32,086 indexed
CVECVE vulnerabilities
32,086 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 4,801–4,850 of 8,314 in Critical · page 97 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-49535 | CVE-2025-49535 CVSS 9.3 | ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that co… |
| CVE-2025-49533 | CVE-2025-49533 CVSS 9.8 | Adobe Experience Manager (MS) versions 6.5.23.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could lead to arbitrary code… |
| CVE-2025-49507 | CVE-2025-49507 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in LoftOcean CozyStay cozystay allows Object Injection.This issue affects CozyStay: from n/a through < 1.7.1. |
| CVE-2025-49492 | CVE-2025-49492 CVSS 9.8 | Out-of-bounds write in ASR180x in lte-telephony, May cause a buffer underrun. This vulnerability is associated with program files apps/atcmd_server/src/dev_a… |
| CVE-2025-49480 | CVE-2025-49480 CVSS 9.1 | Out-of-bounds access in ASR180x 、ASR190x in lte-telephony, This vulnerability is associated with program files apps/lzma/src/LzmaEnc.c. This issue affects F… |
| CVE-2025-49455 | CVE-2025-49455 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ClickandPledge WordPress-WPJobBoard click-pledge-wpjobboa… |
| CVE-2025-49452 | CVE-2025-49452 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adrian Ladó PostaPanduri postapanduri allows SQL Injectio… |
| CVE-2025-49447 | CVE-2025-49447 CVSS 10.0 | Unrestricted Upload of File with Dangerous Type vulnerability in Fastw3b LLC FW Food Menu allows Using Malicious Files. This issue affects FW Food Menu : from… |
| CVE-2025-49444 | CVE-2025-49444 CVSS 10.0 | Unrestricted Upload of File with Dangerous Type vulnerability in merkulove Reformer for Elementor reformer-elementor allows Upload a Web Shell to a Web Server.… |
| CVE-2025-49434 | CVE-2025-49434 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in axiomthemes Cars4Rent cars4rent allows Object Injection.This issue affects Cars4Rent: from n/a through <= 1.… |
| CVE-2025-49422 | CVE-2025-49422 CVSS 9.8 | Incorrect Privilege Assignment vulnerability in themepassion Support Ticket support-ticket allows Privilege Escalation.This issue affects Support Ticket: from … |
| CVE-2025-49417 | CVE-2025-49417 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in BestWpDeveloper WooCommerce Product Multi-Action Woo-product-multiaction allows Object Injection.This issue … |
| CVE-2025-49414 | CVE-2025-49414 CVSS 10.0 | Unrestricted Upload of File with Dangerous Type vulnerability in Fastw3b LLC FW Gallery fw-gallery allows Using Malicious Files.This issue affects FW Gallery: … |
| CVE-2025-49410 | CVE-2025-49410 CVSS 10.0 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Imran Emu TC Testimonials allows Stored XSS. This issue a… |
| CVE-2025-4941 | CVE-2025-4941 CVSS 9.8 | A vulnerability, which was classified as critical, was found in PHPGurukul Credit Card Application Management System 1.0. Affected is an unknown function of th… |
| CVE-2025-49409 | CVE-2025-49409 CVSS 9.8 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brewlabs SensorPress allows Stored XSS. This issue affect… |
| CVE-2025-49408 | CVE-2025-49408 CVSS 10.0 | Insertion of Sensitive Information Into Sent Data vulnerability in WPDeveloper Templately allows Retrieve Embedded Sensitive Data. This issue affects Templatel… |
| CVE-2025-49401 | CVE-2025-49401 CVSS 9.8 | Incorrect Privilege Assignment vulnerability in axiomthemes smart SEO smartSEO allows Privilege Escalation.This issue affects smart SEO: from n/a through <= 4.… |
| CVE-2025-49400 | CVE-2025-49400 CVSS 9.8 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in osama.esh WP Visitor Statistics (Real Time Traffic) allow… |
| CVE-2025-49393 | CVE-2025-49393 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in Fetch Designs Sign-up Sheets sign-up-sheets allows Object Injection.This issue affects Sign-up Sheets: from … |
| CVE-2025-49388 | CVE-2025-49388 CVSS 9.8 | Incorrect Privilege Assignment vulnerability in kamleshyadav Miraculous Core Plugin miraculouscore allows Privilege Escalation.This issue affects Miraculous Co… |
| CVE-2025-49387 | CVE-2025-49387 CVSS 10.0 | Unrestricted Upload of File with Dangerous Type vulnerability in add-ons.org Drag and Drop File Upload for Elementor Forms drag-and-drop-file-upload-for-elemen… |
| CVE-2025-49381 | CVE-2025-49381 CVSS 9.6 | Cross-Site Request Forgery (CSRF) vulnerability in ads.txt Guru ads.txt Guru Connect adstxt-guru-connect allows Cross Site Request Forgery.This issue affects a… |
| CVE-2025-49380 | CVE-2025-49380 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in wpinstinct WooCommerce Vehicle Parts Finder woo-vehicle-parts-finder allows Object Injection.This issue affe… |
