32,086 indexed
CVECVE vulnerabilities
32,086 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 4,901–4,950 of 8,314 in Critical · page 99 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-4882 | CVE-2025-4882 CVSS 9.8 | A vulnerability was found in itsourcecode Restaurant Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin… |
| CVE-2025-4881 | CVE-2025-4881 CVSS 9.8 | A vulnerability was found in itsourcecode Restaurant Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of … |
| CVE-2025-4880 | CVE-2025-4880 CVSS 9.8 | A vulnerability has been found in PHPGurukul News Portal 4.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file… |
| CVE-2025-48782 | CVE-2025-48782 CVSS 9.8 | An unrestricted upload of file with dangerous type vulnerability in the upload file function of Soar Cloud HRD Human Resource Management System through version… |
| CVE-2025-48780 | CVE-2025-48780 CVSS 9.8 | A deserialization of untrusted data vulnerability in the download file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.040… |
| CVE-2025-48757 | CVE-2025-48757 CVSS 9.3 | An insufficient database Row-Level Security policy in Lovable through 2025-04-15 allows remote unauthenticated attackers to read or write to arbitrary database… |
| CVE-2025-48756 | CVE-2025-48756 CVSS 9.8 | In group_number in the scsir crate 0.2.0 for Rust, there can be an overflow because a hardware device may expect a small number of bits (e.g., 5 bits) for grou… |
| CVE-2025-48755 | CVE-2025-48755 CVSS 9.8 | In the spiral-rs crate 0.2.0 for Rust, allocation can be attempted for a ZST (zero-sized type). |
| CVE-2025-48753 | CVE-2025-48753 CVSS 9.8 | In the anode crate 0.1.0 for Rust, data races can occur in unlock in SpinLock. |
| CVE-2025-48752 | CVE-2025-48752 CVSS 9.8 | In the process-sync crate 0.2.2 for Rust, the drop function lacks a check for whether the pthread_mutex is unlocked. |
| CVE-2025-48751 | CVE-2025-48751 CVSS 9.8 | The process_lock crate 0.1.0 for Rust allows data races in unlock. |
| CVE-2025-4875 | CVE-2025-4875 CVSS 9.8 | A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /forgo… |
| CVE-2025-48749 | CVE-2025-48749 CVSS 9.1 | Netwrix Directory Manager (formerly Imanami GroupID) v11.0.0.0 and before & after v.11.1.25134.03 inserts Sensitive Information into Sent Data. |
| CVE-2025-48748 | CVE-2025-48748 CVSS 10.0 | Netwrix Directory Manager (formerly Imanami GroupID) through v.10.0.7784.0 has a hard-coded password. |
| CVE-2025-48744 | CVE-2025-48744 CVSS 9.8 | In SIGB PMB before 8.0.1.2, attackers can achieve Local File Inclusion and remote code execution. |
| CVE-2025-48743 | CVE-2025-48743 CVSS 9.8 | SIGB PMB before 8.0.1.2 allows SQL injection. |
| CVE-2025-48742 | CVE-2025-48742 CVSS 9.8 | The installer in SIGB PMB before and fixed in v.8.0.1.2 allows remote code execution. |
| CVE-2025-4874 | CVE-2025-4874 CVSS 9.8 | A vulnerability was found in PHPGurukul News Portal Project 4.1 and classified as critical. Affected by this issue is some unknown functionality of the file /a… |
| CVE-2025-48732 | CVE-2025-48732 CVSS 9.8 | An incomplete blacklist exists in the .htaccess sample of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to a arbit… |
| CVE-2025-4873 | CVE-2025-4873 CVSS 9.8 | A vulnerability has been found in PHPGurukul News Portal 4.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file… |
| CVE-2025-4872 | CVE-2025-4872 CVSS 9.8 | A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. Affected is an unknown function of the component CCC Command Handler.… |
| CVE-2025-4871 | CVE-2025-4871 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. This issue affects some unknown processing of the component REST C… |
| CVE-2025-48706 | CVE-2025-48706 CVSS 9.1 | An issue was discovered in COROS PACE 3 through 3.0808.0. Due to an out-of-bounds read vulnerability, sending a crafted BLE message forces the device to reboot. |
| CVE-2025-48703 | CWP Control Web Panel OS Command Injection Vulnerability KEVCVSS 9.0CWP | CWP Control Web Panel (formerly CentOS Web Panel) contains an OS command Injection vulnerability that allows unauthenticated remote code execution via shell me… |
| CVE-2025-4870 | CVE-2025-4870 CVSS 9.8 | A vulnerability classified as critical was found in itsourcecode Restaurant Management System 1.0. This vulnerability affects unknown code of the file /admin/m… |
| CVE-2025-4869 | CVE-2025-4869 CVSS 9.8 | A vulnerability classified as critical has been found in itsourcecode Restaurant Management System 1.0. This affects an unknown part of the file /admin/member_… |
