Total CVEs

142,714

Critical Severity

4,025

High Severity

14,400

Last 7 Days

1,388
Quick preset (or use dates below)
Clear Filters
Showing 14,221 - 14,240 of 14,400 CVEs
CVE-2025-15284 HIGH - 7.5

Improper Input Validation vulnerability in qs (parse modules) allows HTTP DoS.This issue affects qs: < 6.14.1. SummaryThe arrayLimit option in qs does not enforce limits for bracket notation (a[]=1&a[]=2), allowing attackers to cause denial-of-service via memory exhaustion. Applications usi...

Published: Dec 29, 2025
Source: NVD
CVE-2025-15205 HIGH - 8.8

A vulnerability was identified in code-projects Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /download.php. The manipulation of the argument istore_id leads to sql injection. The attack can be initiated remotely. The exploit is publicly a...

Vendor: fabian
Product: student_file_management_system
Published: Dec 29, 2025
Source: NVD
CVE-2024-25183 HIGH - 7.5

givanz VvvebJs 1.7.2 is vulnerable to Directory Traversal via scan.php.

Vendor: vvveb
Product: vvvebjs
Published: Dec 29, 2025
Source: NVD
CVE-2024-30855 HIGH - 8.8

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /src/dede/makehtml_list_action.php.

Vendor: dedecms
Product: dedecms
Published: Dec 29, 2025
Source: NVD
CVE-2025-67255 HIGH - 8.8

In NagiosXI 2026R1.0.1 build 1762361101, Dashboard parameters lack proper filtering, allowing any authenticated user to exploit a SQL Injection vulnerability.

Vendor: nagios
Product: nagios_xi
Published: Dec 29, 2025
Source: NVD
CVE-2025-67254 HIGH - 7.5

NagiosXI 2026R1.0.1 build 1762361101 is vulnerable to Directory Traversal in /admin/coreconfigsnapshots.php.

Vendor: nagios
Product: nagios_xi
Published: Dec 29, 2025
Source: NVD
CVE-2025-15199 HIGH - 8.8

A security vulnerability has been detected in code-projects College Notes Uploading System 1.0. Impacted is an unknown function of the file /dashboard/userprofile.php. The manipulation of the argument image leads to unrestricted upload. Remote exploitation of the attack is possible. The exploit has ...

Vendor: code-projects
Product: college_notes_uploading_system
Published: Dec 29, 2025
Source: NVD
CVE-2025-13592 HIGH - 7.2

The Advanced Ads plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.0.14 via the 'change-ad__content' shortcode parameter. This allows authenticated attackers with editor-level permissions or above, to execute code on the server.

Published: Dec 29, 2025
Source: NVD
CVE-2025-68861 HIGH - 7.1

Missing Authorization vulnerability in Plugin Optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Plugin Optimizer: from n/a through 1.3.7.

Published: Dec 29, 2025
Source: NVD
CVE-2025-66877 HIGH - 7.5

Buffer overflow vulnerability in function dcputchar in decompile.c in libming 0.4.8.

Vendor: libming
Product: libming
Published: Dec 29, 2025
Source: NVD
CVE-2025-55061 HIGH - 8.8

CWE-434 Unrestricted Upload of File with Dangerous Type

Published: Dec 29, 2025
Source: NVD
CVE-2025-68870 HIGH - 7.5

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in reDim GmbH CookieHint WP allows PHP Local File Inclusion.This issue affects CookieHint WP: from n/a through 1.0.0.

Published: Dec 29, 2025
Source: NVD
CVE-2025-66869 HIGH - 7.5

Buffer overflow vulnerability in function strcat in asan_interceptors.cpp in libming 0.4.8.

Vendor: libming
Product: libming
Published: Dec 29, 2025
Source: NVD
CVE-2025-66866 HIGH - 7.5

An issue was discovered in function d_abi_tags in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.

Vendor: gnu
Product: binutils
Published: Dec 29, 2025
Source: NVD
CVE-2025-66865 HIGH - 7.5

An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.

Vendor: gnu
Product: binutils
Published: Dec 29, 2025
Source: NVD
CVE-2025-66864 HIGH - 7.5

An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.

Vendor: gnu
Product: binutils
Published: Dec 29, 2025
Source: NVD
CVE-2025-66863 HIGH - 7.5

An issue was discovered in function d_discriminator in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.

Vendor: gnu
Product: binutils
Published: Dec 29, 2025
Source: NVD
CVE-2025-66862 HIGH - 7.5

A buffer overflow vulnerability in function gnu_special in file cplus-dem.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.

Vendor: gnu
Product: binutils
Published: Dec 29, 2025
Source: NVD
CVE-2025-15197 HIGH - 7.2

A security flaw has been discovered in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. This vulnerability affects unknown code of the file /admin/editposts.php. Performing manipulation of the argument image results in unrestricted upload. The attack may be initiated remotely...

Vendor: anirbandutta
Product: news-buzz
Published: Dec 29, 2025
Source: NVD
CVE-2025-69200 HIGH - 7.5

phpMyFAQ is an open source FAQ web application. In versions prior to 4.0.16, an unauthenticated remote attacker can trigger generation of a configuration backup ZIP via `POST /api/setup/backup` and then download the generated ZIP from a web-accessible location. The ZIP contains sensitive configurati...

Vendor: phpmyfaq
Product: phpmyfaq
Published: Dec 29, 2025
Source: NVD