol impleme… |
| CVE-2025-52467 | CVE-2025-52467 CVSS 9.1 | pgai is a Python library that transforms PostgreSQL into a retrieval engine for RAG and Agentic applications. Prior to commit 8eb3567, the pgai repository was … |
| CVE-2025-52461 | CVE-2025-52461 CVSS 9.1 | An out-of-bounds read vulnerability exists in the Nex parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially cra… |
| CVE-2025-5246 | CVE-2025-5246 CVSS 9.8 | A vulnerability classified as critical was found in Campcodes Online Hospital Management System 1.0. This vulnerability affects unknown code of the file /hms/a… |
| CVE-2025-52436 | CVE-2025-52436 CVSS 9.6 | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 thr… |
| CVE-2025-5243 | CVE-2025-5243 CVSS 10.0 | Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SM… |
| CVE-2025-52425 | CVE-2025-52425 CVSS 9.8 | An SQL injection vulnerability has been reported to affect QuMagie. A remote attacker can exploit the vulnerability to execute unauthorized code or commands. … |
| CVE-2025-52410 | CVE-2025-52410 CVSS 9.8 | Institute-of-Current-Students v1.0 contains a time-based blind SQL injection vulnerability in the mydetailsstudent.php endpoint. The `myds` GET parameter is no… |
| CVE-2025-52395 | CVE-2025-52395 CVSS 9.8 | An issue in Roadcute API v.1 allows a remote attacker to execute arbitrary code via the application exposing a password reset API endpoint that fails to valida… |
| CVE-2025-52390 | CVE-2025-52390 CVSS 9.1 | Saurus CMS Community Edition since commit d886e5b0 (2010-04-23) is vulnerable to a SQL Injection vulnerability in the `prepareSearchQuery()` method in `Fulltex… |
| CVE-2025-52385 | CVE-2025-52385 CVSS 9.8 | An issue in Studio 3T v.2025.1.0 and before allows a remote attacker to execute arbitrary code via a crafted payload to the child_process module |
| CVE-2025-52376 | CVE-2025-52376 CVSS 9.8 | An authentication bypass vulnerability in the /web/um_open_telnet.cgi endpoint in Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below, allowing an… |
| CVE-2025-52362 | CVE-2025-52362 CVSS 9.1 | Server-Side Request Forgery (SSRF) vulnerability exists in the URL processing functionality of PHProxy version 1.1.1 and prior. The input validation for the _p… |
| CVE-2025-52353 | CVE-2025-52353 CVSS 9.8 | An arbitrary code execution vulnerability in Badaso CMS 2.9.11. The Media Manager allows authenticated users to upload files containing embedded PHP code via t… |
| CVE-2025-52352 | CVE-2025-52352 CVSS 9.8 | Aikaan IoT management platform v3.25.0325-5-g2e9c59796 provides a configuration to disable user sign-up in distributed deployments by hiding the sign-up option… |
| CVE-2025-5231 | CVE-2025-5231 CVSS 9.8 | A vulnerability classified as critical was found in PHPGurukul Company Visitor Management System 1.0. This vulnerability affects unknown code of the file /forg… |
| CVE-2025-5230 | CVE-2025-5230 CVSS 9.8 | A vulnerability classified as critical has been found in PHPGurukul Online Nurse Hiring System 1.0. This affects an unknown part of the file /admin/bwdates-rep… |
| CVE-2025-5229 | CVE-2025-5229 CVSS 9.8 | A vulnerability was found in Campcodes Online Hospital Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionali… |
| CVE-2025-5225 | CVE-2025-5225 CVSS 9.8 | A vulnerability, which was classified as critical, was found in Campcodes Advanced Online Voting System 1.0. This affects an unknown part of the file /index.ph… |
| CVE-2025-5224 | CVE-2025-5224 CVSS 9.8 | A vulnerability classified as critical has been found in Campcodes Online Hospital Management System 1.0. Affected is an unknown function of the file /admin/ad… |
| CVE-2025-52239 | CVE-2025-52239 CVSS 9.8 | An arbitrary file upload vulnerability in ZKEACMS v4.1 allows attackers to execute arbitrary code via a crafted file. |
| CVE-2025-52221 | CVE-2025-52221 CVSS 9.8 | Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetCfm function via the funcname, funcpara1, and funcpara2 parameters. |
| CVE-2025-5221 | CVE-2025-5221 CVSS 9.8 | A vulnerability was found in FreeFloat FTP Server 1.0.0. It has been classified as critical. This affects an unknown part of the component QUOTE Command Handle… |
| CVE-2025-52207 | CVE-2025-52207 CVSS 9.9 | PBXCoreREST/Controllers/Files/PostController.php in MikoPBX through 2024.1.114 allows uploading a PHP script to an arbitrary directory. |
