Total CVEs

142,714

Critical Severity

4,025

High Severity

14,400

Last 7 Days

1,395
Quick preset (or use dates below)
Clear Filters
Showing 14,121 - 14,140 of 14,400 CVEs
CVE-2025-23608 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Omar Mohamed Mohamoud LIVE TV allows Reflected XSS.This issue affects LIVE TV: from n/a through 1.2.

Published: Dec 31, 2025
Source: NVD
CVE-2025-15392 HIGH - 8.8

A weakness has been identified in Kohana KodiCMS up to 13.82.135. This affects the function like of the file cms/modules/pages/classes/kodicms/model/page.php of the component Search API Endpoint. Executing manipulation of the argument keyword can lead to sql injection. It is possible to launch the a...

Vendor: kodicms-kohana
Product: kodicms
Published: Dec 31, 2025
Source: NVD
CVE-2025-64699 HIGH - 7.8

An incorrect NULL DACL issue exists in SevenCs ORCA G2 2.0.1.35 (EC2007 Kernel v5.22). The regService process, which runs with SYSTEM privileges, applies a Security Descriptor to a device object with no explicitly configured DACL. This condition could allow an attacker to perform unauthorized raw di...

Vendor: sevencs
Product: ec2007_kernel
Published: Dec 31, 2025
Source: NVD
CVE-2025-62751 HIGH - 8.8

Missing Authorization vulnerability in Extend Themes Vireo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Vireo: from n/a through 1.0.24.

Vendor: extendthemes
Product: vireo
Published: Dec 31, 2025
Source: NVD
CVE-2025-61037 HIGH - 7.0

A local privilege escalation vulnerability exists in SevenCs ORCA G2 2.0.1.35 (EC2007 Kernel v5.22). The flaw is a Time-of-Check Time-of-Use (TOCTOU) race condition in the license management logic. The regService process, which runs with SYSTEM privileges, creates a fixed directory and writes files ...

Vendor: sevencs
Product: ec2007_kernel
Published: Dec 31, 2025
Source: NVD
CVE-2025-15390 HIGH - 8.8

A security flaw has been discovered in PHPGurukul Small CRM 4.0. This impacts an unknown function of the file /admin/edit-user.php. The manipulation results in missing authorization. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.

Vendor: phpgurukul
Product: small_crm
Published: Dec 31, 2025
Source: NVD
CVE-2025-15389 HIGH - 8.8

VPN Firewall developed by QNO Technology has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server.

Published: Dec 31, 2025
Source: NVD
CVE-2025-62992 HIGH - 8.1

Cross-Site Request Forgery (CSRF) vulnerability in Everest themes Everest Backup allows Path Traversal.This issue affects Everest Backup: from n/a through 2.3.9.

Vendor: everestthemes
Product: everest_backup
Published: Dec 31, 2025
Source: NVD
CVE-2025-49028 HIGH - 7.1

Cross-Site Request Forgery (CSRF) vulnerability in Zoho Mail Zoho ZeptoMail allows Stored XSS.This issue affects Zoho ZeptoMail: from n/a through 3.3.1.

Published: Dec 31, 2025
Source: NVD
CVE-2025-15388 HIGH - 8.8

VPN Firewall developed by QNO Technology has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server.

Published: Dec 31, 2025
Source: NVD
CVE-2025-15387 HIGH - 8.8

VPN Firewall developed by QNO Technology has a Insufficient Entropy vulnerability, allowing unauthenticated remote attackers to obtain any logged-in user session through brute-force attacks and subsequently log into the system.

Published: Dec 31, 2025
Source: NVD
CVE-2025-15280 HIGH - 8.8

FontForge SFD File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or ope...

Vendor: fontforge
Product: fontforge
Published: Dec 31, 2025
Source: NVD
CVE-2025-15279 HIGH - 7.8

FontForge GUtils BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a ma...

Vendor: fontforge
Product: fontforge
Published: Dec 31, 2025
Source: NVD
CVE-2025-15278 HIGH - 7.8

FontForge GUtils XBM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious pa...

Vendor: fontforge
Product: fontforge
Published: Dec 31, 2025
Source: NVD
CVE-2025-15277 HIGH - 7.8

FontForge GUtils SGI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a ma...

Vendor: fontforge
Product: fontforge
Published: Dec 31, 2025
Source: NVD
CVE-2025-15276 HIGH - 7.8

FontForge SFD File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a ma...

Vendor: fontforge
Product: fontforge
Published: Dec 31, 2025
Source: NVD
CVE-2025-15275 HIGH - 8.8

FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious...

Vendor: fontforge
Product: fontforge
Published: Dec 31, 2025
Source: NVD
CVE-2025-15274 HIGH - 8.8

FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious...

Vendor: fontforge
Product: fontforge
Published: Dec 31, 2025
Source: NVD
CVE-2025-15273 HIGH - 8.8

FontForge PFB File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a maliciou...

Vendor: fontforge
Product: fontforge
Published: Dec 31, 2025
Source: NVD
CVE-2025-15272 HIGH - 8.8

FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious...

Vendor: fontforge
Product: fontforge
Published: Dec 31, 2025
Source: NVD