| CVE-2025-4865 | CVE-2025-4865 CVSS 9.8 | A vulnerability was found in itsourcecode Restaurant Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /… |
| CVE-2025-4864 | CVE-2025-4864 CVSS 9.8 | A vulnerability has been found in itsourcecode Restaurant Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file… |
| CVE-2025-48626 | CVE-2025-48626 CVSS 9.8 | In multiple locations, there is a possible way to launch an application from the background due to a precondition check failure. This could lead to remote esca… |
| CVE-2025-4861 | CVE-2025-4861 CVSS 9.8 | A vulnerability classified as critical was found in PHPGurukul Beauty Parlour Management System 1.1. Affected by this vulnerability is an unknown functionality… |
| CVE-2025-48609 | CVE-2025-48609 CVSS 9.1 | In multiple functions of MmsProvider.java, there is a possible way to arbitrarily delete files which affect telephony, SMS, and MMS functionalities due to a pa… |
| CVE-2025-4855 | CVE-2025-4855 CVSS 9.8 | The Support Board plugin for WordPress is vulnerable to unauthorized access/modification/deletion of data due to use of hardcoded default secrets in the sb_enc… |
| CVE-2025-4851 | CVE-2025-4851 CVSS 9.8 | A vulnerability classified as critical was found in TOTOLINK N300RH 6.1c.1390_B20191101. This vulnerability affects the function setUploadUserData of the file … |
| CVE-2025-48501 | CVE-2025-48501 CVSS 9.8 | An OS command injection issue exists in Nimesa Backup and Recovery v2.3 and v2.4. If this vulnerability is exploited, an arbitrary OS commands may be executed … |
| CVE-2025-4849 | CVE-2025-4849 CVSS 9.8 | A vulnerability was found in TOTOLINK N300RH 6.1c.1390_B20191101. It has been rated as critical. Affected by this issue is the function CloudACMunualUpdateUser… |
| CVE-2025-48481 | CVE-2025-48481 CVSS 9.8 | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, an attacker with an unactivated email invitation containing invite_hash… |
| CVE-2025-4848 | CVE-2025-4848 CVSS 9.8 | A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. This issue affects some unknown processing of the component RECV Command Hand… |
| CVE-2025-48471 | CVE-2025-48471 CVSS 9.8 | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, the application does not check or performs insufficient checking of fil… |
| CVE-2025-4847 | CVE-2025-4847 CVSS 9.8 | A vulnerability has been found in FreeFloat FTP Server 1.0 and classified as critical. This vulnerability affects unknown code of the component MLS Command Han… |
| CVE-2025-48469 | CVE-2025-48469 CVSS 9.6 | Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload firmware through a public update page, potentially leading to ba… |
| CVE-2025-4846 | CVE-2025-4846 CVSS 9.8 | A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. This affects an unknown part of the component MPUT Command Handler. T… |
| CVE-2025-4845 | CVE-2025-4845 CVSS 9.8 | A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. Affected by this issue is some unknown functionality of the comp… |
| CVE-2025-4844 | CVE-2025-4844 CVSS 9.8 | A vulnerability classified as critical was found in FreeFloat FTP Server 1.0. Affected by this vulnerability is an unknown functionality of the component CD Co… |
| CVE-2025-4843 | CVE-2025-4843 CVSS 9.8 | A vulnerability was found in D-Link DCS-932L 2.18.01. It has been classified as critical. This affects the function SubUPnPCSInit of the file /sbin/udev. The m… |
| CVE-2025-48429 | CVE-2025-48429 CVSS 9.1 | An out-of-bounds read vulnerability exists in the RLECodec::DecodeByStreams functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to … |
| CVE-2025-4842 | CVE-2025-4842 CVSS 9.8 | A vulnerability was found in D-Link DCS-932L 2.18.01. It has been declared as critical. This vulnerability affects the function isUCPCameraNameChanged of the f… |
| CVE-2025-4841 | CVE-2025-4841 CVSS 9.8 | A vulnerability was found in D-Link DCS-932L 2.18.01 and classified as critical. Affected by this issue is the function sub_404780 of the file /bin/gpio. The m… |
| CVE-2025-48373 | CVE-2025-48373 CVSS 9.1 | Schule is open-source school management system software. The application relies on client-side JavaScript (index.js) to redirect users to different panels base… |
| CVE-2025-4837 | CVE-2025-4837 CVSS 9.8 | A vulnerability classified as critical has been found in projectworlds Student Project Allocation System 1.0. This affects an unknown part of the file /make_gr… |
| CVE-2025-4836 | CVE-2025-4836 CVSS 9.8 | A vulnerability was found in Projectworlds Life Insurance Management System 1.0. It has been rated as critical. Affected by this issue is some unknown function… |