32,086 indexed
CVECVE vulnerabilities
32,086 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 4,701–4,750 of 8,314 in Critical · page 95 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-5081 | CVE-2025-5081 CVSS 9.8 | A vulnerability classified as critical was found in Campcodes Cybercafe Management System 1.0. Affected by this vulnerability is an unknown functionality of th… |
| CVE-2025-5079 | CVE-2025-5079 CVSS 9.8 | A flaw has been found in PHPGurukul/Campcodes Online Shopping Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/updateo… |
| CVE-2025-5078 | CVE-2025-5078 CVSS 9.8 | A vulnerability was detected in PHPGurukul/Campcodes Online Shopping Portal 1.0. Affected is an unknown function of the file /admin/subcategory.php. Performing… |
| CVE-2025-5077 | CVE-2025-5077 CVSS 9.8 | A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been classified as critical. This affects an unknown part of the file /admin/edit-sub… |
| CVE-2025-5076 | CVE-2025-5076 CVSS 9.8 | A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. Affected by this issue is some unknown functionality of the component SEND Co… |
| CVE-2025-50756 | CVE-2025-50756 CVSS 9.8 | Wavlink WN535K3 20191010 was found to contain a command injection vulnerability in the set_sys_adm function via the newpass parameter. This vulnerability allow… |
| CVE-2025-50754 | CVE-2025-50754 CVSS 9.6 | Unisite CMS version 5.0 contains a stored Cross-Site Scripting (XSS) vulnerability in the "Report" functionality. A malicious script submitted by an attacker i… |
| CVE-2025-5075 | CVE-2025-5075 CVSS 9.8 | A vulnerability has been found in FreeFloat FTP Server 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the compon… |
| CVE-2025-5074 | CVE-2025-5074 CVSS 9.8 | A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. Affected is an unknown function of the component PROMPT Command Handl… |
| CVE-2025-50739 | CVE-2025-50739 CVSS 9.8 | iib0011 omni-tools v0.4.0 is vulnerable to remote code execution via unsafe JSON deserialization. |
| CVE-2025-50738 | CVE-2025-50738 CVSS 9.8 | The Memos application, up to version v0.24.3, allows for the embedding of markdown images with arbitrary URLs. When a user views a memo containing such an imag… |
| CVE-2025-5073 | CVE-2025-5073 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. This issue affects some unknown processing of the component MKDI… |
| CVE-2025-50722 | CVE-2025-50722 CVSS 9.8 | Insecure Permissions vulnerability in sparkshop v.1.1.7 allows a remote attacker to execute arbitrary code via the Common.php component |
| CVE-2025-50707 | CVE-2025-50707 CVSS 9.8 | An issue in thinkphp3 v.3.2.5 allows a remote attacker to execute arbitrary code via the index.php component |
| CVE-2025-50706 | CVE-2025-50706 CVSS 9.8 | An issue in thinkphp v.5.1 allows a remote attacker to execute arbitrary code via the routecheck function |
| CVE-2025-50692 | CVE-2025-50692 CVSS 9.8 | FoxCMS <=v1.2.5 is vulnerable to Code Execution in admin/template_file/editFile.html. |
| CVE-2025-50594 | CVE-2025-50594 CVSS 9.8 | An issue was discovered in /Code/Websites/DanpheEMR/Controllers/Settings/SecuritySettingsController.cs in Danphe Health Hospital Management System EMR 3.2 allo… |
| CVE-2025-5058 | CVE-2025-5058 CVSS 9.8 | The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the set_image()… |
| CVE-2025-50578 | CVE-2025-50578 CVSS 9.8 | LinuxServer.io heimdall 2.6.3-ls307 contains a vulnerability in how it handles user-supplied HTTP headers, specifically `X-Forwarded-Host` and `Referer`. An un… |
| CVE-2025-5057 | CVE-2025-5057 CVSS 9.8 | A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the f… |
| CVE-2025-50567 | CVE-2025-50567 CVSS 10.0 | Saurus CMS Community Edition 4.7.1 contains a vulnerability in the custom DB::prepare() function, which uses preg_replace() with the deprecated /e (eval) modif… |
| CVE-2025-5056 | CVE-2025-5056 CVSS 9.8 | A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality… |
| CVE-2025-5053 | CVE-2025-5053 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. Affected by this issue is some unknown functionality of the comp… |
| CVE-2025-50526 | CVE-2025-50526 CVSS 9.8 | Netgear EX8000 V1.0.0.126 was discovered to contain a command injection vulnerability via the switch_status function. |
| CVE-2025-5052 | CVE-2025-5052 CVSS 9.8 | A vulnerability classified as critical was found in FreeFloat FTP Server 1.0. Affected by this vulnerability is an unknown functionality of the component LS Co… |
| CVE-2025-50518 | CVE-2025-50518 CVSS 9.8 | A use-after-free vulnerability exists in the coap_delete_pdu_lkd function within coap_pdu.c of the libcoap library. This issue occurs due to improper handling … |
