Search
31,034 CVEs · Critical severity
CVEs (31,034, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 226–250 of 31,034 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2025-59528 | CRITICAL | Patched | 10.0 | 2025-09-22 | Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, Flowise is vulnerable to remote code execution. The CustomMCP nod… |
| CVE-2025-10035 | CRITICAL | Patched | 10.0 | 2025-09-18 | A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged license response signature to deserialize an arbitra… |
| CVE-2025-41243 | CRITICAL | 10.0 | 2025-09-16 | Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification. An application should be considered vulnerable when all the following ar… | |
| CVE-2025-10264 | CRITICAL | 10.0 | 2025-09-12 | Certain models of NVR developed by Digiever has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remoter attackers to access the system configur… | |
| CVE-2025-58321 | CRITICAL | Patched | 10.0 | 2025-09-11 | Delta Electronics DIALink has an Directory Traversal Authentication Bypass Vulnerability. |
| CVE-2025-55730 | CRITICAL | 10.0 | 2025-09-09 | XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing esc… | |
| CVE-2025-55727 | CRITICAL | Patched | 10.0 | 2025-09-09 | XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing esc… |
| CVE-2025-55728 | CRITICAL | Patched | 10.0 | 2025-09-09 | XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing esc… |
| CVE-2025-55729 | CRITICAL | 10.0 | 2025-09-09 | XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing esc… | |
| CVE-2025-55051 | CRITICAL | 10.0 | 2025-09-09 | CWE-1392: Use of Default Credentials | |
| CVE-2025-54261 | CRITICAL | 10.0 | 2025-09-09 | ColdFusion versions 2025.3, 2023.15, 2021.21 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability tha… | |
| CVE-2025-42944 | CRITICAL | 10.0 | 2025-09-09 | Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting malicious payload to a… | |
| CVE-2025-54914 | CRITICAL | 10.0 | 2025-09-04 | Azure Networking Elevation of Privilege Vulnerability | |
| CVE-2025-55241 | CRITICAL | 10.0 | 2025-09-04 | Azure Entra ID Elevation of Privilege Vulnerability | |
| CVE-2022-31491 | CRITICAL | Patched | 10.0 | 2025-08-22 | Voltronic Power ViewPower through 1.04-24215, ViewPower Pro through 2.0-22165, and PowerShield Netguard before 1.04-23292 allows a remote attacker to run arbitrary code via… |
| CVE-2025-43300 | CRITICAL | Patched | 10.0 | 2025-08-21 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 and iPadOS 16.7.12, iOS 18.6.2 an… |
| CVE-2025-49410 | CRITICAL | 10.0 | 2025-08-20 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Imran Emu TC Testimonials allows Stored XSS. This issue affects TC Tes… | |
| CVE-2025-49408 | CRITICAL | 10.0 | 2025-08-20 | Insertion of Sensitive Information Into Sent Data vulnerability in WPDeveloper Templately allows Retrieve Embedded Sensitive Data. This issue affects Templately: from n/a t… | |
| CVE-2025-50567 | CRITICAL | 10.0 | 2025-08-19 | Saurus CMS Community Edition 4.7.1 contains a vulnerability in the custom DB::prepare() function, which uses preg_replace() with the deprecated /e (eval) modifier to interp… | |
| CVE-2025-20265 | CRITICAL | 10.0 | 2025-08-14 | A vulnerability in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to inject a… | |
| CVE-2025-53767 | CRITICAL | 10.0 | 2025-08-07 | Azure OpenAI Elevation of Privilege Vulnerability | |
| CVE-2025-54253 | CRITICAL | Patched | 10.0 | 2025-08-05 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could lever… |
| CVE-2025-54119 | CRITICAL | Patched | 10.0 | 2025-08-05 | ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. In versions 5.22.9 and below, improper escaping of a query p… |
| CVE-2025-54419 | CRITICAL | Patched | 10.0 | 2025-07-28 | A SAML library not dependent on any frameworks that runs in Node. In version 5.0.1, Node-SAML loads the assertion from the (unsigned) original response document. This is di… |
| CVE-2025-5120 | CRITICAL | Patched | 10.0 | 2025-07-27 | A sandbox escape vulnerability was identified in huggingface/smolagents version 1.14.0, allowing attackers to bypass the restricted execution environment and achieve remote… |