32,086 indexed
CVECVE vulnerabilities
32,086 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 4,851–4,900 of 8,314 in Critical · page 98 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-49212 | CVE-2025-49212 CVSS 9.8 | An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected … |
| CVE-2025-49201 | CVE-2025-49201 CVSS 9.8 | A weak authentication vulnerability in Fortinet FortiPAM 1.5.0, FortiPAM 1.4.0 through 1.4.2, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.… |
| CVE-2025-49199 | CVE-2025-49199 CVSS 9.8 | The backup ZIPs are not signed by the application, leading to the possibility that an attacker can download a backup ZIP, modify and re-upload it. This allows … |
| CVE-2025-49196 | CVE-2025-49196 CVSS 9.1 | A service supports the use of a deprecated and unsafe TLS version. This could be exploited to expose sensitive information, modify data in unexpected ways or s… |
| CVE-2025-49195 | CVE-2025-49195 CVSS 9.8 | The FTP server’s login mechanism does not restrict authentication attempts, allowing an attacker to brute-force user passwords and potentially compromising the… |
| CVE-2025-49182 | CVE-2025-49182 CVSS 9.8 | Files in the source code contain login credentials for the admin user and the property configuration password, allowing an attacker to get full access to the a… |
| CVE-2025-4918 | CVE-2025-4918 CVSS 9.8 | An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 1… |
| CVE-2025-4917 | CVE-2025-4917 CVSS 9.8 | A vulnerability classified as critical has been found in PHPGurukul Auto Taxi Stand Management System 1.0. Affected is an unknown function of the file /admin/n… |
| CVE-2025-4916 | CVE-2025-4916 CVSS 9.8 | A vulnerability was found in PHPGurukul Auto Taxi Stand Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the… |
| CVE-2025-4915 | CVE-2025-4915 CVSS 9.8 | A vulnerability was found in PHPGurukul Auto Taxi Stand Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the… |
| CVE-2025-4914 | CVE-2025-4914 CVSS 9.8 | A vulnerability was found in PHPGurukul Auto Taxi Stand Management System 1.0. It has been classified as critical. This affects an unknown part of the file /ad… |
| CVE-2025-49132 | CVE-2025-49132 CVSS 10.0 | Pterodactyl is a free, open-source game server management panel. Prior to version 1.11.11, using the /locales/locale.json with the locale and namespace query p… |
| CVE-2025-49131 | CVE-2025-49131 CVSS 9.9 | FastGPT is an open-source project that provides a platform for building, deploying, and operating AI-driven workflows and conversational agents. The Sandbox co… |
| CVE-2025-4913 | CVE-2025-4913 CVSS 9.8 | A vulnerability was found in PHPGurukul Auto Taxi Stand Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality … |
| CVE-2025-4912 | CVE-2025-4912 CVSS 9.1 | A vulnerability has been found in SourceCodester Student Result Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown … |
| CVE-2025-4911 | CVE-2025-4911 CVSS 9.8 | A vulnerability, which was classified as critical, was found in PHPGurukul Zoo Management System 2.1. Affected is an unknown function of the file /admin/view-f… |
| CVE-2025-4910 | CVE-2025-4910 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in PHPGurukul Zoo Management System 2.1. This issue affects some unknown processing of the fi… |
| CVE-2025-49084 | CVE-2025-49084 CVSS 9.1 | CVE-2025-49084 is a vulnerability in the management console of Absolute Secure Access prior to version 13.56. Attackers with administrative access can overwrit… |
| CVE-2025-4908 | CVE-2025-4908 CVSS 9.8 | A vulnerability classified as critical has been found in PHPGurukul Daily Expense Tracker System 1.1. This affects an unknown part of the file /expense-datewis… |
| CVE-2025-49073 | CVE-2025-49073 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in axiomthemes Sweet Dessert sweet-dessert allows Object Injection.This issue affects Sweet Dessert: from n/a t… |
| CVE-2025-49072 | CVE-2025-49072 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in AncoraThemes Mr. Murphy mr-murphy allows Object Injection.This issue affects Mr. Murphy: from n/a through < … |
| CVE-2025-49071 | CVE-2025-49071 CVSS 10.0 | Unrestricted Upload of File with Dangerous Type vulnerability in NasaTheme Flozen flozen-theme allows Upload a Web Shell to a Web Server.This issue affects Flo… |
| CVE-2025-4907 | CVE-2025-4907 CVSS 9.8 | A vulnerability was found in PHPGurukul Daily Expense Tracker System 1.1. It has been rated as critical. Affected by this issue is some unknown functionality o… |
| CVE-2025-49060 | CVE-2025-49060 CVSS 10.0 | Unrestricted Upload of File with Dangerous Type vulnerability in CMSSuperHeroes Wastia wastia allows Upload a Web Shell to a Web Server.This issue affects Wast… |
