32,086 indexed
CVECVE vulnerabilities
32,086 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 4,651–4,700 of 8,314 in Critical · page 94 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-52021 | CVE-2025-52021 CVSS 9.8 | A SQL Injection vulnerability exists in the edit_product.php file of PuneethReddyHC Online Shopping System Advanced 1.0. The product_id GET parameter is unsafe… |
| CVE-2025-51958 | CVE-2025-51958 CVSS 9.8 | aelsantex runcommand 2014-04-01, a plugin for DokuWiki, allows unauthenticated attackers to execute arbitrary system commands via lib/plugins/runcommand/postac… |
| CVE-2025-5178 | CVE-2025-5178 CVSS 9.8 | A vulnerability classified as critical has been found in Realce Tecnologia Queue Ticket Kiosk up to 20250517. Affected is an unknown function of the file /adm/… |
| CVE-2025-5176 | CVE-2025-5176 CVSS 9.1 | A vulnerability was found in Realce Tecnologia Queue Ticket Kiosk up to 20250517. It has been declared as critical. This vulnerability affects unknown code of … |
| CVE-2025-51746 | CVE-2025-51746 CVSS 9.8 | An issue was discovered in jishenghua JSH_ERP 2.3.1. The /serialNumber/addSerialNumber endpoint is vulnerable to fastjson deserialization attacks. |
| CVE-2025-51745 | CVE-2025-51745 CVSS 9.8 | An issue was discovered in jishenghua JSH_ERP 2.3.1. The /role/addcan endpoint is vulnerable to fastjson deserialization attacks. |
| CVE-2025-51744 | CVE-2025-51744 CVSS 9.8 | An issue was discovered in jishenghua JSH_ERP 2.3.1. The /user/addUser endpoint is vulnerable to fastjson deserialization attacks. |
| CVE-2025-51743 | CVE-2025-51743 CVSS 9.8 | An issue was discovered in jishenghua JSH_ERP 2.3.1. The /materialCategory/addMaterialCategory endpoint is vulnerable to fastjson deserialization attacks. |
| CVE-2025-51742 | CVE-2025-51742 CVSS 9.8 | An issue was discovered in jishenghua JSH_ERP 2.3.1. The /material/getMaterialEnableSerialNumberList endpoint passes the search query parameter directly to par… |
| CVE-2025-5172 | CVE-2025-5172 CVSS 9.8 | A vulnerability, which was classified as critical, was found in Econtrata up to 20250516. Affected is an unknown function of the file /valida. The manipulation… |
| CVE-2025-5171 | CVE-2025-5171 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in llisoft MTA Maita Training System 4.5. This issue affects the function this.fileService.do… |
| CVE-2025-5170 | CVE-2025-5170 CVSS 9.8 | A vulnerability classified as critical was found in llisoft MTA Maita Training System 4.5. This vulnerability affects the function AdminShitiListRequestVo of t… |
| CVE-2025-51683 | CVE-2025-51683 CVSS 9.8 | A blind SQL Injection (SQLi) vulnerability in mJobtime v15.7.2 allows unauthenticated attackers to execute arbitrary SQL statements via a crafted POST request … |
| CVE-2025-51682 | CVE-2025-51682 CVSS 9.8 | mJobtime 15.7.2 handles authorization on the client side, which allows an attacker to modify the client-side code and gain access to administrative features. A… |
| CVE-2025-51630 | CVE-2025-51630 CVSS 9.8 | TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a buffer overflow via the ePort parameter in the function setIpPortFilterRules. |
| CVE-2025-5162 | CVE-2025-5162 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in H3C SecCenter SMP-E1114P02 up to 20250513. Affected by this issue is some unknown function… |
| CVE-2025-51567 | CVE-2025-51567 CVSS 9.1 | A SQL Injection was found in the /exam/user/profile.php page of kashipara Online Exam System V1.0, which allows remote attackers to execute arbitrary SQL comma… |
| CVE-2025-5156 | CVE-2025-5156 CVSS 9.8 | A vulnerability was found in H3C GR-5400AX up to 100R008 and classified as critical. Affected by this issue is the function EditWlanMacList of the file /routin… |
| CVE-2025-51543 | CVE-2025-51543 CVSS 9.8 | An issue was discovered in Cicool builder 3.4.4 allowing attackers to reset the administrator's password via the /administrator/auth/reset_password endpoint. |
| CVE-2025-51536 | CVE-2025-51536 CVSS 9.8 | Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a hardcoded Administrator password. |
| CVE-2025-51535 | CVE-2025-51535 CVSS 9.1 | Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a SQL injection vulnerability. |
| CVE-2025-51511 | CVE-2025-51511 CVSS 9.8 | Cadmium CMS v.0.4.9 has a background arbitrary file upload vulnerability in /admin/content/filemanager/uploads. |
| CVE-2025-51452 | CVE-2025-51452 CVSS 9.8 | In TOTOLINK A7000R firmware 9.1.0u.6115_B20201022, an attacker can bypass login by sending a specific request through formLoginAuth.htm. |
| CVE-2025-51451 | CVE-2025-51451 CVSS 9.8 | In TOTOLINK EX1200T firmware 4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm. |
| CVE-2025-51390 | CVE-2025-51390 CVSS 9.8 | TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a command injection vulnerability via the pin parameter in the setWiFiWpsConfig function. |