| CVE-2025-4938 | CVE-2025-4938 CVSS 9.8 | A vulnerability was found in PHPGurukul Employee Record Management System 1.3. It has been rated as critical. Affected by this issue is some unknown functional… |
| CVE-2025-49372 | CVE-2025-49372 CVSS 10.0 | Improper Control of Generation of Code ('Code Injection') vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Remote Code Inclusion.T… |
| CVE-2025-4937 | CVE-2025-4937 CVSS 9.8 | A vulnerability was found in SourceCodester Apartment Visitor Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unk… |
| CVE-2025-4936 | CVE-2025-4936 CVSS 9.8 | A vulnerability was found in projectworlds Online Food Ordering System 1.0. It has been classified as critical. Affected is an unknown function of the file /ad… |
| CVE-2025-4935 | CVE-2025-4935 CVSS 9.8 | A vulnerability was found in SourceCodester Stock Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /php… |
| CVE-2025-4934 | CVE-2025-4934 CVSS 9.8 | A vulnerability has been found in PHPGurukul User Registration & Login and User Management System 3.3 and classified as critical. This vulnerability affects un… |
| CVE-2025-49330 | CVE-2025-49330 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in CRM Perks Integration for Contact Form 7 and Zoho CRM, Bigin cf7-zoho allows Object Injection.This issue aff… |
| CVE-2025-4933 | CVE-2025-4933 CVSS 9.8 | A vulnerability, which was classified as critical, was found in ponaravindb Hospital-Management-System 1.0. This affects an unknown part of the file /doctor-pa… |
| CVE-2025-4932 | CVE-2025-4932 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in projectworlds Online Lawyer Management System 1.0. Affected by this issue is some unknown … |
| CVE-2025-4931 | CVE-2025-4931 CVSS 9.8 | A vulnerability classified as critical was found in projectworlds Online Lawyer Management System 1.0. Affected by this vulnerability is an unknown functionali… |
| CVE-2025-49302 | CVE-2025-49302 CVSS 10.0 | Improper Control of Generation of Code ('Code Injection') vulnerability in Scott Paterson Easy Stripe easy-stripe allows Remote Code Inclusion.This issue affec… |
| CVE-2025-4930 | CVE-2025-4930 CVSS 9.8 | A vulnerability classified as critical has been found in Campcodes Online Shopping Portal 1.0. Affected is an unknown function of the file /my-cart.php. The ma… |
| CVE-2025-49297 | CVE-2025-49297 CVSS 9.8 | Path Traversal: '.../...//' vulnerability in Mikado-Themes Grill and Chow grillandchow allows PHP Local File Inclusion.This issue affects Grill and Chow: from … |
| CVE-2025-49296 | CVE-2025-49296 CVSS 9.8 | Path Traversal: '.../...//' vulnerability in Mikado-Themes GrandPrix grandprix allows PHP Local File Inclusion.This issue affects GrandPrix: from n/a through <… |
| CVE-2025-49295 | CVE-2025-49295 CVSS 9.8 | Path Traversal: '.../...//' vulnerability in Mikado-Themes MediClinic mediclinic allows PHP Local File Inclusion.This issue affects MediClinic: from n/a throug… |
| CVE-2025-4929 | CVE-2025-4929 CVSS 9.8 | A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file /my-ac… |
| CVE-2025-4928 | CVE-2025-4928 CVSS 9.8 | A vulnerability was found in projectworlds Online Lawyer Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of th… |
| CVE-2025-4927 | CVE-2025-4927 CVSS 9.8 | A vulnerability was found in PHPGurukul Online Marriage Registration System 1.0. It has been classified as critical. This affects an unknown part of the file /… |
| CVE-2025-4925 | CVE-2025-4925 CVSS 9.8 | A vulnerability has been found in PHPGurukul Daily Expense Tracker System 1.1 and classified as critical. Affected by this vulnerability is an unknown function… |
| CVE-2025-4924 | CVE-2025-4924 CVSS 9.8 | A vulnerability, which was classified as critical, was found in SourceCodester Client Database Management System 1.0. Affected is an unknown function of the fi… |
| CVE-2025-49223 | CVE-2025-49223 CVSS 9.8 | billboard.js before 3.15.1 was discovered to contain a prototype pollution via the function generate, which could allow attackers to execute arbitrary code or … |
| CVE-2025-49220 | CVE-2025-49220 CVSS 9.8 | An insecure deserialization operation in Trend Micro Apex Central below version 8.0.7007 could lead to a pre-authentication remote code execution on affected i… |
| CVE-2025-49219 | CVE-2025-49219 CVSS 9.8 | An insecure deserialization operation in Trend Micro Apex Central below versions 8.0.7007 could lead to a pre-authentication remote code execution on affected … |
| CVE-2025-49217 | CVE-2025-49217 CVSS 9.8 | An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected … |
| CVE-2025-49216 | CVE-2025-49216 CVSS 9.8 | An authentication bypass vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to access key methods as an admin user and m… |
| CVE-2025-49213 | CVE-2025-49213 CVSS 9.8 | An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected … |