17282 Total CVEs
8582 AI Analyzed
264 CISA KEV
3488 Critical
All Vendors
Showing 12001-12050 of 17282 CVEs Page 241 of 346
CVE-2025-53220
Analyzed
7.1
XmasB XmasB Quotes Multiple Products

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in XmasB XmasB Quotes allows Reflected XSS

2025-08-28
CVE-2025-53216
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeUniver Glamer allows PHP...

2025-08-28
CVE-2025-53215
Analyzed
7.1
Unknown Multiple Products

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8bitkid Yahoo! WebPlayer allows Reflected XSS

2025-08-28
CVE-2025-53213
Analyzed
9.9
Unknown Multiple Products

Unrestricted Upload of File with Dangerous Type vulnerability in ELEXtensions ReachShip WooCommerce Multi-Carrier & Conditional Shipping allows Using...

2025-08-20
CVE-2025-53212
7.1
LambertGroup Multiple Products

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Revolution Video Player With Bottom...

2025-08-20
CVE-2025-53210
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in bdthemes ZoloBlocks allows PH...

2025-08-20
CVE-2025-53209
Analyzed
9.8
WordPress Masteriyo LMS PRO

Themeisle Masteriyo LMS PRO contains an incorrect privilege assignment vulnerability, allowing unauthenticated attackers to escalate their privileges...

2026-06-03
CVE-2025-53208
7.5
Unknown Multiple Products

Authorization Bypass Through User-Controlled Key vulnerability in paymayapg Maya Business allows Accessing Functionality Not Properly Constrained by A...

2025-08-20
CVE-2025-53207
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Travel WP Travel Gutenberg...

2025-08-20
CVE-2025-53205
7.1
LambertGroup Radio Multiple Products

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Radio Player Shoutcast & Icecast al...

2025-08-20
CVE-2025-53204
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme eventlist allows PHP...

2025-08-20
CVE-2025-53201
7.1
NooTheme Jobmonster Multiple Products

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme Jobmonster allows Reflected XSS

2025-08-20
CVE-2025-53198
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in favethemes Houzez allows PHP...

2025-08-20
CVE-2025-53194
8.5
Template Multiple Products

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Crocoblock JetEngine allows Code Injection

2025-08-20
CVE-2025-53192
Analyzed
8.8
Apache Multiple Products

** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Expression/Command Delimiters vulnerability in Apache Commons OGNL

2025-08-19
CVE-2025-53191
7.7
Unknown Multiple Products

Missing Authentication for Critical Function vulnerability in ABB Aspect

2025-08-11
CVE-2025-53190
7
ABB Multiple Products

A vulnerability in ABB Aspect

2025-08-11
CVE-2025-5319
Analyzed
9.8
Infor DIGITA Efficiency Management System

The DIGITA Efficiency Management System is vulnerable to a critical SQL Injection flaw. An unauthenticated attacker can execute arbitrary SQL commands...

2026-02-04
CVE-2025-53189
7
Authorization Multiple Products

Authorization Bypass Through User-Controlled Key vulnerability in ABB Aspect

2025-08-11
CVE-2025-53188
7
ABB Insufficiently Multiple Products

Insufficiently Protected Credentials vulnerability in ABB Aspect

2025-08-11
CVE-2025-53187
7
Unknown Multiple Products

Improper Control of Generation of Code ('Code Injection') vulnerability in ABB ASPECT

2025-08-11
CVE-2025-53155
7.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to elevate privileges locally

2025-08-12
CVE-2025-53154
7.8
Microsoft Multiple Products

Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally

2025-08-12
CVE-2025-53152
7.8
Microsoft Multiple Products

Use after free in Desktop Windows Manager allows an authorized attacker to execute code locally

2025-08-12
CVE-2025-53151
7.8
Microsoft Multiple Products

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally

2025-08-12
CVE-2025-53150
Analyzed
7.8
Microsoft Multiple Products

Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally

2025-10-14
CVE-2025-53149
7.8
Unknown Multiple Products

Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally

2025-08-12
CVE-2025-53145
8.8
Microsoft Multiple Products

Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network

2025-08-12
CVE-2025-53144
8.8
Microsoft Multiple Products

Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network

2025-08-12
CVE-2025-53143
8.8
Microsoft Multiple Products

Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network

2025-08-12
CVE-2025-53141
7.8
Microsoft Multiple Products

Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally

2025-08-12
CVE-2025-53133
7.8
Microsoft Multiple Products

Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally

2025-08-12
CVE-2025-53132
8
Microsoft Multiple Products

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to...

2025-08-12
CVE-2025-53131
Analyzed
8.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network

2025-08-12
CVE-2025-53120
Analyzed
9.4
Unknown Multiple Products

A path traversal vulnerability in unauthenticated upload functionality allows a malicious actor to upload binaries and scripts to the server’s configu...

2025-08-25
CVE-2025-53119
7.5
Unknown Multiple Products

An unauthenticated unrestricted file upload vulnerability allows an attacker to upload malicious binaries and scripts to the server

2025-08-25
CVE-2025-53118
Analyzed
9.8
Unknown Multiple Products

An authentication bypass vulnerability exists which allows an unauthenticated attacker to control administrator backup functions, leading to compromis...

2025-08-25
CVE-2025-53107
7.5
Unknown Multiple Products

@cyanheads/git-mcp-server is an MCP server designed to interact with Git repositories

2025-07-06
CVE-2025-53105
7.5
Unknown Multiple Products

GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk fe...

2025-08-27
CVE-2025-53104
9.1
Unknown Multiple Products

gluestack-ui is a library of copy-pasteable components & patterns crafted with Tailwind CSS (NativeWind). Prior to commit e6b4271, a command injection...

2025-07-06
CVE-2025-53101
7.4
ImageMagick Multiple Products

ImageMagick is free and open-source software used for editing and manipulating digital images

2025-07-14
CVE-2025-53095
9.6
Unknown Multiple Products

Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.628.4510, the web UI of Sunshine lacks protection against Cross-Site R...

2025-07-06
CVE-2025-53085
Analyzed
8.8
Adobe Multiple Products

A memory corruption vulnerability exists in the PSD RLE Decoding functionality of the SAIL Image Decoding Library v0

2025-08-25
CVE-2025-53084
Analyzed
9
Unknown Multiple Products

A cross-site scripting (xss) vulnerability exists in the videosList page parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A...

2025-07-25
CVE-2025-53080
7.1
Samsung Multiple Products

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Samsung DMS(Data Management Server) allows authenticated attackers t...

2025-07-29
CVE-2025-53078
Analyzed
8
Samsung Multiple Products

Deserialization of Untrusted Data in Samsung DMS(Data Management Server) allows attackers to execute arbitrary code via write file to system

2025-07-29
CVE-2025-53076
Analyzed
9.8
Samsung Multiple Products

Improper Input Validation vulnerability in Samsung Open Source rLottie allows Overread Buffers.This issue affects rLottie: V0.2.

2025-07-06
CVE-2025-53074
9.1
Samsung Multiple Products

Out-of-bounds Read vulnerability in Samsung Open Source rLottie allows Overflow Buffers.This issue affects rLottie: V0.2.

2025-07-06
CVE-2025-53072
Analyzed
9.8
Oracle Multiple Products

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected...

2025-10-21
CVE-2025-53066
Analyzed
7.5
Oracle Multiple Products

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP)

2025-10-21