| CVE-2025-51387 | CVE-2025-51387 CVSS 9.8 | The GitKraken Desktop 10.8.0 and 11.1.0 is susceptible to code injection due to misconfigured Electron Fuses. Specifically, the following insecure settings wer… |
| CVE-2025-51381 | CVE-2025-51381 CVSS 9.8 | An authentication bypass vulnerability exists in KCM3100 Ver1.4.2 and earlier. If this vulnerability is exploited, an attacker may bypass the authentication of… |
| CVE-2025-5128 | CVE-2025-5128 CVSS 9.8 | A vulnerability, which was classified as critical, was found in ScriptAndTools Real-Estate-website-in-PHP 1.0. Affected is an unknown function of the file /adm… |
| CVE-2025-5121 | CVE-2025-5121 CVSS 9.9 | An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.4 and 18.0 before 18.0.2. A missing authorization check may have al… |
| CVE-2025-5120 | CVE-2025-5120 CVSS 10.0 | A sandbox escape vulnerability was identified in huggingface/smolagents version 1.14.0, allowing attackers to bypass the restricted execution environment and a… |
| CVE-2025-5119 | CVE-2025-5119 CVSS 9.8 | A vulnerability has been found in Emlog Pro 2.5.11 and classified as critical. This vulnerability affects unknown code of the file /include/controller/api_cont… |
| CVE-2025-5114 | CVE-2025-5114 CVSS 9.1 | A vulnerability has been found in easysoft zentaopms 21.5_20250307 and classified as critical. This vulnerability affects the function Edit of the file /index.… |
| CVE-2025-5112 | CVE-2025-5112 CVSS 9.8 | A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. This affects an unknown part of the component MGET Command Handler. T… |
| CVE-2025-5111 | CVE-2025-5111 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. Affected by this issue is some unknown functionality of the comp… |
| CVE-2025-5110 | CVE-2025-5110 CVSS 9.8 | A vulnerability classified as critical was found in FreeFloat FTP Server 1.0. Affected by this vulnerability is an unknown functionality of the component VERBO… |
| CVE-2025-51092 | CVE-2025-51092 CVSS 9.8 | The LogIn-SignUp project by VishnuSivadasVS is vulnerable to SQL Injection due to unsafe construction of SQL queries in DataBase.php. The functions logIn() and… |
| CVE-2025-5109 | CVE-2025-5109 CVSS 9.8 | A vulnerability classified as critical has been found in FreeFloat FTP Server 1.0. Affected is an unknown function of the component STATUS Command Handler. The… |
| CVE-2025-5108 | CVE-2025-5108 CVSS 9.8 | A vulnerability was found in zongzhige ShopXO 6.5.0. It has been rated as critical. This issue affects the function Upload of the file app/admin/controller/Pay… |
| CVE-2025-5107 | CVE-2025-5107 CVSS 9.8 | A vulnerability was found in Fujian Kelixun 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /app/xml_cdr/xml_cdr_det… |
| CVE-2025-5099 | CVE-2025-5099 CVSS 9.8 | An Out of Bounds Write occurs when the native library attempts PDF rendering, which can be exploited to achieve memory corruption and potentially arbitrary cod… |
| CVE-2025-50989 | CVE-2025-50989 CVSS 9.1 | OPNsense before 25.1.8 contains an authenticated command injection vulnerability in its Bridge Interface Edit endpoint (interfaces_bridge_edit.php). The span P… |
| CVE-2025-5098 | CVE-2025-5098 CVSS 9.1 | PrinterShare Android application allows the capture of Gmail authentication tokens that can be reused to access a user's Gmail account without proper authoriza… |
| CVE-2025-50972 | CVE-2025-50972 CVSS 9.8 | SQL Injection vulnerability in AbanteCart 1.4.2, allows unauthenticated attackers to execute arbitrary SQL commands via the tmpl_id parameter to index.php. Thr… |
| CVE-2025-5095 | CVE-2025-5095 CVSS 9.8 | Burk Technology ARC Solo's password change mechanism can be utilized without proper authentication procedures, allowing an attacker to take over the device. … |
| CVE-2025-50904 | CVE-2025-50904 CVSS 9.8 | There is an authentication bypass vulnerability in WinterChenS my-site thru commit 6c79286 (2025-06-11). An attacker can exploit this vulnerability to access /… |
| CVE-2025-50901 | CVE-2025-50901 CVSS 9.8 | JeeWMS 771e4f5d0c01ffdeae1671be4cf102b73a3fe644 (2025-05-19) contains incorrect authentication bypass vulnerability, which can lead to arbitrary file reading. |
| CVE-2025-50900 | CVE-2025-50900 CVSS 9.8 | An issue was discovered in getrebuild/rebuild 4.0.4. The affected source code class is com.rebuild.web.RebuildWebInterceptor, and the affected function is preH… |
| CVE-2025-50870 | CVE-2025-50870 CVSS 9.8 | Institute-of-Current-Students 1.0 is vulnerable to Incorrect Access Control in the mydetailsstudent.php endpoint. The myds GET parameter accepts an email addre… |
| CVE-2025-5086 | Dassault Systèmes DELMIA Apriso Deserialization of Untrusted Data Vulnerability KEVCVSS 9.0Dassault Systèmes | Dassault Systèmes DELMIA Apriso contains a deserialization of untrusted data vulnerability that could lead to a remote code execution. |
| CVE-2025-50857 | CVE-2025-50857 CVSS 9.8 | ZenTaoPMS v18.11 through v21.6.beta is vulnerable to Directory Traversal in /module/ai/control.php. This allows attackers to execute arbitrary code via a craft… |