Total CVEs

142,750

Critical Severity

4,026

High Severity

14,425

Last 7 Days

1,355
Quick preset (or use dates below)
Clear Filters
Showing 14,361 - 14,380 of 14,425 CVEs
CVE-2018-25140 HIGH - 7.5

FLIR thermal traffic cameras contain an unauthenticated device manipulation vulnerability in their WebSocket implementation that allows attackers to bypass authentication and authorization controls. Attackers can directly modify device configurations, access system information, and potentially initi...

Published: Dec 24, 2025
Source: NVD
CVE-2018-25139 HIGH - 7.5

FLIR AX8 Thermal Camera 1.32.16 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly connect to the RTSP stream using tools like VLC or FFmpeg to view and record thermal camera footage.

Vendor: flir
Product: flir_ax8_firmware
Published: Dec 24, 2025
Source: NVD
CVE-2018-25137 HIGH - 7.5

FLIR Brickstream 3D+ 2.1.742.1842 contains an unauthenticated vulnerability in the ExportConfig REST API that allows attackers to download sensitive configuration files. Attackers can exploit the getConfigExportFile.cgi endpoint to retrieve system configurations, potentially enabling authentication ...

Published: Dec 24, 2025
Source: NVD
CVE-2018-25136 HIGH - 7.5

FLIR Brickstream 3D+ 2.1.742.1842 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can retrieve video stream images by directly accessing multiple image endpoints like middleImage.jpg, rightimage.jpg, and leftimage.jpg...

Published: Dec 24, 2025
Source: NVD
CVE-2018-25131 HIGH - 7.2

Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 contains a stored cross-site scripting vulnerability in the configuration file upload functionality. Attackers can upload a malicious HTML file to that executes arbitrary JavaScript in a user's browser session when viewed.

Published: Dec 24, 2025
Source: NVD
CVE-2018-25129 HIGH - 7.5

SOCA Access Control System 180612 contains multiple insecure direct object reference vulnerabilities that allow attackers to access sensitive user credentials. Attackers can retrieve authenticated and unauthenticated user password hashes and pins through unprotected endpoints like Get_Permissions_Fr...

Published: Dec 24, 2025
Source: NVD
CVE-2018-25128 HIGH - 8.2

SOCA Access Control System 180612 contains multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through unvalidated POST parameters. Attackers can bypass authentication, retrieve password hashes, and gain administrative access with full system privileges by expl...

Published: Dec 24, 2025
Source: NVD
CVE-2025-2515 HIGH - 7.2

A vulnerability was found in BlueChi, a multi-node systemd service controller used in RHIVOS. This flaw allows a user with root privileges on a managed node (qm) to create or override systemd service unit files that affect the host node. This issue can lead to privilege escalation, unauthorized serv...

Published: Dec 24, 2025
Source: NVD
CVE-2025-2155 HIGH - 8.8

Unrestricted Upload of File with Dangerous Type vulnerability in Echo Call Center Services Trade and Industry Inc. Specto CM allows Remote Code Inclusion.This issue affects Specto CM: before 17032025.

Published: Dec 24, 2025
Source: NVD
CVE-2025-68608 HIGH - 8.8

Missing Authorization vulnerability in DeluxeThemes Userpro userpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Userpro: from n/a through <= 5.1.9.

Published: Dec 24, 2025
Source: NVD
CVE-2025-68606 HIGH - 7.5

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPXPO PostX ultimate-post allows Retrieve Embedded Sensitive Data.This issue affects PostX: from n/a through <= 5.0.3.

Published: Dec 24, 2025
Source: NVD
CVE-2025-68603 HIGH - 8.1

Missing Authorization vulnerability in Marketing Fire Editorial Calendar editorial-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Editorial Calendar: from n/a through <= 3.8.8.

Published: Dec 24, 2025
Source: NVD
CVE-2025-68601 HIGH - 8.8

Cross-Site Request Forgery (CSRF) vulnerability in Rustaurius Five Star Restaurant Reservations restaurant-reservations allows Cross Site Request Forgery.This issue affects Five Star Restaurant Reservations: from n/a through <= 2.7.7.

Published: Dec 24, 2025
Source: NVD
CVE-2025-68596 HIGH - 8.8

Missing Authorization vulnerability in Bit Apps Bit Assist bit-assist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bit Assist: from n/a through <= 1.5.11.

Published: Dec 24, 2025
Source: NVD
CVE-2025-68595 HIGH - 8.8

Missing Authorization vulnerability in Trustindex Widgets for Social Photo Feed social-photo-feed-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Widgets for Social Photo Feed: from n/a through <= 1.7.7.

Published: Dec 24, 2025
Source: NVD
CVE-2025-68594 HIGH - 8.1

Missing Authorization vulnerability in Assaf Parag Poll, Survey & Quiz Maker Plugin by Opinion Stage social-polls-by-opinionstage allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll, Survey & Quiz Maker Plugin by Opinion Stage: from n/a through <...

Published: Dec 24, 2025
Source: NVD
CVE-2025-68593 HIGH - 8.8

Missing Authorization vulnerability in Liton Arefin WP Adminify adminify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Adminify: from n/a through <= 4.0.6.1.

Published: Dec 24, 2025
Source: NVD
CVE-2025-68592 HIGH - 8.8

Missing Authorization vulnerability in Liton Arefin WP Adminify adminify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Adminify: from n/a through <= 4.0.6.1.

Published: Dec 24, 2025
Source: NVD
CVE-2025-68591 HIGH - 8.1

Missing Authorization vulnerability in Mitchell Bennis Simple File List simple-file-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple File List: from n/a through <= 6.1.15.

Published: Dec 24, 2025
Source: NVD
CVE-2025-68589 HIGH - 8.1

Missing Authorization vulnerability in WP Socio WP Telegram Widget and Join Link wptelegram-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Telegram Widget and Join Link: from n/a through <= 2.2.11.

Published: Dec 24, 2025
Source: NVD