| CVE-2025-4906 | CVE-2025-4906 CVSS 9.8 | A vulnerability was found in PHPGurukul Notice Board System 1.0. It has been classified as critical. Affected is an unknown function of the file /login.php. Th… |
| CVE-2025-49059 | CVE-2025-49059 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CleverReach® CleverReach® WP cleverreach-wp allows SQL In… |
| CVE-2025-49055 | CVE-2025-49055 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav WP Lead Capturing Pages wp-lead-capture allo… |
| CVE-2025-4905 | CVE-2025-4905 CVSS 9.8 | A vulnerability was found in iop-apl-uw basestation3 up to 3.0.4 and classified as problematic. This issue affects the function load_qc_pickl of the file bases… |
| CVE-2025-49029 | CVE-2025-49029 CVSS 9.1 | Improper Control of Generation of Code ('Code Injection') vulnerability in bitto.kazi Custom Login And Signup Widget custom-login-and-signup-widget allows Code… |
| CVE-2025-49013 | CVE-2025-49013 CVSS 9.9 | WilderForge is a Wildermyth coremodding API. A critical vulnerability has been identified in multiple projects across the WilderForge organization. The issue a… |
| CVE-2025-49003 | CVE-2025-49003 CVSS 9.8 | DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, a threat actor may take advantage of a feature in Java … |
| CVE-2025-49002 | CVE-2025-49002 CVSS 9.8 | DataEase is an open source business intelligence and data visualization tool. Versions prior to version 2.10.10 have a flaw in the patch for CVE-2025-32966 tha… |
| CVE-2025-49001 | CVE-2025-49001 CVSS 9.8 | DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.10, secret verification does not take effect successfully, … |
| CVE-2025-4900 | CVE-2025-4900 CVSS 9.8 | A vulnerability classified as critical has been found in Campcodes Sales and Inventory System 1.0. Affected is an unknown function of the file /pages/payment.p… |
| CVE-2025-4899 | CVE-2025-4899 CVSS 9.8 | A vulnerability was found in Campcodes Sales and Inventory System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /p… |
| CVE-2025-48983 | CVE-2025-48983 CVSS 9.9 | A vulnerability in the Mount service of Veeam Backup & Replication, which allows for remote code execution (RCE) on the Backup infrastructure hosts by an authe… |
| CVE-2025-48952 | CVE-2025-48952 CVSS 9.4 | NetAlertX is a network, presence scanner, and alert framework. Prior to version 25.6.7, a vulnerability in the authentication logic allows users to bypass pass… |
| CVE-2025-4895 | CVE-2025-4895 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in SourceCodester Doctors Appointment System 1.0. This issue affects some unknown processing … |
| CVE-2025-48949 | CVE-2025-48949 CVSS 9.8 | Navidrome is an open source web-based music collection server and streamer. Versions 0.55.0 through 0.55.2 have a vulnerability due to improper input validatio… |
| CVE-2025-48938 | CVE-2025-48938 CVSS 9.8 | go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. A security vulnerability has been identified in versions prior to 2.12.1 wh… |
| CVE-2025-48935 | CVE-2025-48935 CVSS 9.1 | Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 2.2.0 and prior to versions 2.2.5, it is possible to bypass Deno's permission re… |
| CVE-2025-48929 | CVE-2025-48929 CVSS 9.8 | The TeleMessage service through 2025-05-05 implements authentication through a long-lived credential (e.g., not a token with a short expiration time) that can … |
| CVE-2025-48913 | CVE-2025-48913 CVSS 9.8 | If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities.… |
| CVE-2025-48890 | CVE-2025-48890 CVSS 9.8 | WRH-733GBK and WRH-733GWH contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in miniigd SOAP s… |
| CVE-2025-48877 | CVE-2025-48877 CVSS 9.8 | Discourse is an open-source discussion platform. Prior to version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.bet… |
| CVE-2025-48865 | CVE-2025-48865 CVSS 9.1 | Fabio is an HTTP(S) and TCP router for deploying applications managed by consul. Prior to version 1.6.6, Fabio allows clients to remove X-Forwarded headers (ex… |
| CVE-2025-4886 | CVE-2025-4886 CVSS 9.8 | A vulnerability classified as critical was found in itsourcecode Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of … |
| CVE-2025-4885 | CVE-2025-4885 CVSS 9.8 | A vulnerability classified as critical has been found in itsourcecode Sales and Inventory System 1.0. Affected is an unknown function of the file /pages/produc… |
| CVE-2025-4884 | CVE-2025-4884 CVSS 9.8 | A vulnerability was found in itsourcecode Restaurant Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the fi… |
| CVE-2025-48827 | CVE-2025-48827 CVSS 9.8 | vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' methods when running on PHP 8.1 or late… |