32,086 indexed
CVECVE vulnerabilities
32,086 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 4,751–4,800 of 8,314 in Critical · page 96 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-50187 | CVE-2025-50187 CVSS 9.8 | Chamilo is a learning management system. Prior to version 1.11.28, parameter from SOAP request is evaluated without filtering which leads to Remote Code Execut… |
| CVE-2025-50171 | CVE-2025-50171 CVSS 9.1 | Missing authorization in Remote Desktop Server allows an unauthorized attacker to perform spoofing over a network. |
| CVE-2025-50165 | CVE-2025-50165 CVSS 9.8 | Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network. |
| CVE-2025-5008 | CVE-2025-5008 CVSS 9.8 | A vulnerability was found in projectworlds Online Time Table Generator 1.0. It has been rated as critical. Affected by this issue is some unknown functionality… |
| CVE-2025-50067 | CVE-2025-50067 CVSS 9.0 | Vulnerability in Oracle Application Express (component: Strategic Planner Starter App). Supported versions that are affected are 24.2.4 and 24.2.5. Easily ex… |
| CVE-2025-5006 | CVE-2025-5006 CVSS 9.8 | A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/categ… |
| CVE-2025-5004 | CVE-2025-5004 CVSS 9.8 | A vulnerability was found in projectworlds Online Time Table Generator 1.0 and classified as critical. This issue affects some unknown processing of the file /… |
| CVE-2025-5003 | CVE-2025-5003 CVSS 9.8 | A vulnerability has been found in projectworlds Online Time Table Generator 1.0 and classified as critical. This vulnerability affects unknown code of the file… |
| CVE-2025-5002 | CVE-2025-5002 CVSS 9.8 | A vulnerability, which was classified as critical, was found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file … |
| CVE-2025-50002 | CVE-2025-50002 CVSS 10.0 | Unrestricted Upload of File with Dangerous Type vulnerability in Farost Energia energia allows Upload a Web Shell to a Web Server.This issue affects Energia: f… |
| CVE-2025-5000 | CVE-2025-5000 CVSS 9.8 | A vulnerability was found in Linksys FGW3000-AH and FGW3000-HK up to 1.0.17.000000. It has been classified as critical. This affects the function control_panel… |
| CVE-2025-4999 | CVE-2025-4999 CVSS 9.8 | A vulnerability was found in Linksys FGW3000-AH and FGW3000-HK up to 1.0.17.000000 and classified as critical. Affected by this issue is the function sub_4153F… |
| CVE-2025-49931 | CVE-2025-49931 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crocoblock JetSearch jet-search allows Blind SQL Injectio… |
| CVE-2025-4993 | CVE-2025-4993 CVSS 9.1 | Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.This issue affects Connext Professional: f… |
| CVE-2025-49915 | CVE-2025-49915 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allow… |
| CVE-2025-49901 | CVE-2025-49901 CVSS 9.8 | Authentication Bypass Using an Alternate Path or Channel vulnerability in quantumcloud Simple Link Directory qc-simple-link-directory allows Authentication Abu… |
| CVE-2025-49890 | CVE-2025-49890 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in ThemeREX Organic Beauty organic-beauty allows Object Injection.This issue affects Organic Beauty: from n/a t… |
| CVE-2025-49887 | CVE-2025-49887 CVSS 9.9 | Improper Control of Generation of Code ('Code Injection') vulnerability in WPFactory Product XML Feed Manager for WooCommerce product-xml-feeds-for-woocommerce… |
| CVE-2025-49885 | CVE-2025-49885 CVSS 10.0 | Unrestricted Upload of File with Dangerous Type vulnerability in HaruTheme Drag and Drop Multiple File Upload (Pro) - WooCommerce drag-and-drop-file-upload-wc-… |
| CVE-2025-49867 | CVE-2025-49867 CVSS 9.8 | Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes realhomes allows Privilege Escalation.This issue affects RealHomes: from n/a through <=… |
| CVE-2025-49853 | CVE-2025-49853 CVSS 9.1 | ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to SQL injections which could allow an attacker to leak arbitrary information and ins… |
| CVE-2025-49851 | CVE-2025-49851 CVSS 9.8 | ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to an improper authentication vulnerability which could allow an attacker to bypass a… |