| CVE-2025-5051 | CVE-2025-5051 CVSS 9.8 | A vulnerability classified as critical has been found in FreeFloat FTP Server 1.0. Affected is an unknown function of the component BINARY Command Handler. The… |
| CVE-2025-5050 | CVE-2025-5050 CVSS 9.8 | A vulnerability was found in FreeFloat FTP Server 1.0. It has been rated as critical. This issue affects some unknown processing of the component BELL Command … |
| CVE-2025-5049 | CVE-2025-5049 CVSS 9.8 | A vulnerability was found in FreeFloat FTP Server 1.0. It has been declared as critical. This vulnerability affects unknown code of the component APPEND Comman… |
| CVE-2025-50475 | CVE-2025-50475 CVSS 9.8 | An OS command injection vulnerability exists in Russound MBX-PRE-D67F firmware version 3.1.6, allowing unauthenticated attackers to execute arbitrary commands … |
| CVE-2025-50472 | CVE-2025-50472 CVSS 9.8 | The modelscope/ms-swift library thru 2.6.1 is vulnerable to arbitrary code execution through deserialization of untrusted data within the `load_model_meta()` f… |
| CVE-2025-50460 | CVE-2025-50460 CVSS 9.8 | A remote code execution (RCE) vulnerability exists in the ms-swift project version 3.3.0 due to unsafe deserialization in tests/run.py using yaml.load() from t… |
| CVE-2025-50433 | CVE-2025-50433 CVSS 9.8 | An issue was discovered in imonnit.com (2025-04-24) allowing malicious actors to gain escalated privileges via crafted password reset to take over arbitrary us… |
| CVE-2025-50428 | CVE-2025-50428 CVSS 9.8 | In RaspAP raspap-webgui 3.3.2 and earlier, a command injection vulnerability exists in the includes/hostapd.php script. The vulnerability is due to improper sa… |
| CVE-2025-50402 | CVE-2025-50402 CVSS 9.8 | FAST FAC1200R F400_FAC1200R_Q is vulnerable to Buffer Overflow in the function sub_80435780 via the parameter string fac_password. |
| CVE-2025-50401 | CVE-2025-50401 CVSS 9.8 | Mercury D196G d196gv1-cn-up_2020-01-09_11.21.44 is vulnerable to Buffer Overflow in the function sub_404CAEDC via the parameter password. |
| CVE-2025-50399 | CVE-2025-50399 CVSS 9.8 | FAST FAC1200R F400_FAC1200R_Q is vulnerable to Buffer Overflow in the function sub_80435780 via the parameter password. |
| CVE-2025-50398 | CVE-2025-50398 CVSS 9.8 | Mercury D196G d196gv1-cn-up_2020-01-09_11.21.44 is vulnerable to Buffer Overflow in the function sub_404CAEDC via the parameter fac_password. |
| CVE-2025-50343 | CVE-2025-50343 CVSS 9.8 | An issue was discovered in matio 1.5.28. A heap-based memory corruption can occur in Mat_VarCreateStruct() when the nfields value does not match the actual num… |
| CVE-2025-50341 | CVE-2025-50341 CVSS 9.8 | A Boolean-based SQL injection vulnerability was discovered in Axelor 5.2.4 via the _domain parameter. An attacker can manipulate the SQL query logic and determ… |
| CVE-2025-5032 | CVE-2025-5032 CVSS 9.8 | A vulnerability classified as critical has been found in Campcodes Online Shopping Portal 1.0. Affected is an unknown function of the file /admin/edit-category… |
| CVE-2025-50251 | CVE-2025-50251 CVSS 9.1 | Server side request forgery (SSRF) vulnerability in makeplane plane 0.23.1 via the password recovery. |
| CVE-2025-50240 | CVE-2025-50240 CVSS 9.8 | nbcio-boot v1.0.3 was discovered to contain a SQL injection vulnerability via the userIds parameter at /sys/user/deleteRecycleBin. |
| CVE-2025-50229 | CVE-2025-50229 CVSS 9.8 | Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing module. |
| CVE-2025-50228 | CVE-2025-50228 CVSS 9.1 | Jizhicms v2.5.4 is vulnerable to Server-Side Request Forgery (SSRF) in User Evaluation, Message, and Comment modules. |
| CVE-2025-50213 | CVE-2025-50213 CVSS 9.8 | Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) vulnerability in Apache Airflow Providers Snowflake. This issue affect… |
| CVE-2025-50201 | CVE-2025-50201 CVSS 9.8 | WeGIA is a web manager for charitable institutions. Prior to version 3.4.2, an OS Command Injection vulnerability was identified in the /html/configuracao/debu… |
| CVE-2025-50199 | CVE-2025-50199 CVSS 9.1 | Chamilo is a learning management system. Prior to version 1.11.30, there is a blind SSRF vulnerability in /index.php via the POST openid_url parameter. This is… |
| CVE-2025-50192 | CVE-2025-50192 CVSS 9.8 | Chamilo is a learning management system. Prior to version 1.11.30, there is a time-based SQL Injection in found in /main/webservices/registration.soap.php. Thi… |
| CVE-2025-50190 | CVE-2025-50190 CVSS 9.8 | Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via the GET openid.assoc_handle parameter with the /in… |