| CVE-2025-5220 | CVE-2025-5220 CVSS 9.8 | A vulnerability was found in FreeFloat FTP Server 1.0.0 and classified as critical. Affected by this issue is some unknown functionality of the component GET C… |
| CVE-2025-5219 | CVE-2025-5219 CVSS 9.8 | A vulnerability has been found in FreeFloat FTP Server 1.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the comp… |
| CVE-2025-5218 | CVE-2025-5218 CVSS 9.8 | A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0.0. Affected is an unknown function of the component LITERAL Command Ha… |
| CVE-2025-5217 | CVE-2025-5217 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0.0. This issue affects some unknown processing of the component RM… |
| CVE-2025-52161 | CVE-2025-52161 CVSS 9.8 | Scholl Communications AG Weblication CMS Core v019.004.000.000 was discovered to contain a cross-site scripting (XSS) vulnerability. |
| CVE-2025-5216 | CVE-2025-5216 CVSS 9.8 | A vulnerability classified as critical was found in PHPGurukul Student Record System 3.20. This vulnerability affects unknown code of the file /login.php. The … |
| CVE-2025-5215 | CVE-2025-5215 CVSS 9.8 | A vulnerability classified as critical has been found in D-Link DCS-5020L 1.01_B2. This affects the function websReadEvent of the file /rame/ptdc.cgi. The mani… |
| CVE-2025-5214 | CVE-2025-5214 CVSS 9.8 | A vulnerability was found in Kashipara Responsive Online Learing Platform 1.0. It has been rated as critical. Affected by this issue is some unknown functional… |
| CVE-2025-5213 | CVE-2025-5213 CVSS 9.8 | A vulnerability was found in projectworlds Responsive E-Learning System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown fun… |
| CVE-2025-52122 | CVE-2025-52122 CVSS 9.8 | Freeform 5.0.0 to before 5.10.16, a plugin for CraftCMS, contains an Server-side template injection (SSTI) vulnerability, resulting in arbitrary code injection… |
| CVE-2025-5212 | CVE-2025-5212 CVSS 9.8 | A vulnerability was found in PHPGurukul Employee Record Management System 1.3. It has been classified as critical. Affected is an unknown function of the file … |
| CVE-2025-5211 | CVE-2025-5211 CVSS 9.8 | A vulnerability was found in PHPGurukul Employee Record Management System 1.3 and classified as critical. This issue affects some unknown processing of the fil… |
| CVE-2025-52101 | CVE-2025-52101 CVSS 9.8 | linjiashop <=0.9 is vulnerable to Incorrect Access Control. When using the default-generated JWT authentication, attackers can bypass the authentication and re… |
| CVE-2025-5210 | CVE-2025-5210 CVSS 9.8 | A vulnerability has been found in PHPGurukul Employee Record Management System 1.3 and classified as critical. This vulnerability affects unknown code of the f… |
| CVE-2025-52095 | CVE-2025-52095 CVSS 9.8 | An issue in PDQ Smart Deploy V.3.0.2040 allows an attacker to escalate privileges via the Credential encryption routines in SDCommon.dll |
| CVE-2025-5208 | CVE-2025-5208 CVSS 9.8 | A vulnerability, which was classified as critical, was found in SourceCodester Online Hospital Management System 1.0. This affects an unknown part of the file … |
| CVE-2025-5207 | CVE-2025-5207 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in SourceCodester Client Database Management System 1.0. Affected by this issue is some unkno… |
| CVE-2025-5206 | CVE-2025-5206 CVSS 9.8 | A vulnerability classified as critical was found in Pixelimity 1.0. Affected by this vulnerability is an unknown functionality of the file /install/index.php o… |
| CVE-2025-52053 | CVE-2025-52053 CVSS 9.8 | TOTOLINK X6000R V9.4.0cu.1360_B20241207 was found to contain a command injection vulnerability in the sub_417D74 function via the file_name parameter. This vul… |
| CVE-2025-5205 | CVE-2025-5205 CVSS 9.8 | A vulnerability classified as critical has been found in 1000 Projects Daily College Class Work Report Book 1.0. Affected is an unknown function of the file /d… |
| CVE-2025-52046 | CVE-2025-52046 CVSS 9.8 | Totolink A3300R V17.0.0cu.596_B20250515 was found to contain a command injection vulnerability in the sub_4197C0 function via the mac and desc parameters. This… |
| CVE-2025-52025 | CVE-2025-52025 CVSS 9.4 | An SQL Injection vulnerability exists in the GetServiceByRestaurantID endpoint of the Aptsys gemscms POS Platform backend thru 2025-05-28. The vulnerability ar… |
| CVE-2025-52024 | CVE-2025-52024 CVSS 9.4 | A vulnerability exists in the Aptsys POS Platform Web Services module thru 2025-05-28, which exposes internal API testing tools to unauthenticated users. By ac… |