Search
31,141 CVEs · Critical severity
CVEs (31,141, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 226–250 of 31,141 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↑ | Published | Description |
|---|---|---|---|---|---|
| CVE-2024-3300 | CRITICAL | 9.0 | 2024-05-30 | An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to pre-authentication remote code execution. | |
| CVE-2024-31989 | CRITICAL | Patched | 9.0 | 2024-05-21 | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It has been discovered that an unprivileged pod in a different namespace on the same cluster could… |
| CVE-2024-36053 | CRITICAL | 9.0 | 2024-05-19 | In the mintupload package through 4.2.0 for Linux Mint, service-name mishandling leads to command injection via shell metacharacters in check_connection, drop_data_received… | |
| CVE-2024-31231 | CRITICAL | 9.0 | 2024-05-17 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sizam Design Rehub allows PHP Local File Inclusion.This issue affects Rehub:… | |
| CVE-2023-32297 | CRITICAL | 9.0 | 2024-05-17 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in LWS LWS Affiliation allows PHP Local File Inclusion.This issue affects LWS A… | |
| CVE-2024-2366 | CRITICAL | Patched | 9.0 | 2024-05-16 | A remote code execution vulnerability exists in the parisneo/lollms-webui application, specifically within the reinstall_binding functionality in lollms_core/lollms/server/… |
| CVE-2024-32002 | CRITICAL | Patched | 9.0 | 2024-05-14 | Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that ex… |
| CVE-2024-32964 | CRITICAL | Patched | 9.0 | 2024-05-14 | Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Prior to 0.150.6, lobe-chat had an unauthorized Ser… |
| CVE-2024-28075 | CRITICAL | Patched | 9.0 | 2024-05-14 | The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service res… |
| CVE-2024-0087 | CRITICAL | Patched | 9.0 | 2024-05-14 | NVIDIA Triton Inference Server for Linux contains a vulnerability where a user can set the logging location to an arbitrary file. If this file exists, logs are appended to … |
| CVE-2023-38121 | CRITICAL | Patched | 9.0 | 2024-05-03 | Inductive Automation Ignition OPC UA Quick Client Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary … |
| CVE-2024-32971 | CRITICAL | Patched | 9.0 | 2024-05-02 | Apollo Router is a configurable, graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. The affected versions of Apollo Router contain a … |
| CVE-2024-4142 | CRITICAL | 9.0 | 2024-05-01 | An Improper input validation vulnerability that could potentially lead to privilege escalation was discovered in JFrog Artifactory. Due to this vulnerability, users with l… | |
| CVE-2024-33553 | CRITICAL | Patched | 9.0 | 2024-04-29 | Deserialization of Untrusted Data vulnerability in 8theme XStore Core.This issue affects XStore Core: from n/a through 5.3.5. |
| CVE-2024-22144 | CRITICAL | 9.0 | 2024-04-25 | Improper Control of Generation of Code ('Code Injection') vulnerability in Eli Scheetz Anti-Malware Security and Brute-Force Firewall gotmls allows Code Injection.This issu… | |
| CVE-2024-29021 | CRITICAL | Patched | 9.0 | 2024-04-18 | Judge0 is an open-source online code execution system. The default configuration of Judge0 leaves the service vulnerable to a sandbox escape via Server Side Request Forgery… |
| CVE-2024-31986 | CRITICAL | Patched | 9.0 | 2024-04-10 | XWiki Platform is a generic wiki platform. Starting in version 3.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, by creating a document with a special crafted docu… |
| CVE-2024-20758 | CRITICAL | 9.0 | 2024-04-10 | Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code… | |
| CVE-2024-3119 | CRITICAL | Patched | 9.0 | 2024-04-10 | A buffer overflow vulnerability exists in all versions of sngrep since v0.4.2, due to improper handling of 'Call-ID' and 'X-Call-ID' SIP headers. The functions sip_get_call… |
| CVE-2024-3120 | CRITICAL | Patched | 9.0 | 2024-04-10 | A stack-buffer overflow vulnerability exists in all versions of sngrep since v1.4.1. The flaw is due to inadequate bounds checking when copying 'Content-Length' and 'Warnin… |
| CVE-2024-29990 | CRITICAL | Patched | 9.0 | 2024-04-09 | Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability |
| CVE-2024-25029 | CRITICAL | Patched | 9.0 | 2024-04-06 | IBM Personal Communications 14.0.6 through 15.0.1 includes a Windows service that is vulnerable to remote code execution (RCE) and local privilege escalation (LPE). The vul… |
| CVE-2024-2692 | CRITICAL | 9.0 | 2024-04-04 | SiYuan version 3.0.3 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to Server Side XSS. | |
| CVE-2023-25699 | CRITICAL | Patched | 9.0 | 2024-04-03 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in VideoWhisper.Com VideoWhisper Live Streaming Integration allows … |
| CVE-2024-30223 | CRITICAL | Patched | 9.0 | 2024-03-28 | Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.26. |