| CVE-2025-49844 | CVE-2025-49844 CVSS 9.9 | Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script t… |
| CVE-2025-49841 | CVE-2025-49841 CVSS 9.8 | GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in process_… |
| CVE-2025-49840 | CVE-2025-49840 CVSS 9.8 | GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in inferenc… |
| CVE-2025-49839 | CVE-2025-49839 CVSS 9.8 | GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in bsroform… |
| CVE-2025-49838 | CVE-2025-49838 CVSS 9.8 | GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in vr.py Au… |
| CVE-2025-49837 | CVE-2025-49837 CVSS 9.8 | GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in vr.py Au… |
| CVE-2025-49836 | CVE-2025-49836 CVSS 9.8 | GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in webui.py chang… |
| CVE-2025-49835 | CVE-2025-49835 CVSS 9.8 | GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in webui.py open_… |
| CVE-2025-49834 | CVE-2025-49834 CVSS 9.8 | GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in webui.py open_… |
| CVE-2025-49833 | CVE-2025-49833 CVSS 9.8 | GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in the webui.py o… |
| CVE-2025-49831 | CVE-2025-49831 CVSS 9.8 | An attacker of Secrets Manager, Self-Hosted installations that route traffic from Secrets Manager to AWS through a misconfigured network device can reroute aut… |
| CVE-2025-49827 | CVE-2025-49827 CVSS 9.8 | Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.22.0 and Secrets Manager, Self-Hosted (for… |
| CVE-2025-49825 | CVE-2025-49825 CVSS 9.8 | Teleport provides connectivity, authentication, access controls and audit for infrastructure. Community Edition versions before and including 17.5.1 are vulner… |
| CVE-2025-4981 | CVE-2025-4981 CVSS 9.9 | Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to sanitize filenames in the archive extract… |
| CVE-2025-49796 | CVE-2025-49796 CVSS 9.1 | A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an a… |
| CVE-2025-49794 | CVE-2025-49794 CVSS 9.1 | A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the … |
| CVE-2025-4978 | CVE-2025-4978 CVSS 9.8 | A vulnerability, which was classified as very critical, was found in Netgear DGND3700 1.1.00.15_1.00.15NA. This affects an unknown part of the file /BRS_top.ht… |
| CVE-2025-49752 | CVE-2025-49752 CVSS 10.0 | Azure Bastion Elevation of Privilege Vulnerability |
| CVE-2025-4973 | CVE-2025-4973 CVSS 9.8 | The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme, is vulnerable to authentication bypass in all versions up to, … |
| CVE-2025-49710 | CVE-2025-49710 CVSS 9.8 | An integer overflow was present in `OrderedHashTable` used by the JavaScript engine. This vulnerability was fixed in Firefox 139.0.4. |
| CVE-2025-49709 | CVE-2025-49709 CVSS 9.8 | Certain canvas operations could have lead to memory corruption. This vulnerability was fixed in Firefox 139.0.4. |
| CVE-2025-49708 | CVE-2025-49708 CVSS 9.9 | Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges over a network. |
| CVE-2025-4967 | CVE-2025-4967 CVSS 9.1 | Esri Portal for ArcGIS 11.4 and prior allows a remote, unauthenticated attacker to bypass the Portal’s SSRF protections. |
| CVE-2025-49655 | CVE-2025-49655 CVSS 9.8 | Deserialization of untrusted data can occur in versions of the Keras framework running versions 3.11.0 up to but not including 3.11.3, enabling a maliciously u… |
| CVE-2025-49652 | CVE-2025-49652 CVSS 9.8 | Missing Authentication in the registration feature of Lablup's BackendAI allows arbitrary users to create user accounts that can access private data even when … |
| CVE-2025-49603 | CVE-2025-49603 CVSS 9.1 | Northern.tech Mender Server before 3.7.11 and 4.x before 4.0.1 has Incorrect Access Control. |
| CVE-2025-49591 | CVE-2025-49591 CVSS 9.1 | CryptPad is a collaboration suite. Prior to version 2025.3.0, enforcement of Two-Factor Authentication (2FA) in CryptPad can be trivially bypassed, due to weak… |
| CVE-2025-49553 | CVE-2025-49553 CVSS 9.3 | Adobe Connect versions 12.9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute … |