Search
59,256 CVEs
CVEs (59,256, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 226–250 of 59,256 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2025-36250 | CRITICAL | Patched | 10.0 | 2025-11-13 | IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to execute arbitrary commands due t… |
| CVE-2025-12539 | CRITICAL | 10.0 | 2025-11-11 | The TNC Toolbox: Web Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2. This is due to the plugin… | |
| CVE-2025-42890 | CRITICAL | 10.0 | 2025-11-11 | SQL Anywhere Monitor (Non-GUI) baked credentials into the code,exposing the resources or functionality to unintended users and providing attackers with the possibility of a… | |
| CVE-2025-10230 | CRITICAL | 10.0 | 2025-11-07 | A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanit… | |
| CVE-2025-63689 | CRITICAL | Patched | 10.0 | 2025-11-07 | Multiple SQL injection vulnerabilitites in ycf1998 money-pos system before commit 11f276bd20a41f089298d804e43cb1c39d041e59 (2025-09-14) allows a remote attacker to execute … |
| CVE-2025-64180 | CRITICAL | Patched | 10.0 | 2025-11-07 | Manager-io/Manager is accounting software. In Manager Desktop and Server versions 25.11.1.3085 and below, a critical vulnerability permits unauthorized access to internal n… |
| CVE-2025-6327 | CRITICAL | 10.0 | 2025-11-06 | Unrestricted Upload of File with Dangerous Type vulnerability in KingAddons.com King Addons for Elementor king-addons allows Upload a Web Shell to a Web Server.This issue a… | |
| CVE-2025-60207 | CRITICAL | 10.0 | 2025-11-06 | Unrestricted Upload of File with Dangerous Type vulnerability in Addify Custom User Registration Fields for WooCommerce user-registration-plugin-for-woocommerce allows Uplo… | |
| CVE-2025-60235 | CRITICAL | 10.0 | 2025-11-06 | Unrestricted Upload of File with Dangerous Type vulnerability in Plugify Support Ticket System for WooCommerce (Premium) support-ticket-system-for-woocommerce allows Using … | |
| CVE-2025-53283 | CRITICAL | 10.0 | 2025-11-06 | Unrestricted Upload of File with Dangerous Type vulnerability in borisolhor Drop Uploader for CF7 - Drag&Drop File Uploader Addon drop-uploader-for-contact-form-7-dragdrop-… | |
| CVE-2025-49372 | CRITICAL | 10.0 | 2025-11-06 | Improper Control of Generation of Code ('Code Injection') vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Remote Code Inclusion.This issue aff… | |
| CVE-2025-62596 | CRITICAL | Patched | 10.0 | 2025-11-06 | Youki is a container runtime written in Rust. In versions 0.5.6 and below, youki’s apparmor handling performs insufficiently strict write-target validation, and when combin… |
| CVE-2025-62161 | CRITICAL | Patched | 10.0 | 2025-11-06 | Youki is a container runtime written in Rust. In versions 0.5.6 and below, the initial validation of the source /dev/null is insufficient, allowing container escape when yo… |
| CVE-2025-55108 | CRITICAL | 10.0 | 2025-11-05 | The Control-M/Agent is vulnerable to unauthenticated remote code execution, arbitrary file read and write and similar unauthorized actions when mutual SSL/TLS authenticatio… | |
| CVE-2025-61945 | CRITICAL | Patched | 10.0 | 2025-11-04 | Radiometrics VizAir is vulnerable to any remote attacker via access to the admin panel of the VizAir system without authentication. Once inside, the attacker can modify cri… |
| CVE-2025-61956 | CRITICAL | Patched | 10.0 | 2025-11-04 | Radiometrics VizAir is vulnerable to a lack of authentication mechanisms for critical functions, such as admin access and API requests. Attackers can modify configurations … |
| CVE-2025-54863 | CRITICAL | Patched | 10.0 | 2025-11-04 | Radiometrics VizAir is vulnerable to exposure of the system's REST API key through a publicly accessible configuration file. This allows attackers to remotely alter weather… |
| CVE-2025-29270 | CRITICAL | 10.0 | 2025-10-31 | Incorrect access control in the realtime.cgi endpoint of Deep Sea Electronics devices DSE855 v1.1.0 to v1.1.26 allows attackers to gain access to the admin panel and comple… | |
| CVE-2025-52665 | CRITICAL | Patched | 10.0 | 2025-10-31 | A malicious actor with access to the management network could exploit a misconfiguration in UniFi’s door access application, UniFi Access, that exposed a management API wit… |
| CVE-2025-64095 | CRITICAL | Patched | 10.0 | 2025-10-28 | DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor provider allows unaut… |
| CVE-2025-61481 | CRITICAL | 10.0 | 2025-10-27 | An issue in MikroTik RouterOS v.7.14.2 and SwOS v.2.18 exposes the WebFig management interface over cleartext HTTP by default, allowing an on-path attacker to execute injec… | |
| CVE-2025-59503 | CRITICAL | 10.0 | 2025-10-23 | Server-side request forgery (ssrf) in Azure Compute Gallery allows an unauthorized attacker to elevate privileges over a network. | |
| CVE-2025-61934 | CRITICAL | 10.0 | 2025-10-23 | A binding to an unrestricted IP address vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an unauthenticated remote at… | |
| CVE-2025-60206 | CRITICAL | 10.0 | 2025-10-22 | Improper Control of Generation of Code ('Code Injection') vulnerability in Beplusthemes Alone alone allows Code Injection.This issue affects Alone: from n/a through <= 7.8.3. | |
| CVE-2025-58963 | CRITICAL | 10.0 | 2025-10-22 | Unrestricted Upload of File with Dangerous Type vulnerability in 7oroof Medcity medcity allows Upload a Web Shell to a Web Server.This issue affects Medcity: from n/a throu… |