17282 Total CVEs
8582 AI Analyzed
264 CISA KEV
3488 Critical
All Vendors
Showing 12501-12550 of 17282 CVEs Page 251 of 346
CVE-2025-49034
7.6
FunnelKit Funnel Multiple Products

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Funnel Builder by FunnelKit allows SQL...

2025-07-16
CVE-2025-49033
8.5
Metagauss ProfileGrid Multiple Products

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid allows Blind SQL Injectio...

2025-08-14
CVE-2025-49031
7.1
Stefan Multiple Products

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stefan M

2025-07-16
CVE-2025-49029
9.1
Unknown Multiple Products

Improper Control of Generation of Code ('Code Injection') vulnerability in bitto.Kazi Custom Login And Signup Widget allows Code Injection.This issue...

2025-07-06
CVE-2025-49028
7.1
Zoho Mail Zoho Multiple Products

Cross-Site Request Forgery (CSRF) vulnerability in Zoho Mail Zoho ZeptoMail allows Stored XSS

2026-01-01
CVE-2025-48989
7.5
Apache Multiple Products

Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack

2025-08-14
CVE-2025-48986
8.8
Revive Multiple Products

Authorization bypass in Revive Adserver 5

2025-11-20
CVE-2025-48984
Analyzed
8.8
Backup Multiple Products

A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user

2025-10-31
CVE-2025-48983
Analyzed
9.9
Unknown Multiple Products

A vulnerability in the Mount service of Veeam Backup & Replication, which allows for remote code execution (RCE) on the Backup infrastructure hosts by...

2025-10-31
CVE-2025-48982
Analyzed
7.3
Microsoft Multiple Products

This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation if a system administrator is tricked into restoring a ma...

2025-10-31
CVE-2025-48981
8.6
Unknown Multiple Products

An insecure implementation of the proprietary protocol DNET in Product CGM MEDICO allows attackers within the intranet to eavesdrop and manipulate dat...

2025-10-08
CVE-2025-48978
7.5
Unknown Multiple Products

An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1

2025-08-21
CVE-2025-48963
Analyzed
7.3
Unknown Multiple Products

Local privilege escalation due to improper soft link handling

2025-08-28
CVE-2025-48956
7.5
Unknown Multiple Products

vLLM is an inference and serving engine for large language models (LLMs)

2025-08-21
CVE-2025-48952
9.4
Unknown Multiple Products

NetAlertX is a network, presence scanner, and alert framework. Prior to version 25.6.7, a vulnerability in the authentication logic allows users to by...

2025-07-06
CVE-2025-48928
KEV Analyzed
9.5
TeleMessage TM SGNL

TeleMessage TM SGNL Exposure of Core Dump File to an Unauthorized Control Sphere Vulnerability - Recently added to CISA KEV.

2025-07-05
CVE-2025-48927
KEV Analyzed
9.5
TeleMessage TM SGNL

TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability - Recently added to CISA KEV.

2025-07-05
CVE-2025-48913
Analyzed
9.8
Apache Multiple Products

If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capa...

2025-08-08
CVE-2025-48891
7.6
Unknown Multiple Products

A vulnerability exists in Advantech iView that could allow for SQL injection through the CUtils

2025-07-11
CVE-2025-48869
7.5
Horilla Multiple Products

Horilla is a free and open source Human Resource Management System (HRMS)

2025-09-24
CVE-2025-48868
7.2
Horilla Multiple Products

Horilla is a free and open source Human Resource Management System (HRMS)

2025-09-24
CVE-2025-48860
8
Unknown Multiple Products

A vulnerability in the web application of the ctrlX OS setup mechanism facilitated an authenticated (low privileged) attacker to gain remote access to...

2025-08-14
CVE-2025-48826
8.8
Unknown Multiple Products

A format string vulnerability exists in the formPingCmd functionality of Planet WGR-500 v1

2025-10-07
CVE-2025-48824
8.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network

2025-07-08
CVE-2025-48822
8.6
Microsoft Multiple Products

Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally

2025-07-08
CVE-2025-48817
8.8
Unknown Multiple Products

Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network

2025-07-08
CVE-2025-48733
7.5
DuraComm Multiple Products

DuraComm SPM-500 DP-10iN-100-MU lacks access controls for a function that should require user authentication

2025-07-23
CVE-2025-48732
7.3
Unknown Multiple Products

An incomplete blacklist exists in the

2025-07-25
CVE-2025-48725
8.1
QNAP operating system

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions

2026-02-12
CVE-2025-48724
8.1
Unknown Multiple Products

A buffer overflow vulnerability has been reported to affect Qsync Central

2026-02-12
CVE-2025-48723
8.1
Unknown Multiple Products

A buffer overflow vulnerability has been reported to affect Qsync Central

2026-02-12
CVE-2025-48707
7.5
Unknown Multiple Products

An issue was discovered in Stormshield Network Security (SNS) before 5

2025-09-26
CVE-2025-48704
7.5
Pexip Multiple Products

Pexip Infinity 35

2025-12-26
CVE-2025-48703
KEV Analyzed
9
CWP Multiple Products

CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1205 allows unauthenticated remote code execution via shell metacharacters in the t_total...

2025-09-19
CVE-2025-48700
KEV
9.5
Synacor Zimbra Collaboration Suite (ZCS)

Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability - Active in CISA KEV catalog.

2026-04-21
CVE-2025-48654
7.8
Unknown Multiple Products

In onStart of CompanionDeviceManagerService

2026-03-04
CVE-2025-48653
7.8
Unknown Multiple Products

In loadDataAndPostValue of multiple files, there is a possible way to obscure permission usage due to a logic error in the code

2026-03-04
CVE-2025-48650
8.4
Infor Multiple Products

In multiple locations, there is a possible information disclosure due to SQL injection

2026-03-03
CVE-2025-48647
Analyzed
7.8
Google Multiple Products

In cpm_fwtp_msg_handler of cpm/google/lib/tracepoint/cpm_fwtp_ipc

2026-01-17
CVE-2025-48646
7.8
Unknown Multiple Products

In executeRequest of ActivityStarter

2026-03-03
CVE-2025-48645
7.8
Unknown Multiple Products

In loadDescription of DeviceAdminInfo

2026-03-04
CVE-2025-48639
7.3
Unknown Multiple Products

In DefaultTransitionHandler

2025-12-09
CVE-2025-48638
7.8
Unknown Multiple Products

In __pkvm_load_tracing of trace

2025-12-09
CVE-2025-48637
7.8
Unknown Multiple Products

In multiple functions of mem_protect

2025-12-09
CVE-2025-48636
8.4
Unknown Multiple Products

In openFile of BugreportContentProvider

2026-03-03
CVE-2025-48635
7.7
Unknown Multiple Products

In multiple functions of TaskFragmentOrganizerController

2026-03-04
CVE-2025-48634
7.3
Unknown Multiple Products

In relayoutWindow of WindowManagerService

2026-03-04
CVE-2025-48633
KEV Analyzed
9.5
Google Framework

Android Framework Information Disclosure Vulnerability - Active in CISA KEV catalog.

2025-12-03
CVE-2025-48632
7.8
Unknown Multiple Products

In setDisplayName of AssociationRequest

2025-12-09
CVE-2025-48631
7.5
Unknown Multiple Products

In onHeaderDecoded of LocalImageResolver

2025-12-09