Search
31,034 CVEs · Critical severity
CVEs (31,034, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 251–275 of 31,034 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↑ | Published | Description |
|---|---|---|---|---|---|
| CVE-2024-30226 | CRITICAL | Patched | 9.0 | 2024-03-28 | Deserialization of Untrusted Data vulnerability in WPDeveloper BetterDocs.This issue affects BetterDocs: from n/a through 3.3.3. |
| CVE-2024-30227 | CRITICAL | 9.0 | 2024-03-28 | Deserialization of Untrusted Data vulnerability in INFINITUM FORM Geo Controller.This issue affects Geo Controller: from n/a through 8.6.4. | |
| CVE-2023-38388 | CRITICAL | Patched | 9.0 | 2024-03-26 | Unrestricted Upload of File with Dangerous Type vulnerability in Artbees JupiterX Core.This issue affects JupiterX Core: from n/a through 3.3.5. |
| CVE-2024-29185 | CRITICAL | Patched | 9.0 | 2024-03-22 | FreeScout is a self-hosted help desk and shared mailbox. Versions prior to 1.8.128 are vulnerable to OS Command Injection in the /public/tools.php source file. The value of… |
| CVE-2024-29385 | CRITICAL | Patched | 9.0 | 2024-03-22 | DIR-845L router <= v1.01KRb03 has an Unauthenticated remote code execution vulnerability in the cgibin binary via soapcgi_main function. |
| CVE-2024-28179 | CRITICAL | Patched | 9.0 | 2024-03-20 | Jupyter Server Proxy allows users to run arbitrary external processes alongside their Jupyter notebook servers and provides authenticated web access. Prior to versions 3.2.… |
| CVE-2024-29027 | CRITICAL | Patched | 9.0 | 2024-03-19 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 6.5.5 and 7.0.0-alpha.29, calling an invalid Parse… |
| CVE-2024-2636 | CRITICAL | 9.0 | 2024-03-19 | An Unrestricted Upload of File vulnerability has been found on Cegid Meta4 HR, that allows an attacker to upload malicios files to the server via '/config/espanol/update_p… | |
| CVE-2024-28175 | CRITICAL | Patched | 9.0 | 2024-03-13 | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Due to the improper URL protocols filtering of links specified in the `link.argocd.argoproj.io` an… |
| CVE-2024-21400 | CRITICAL | Patched | 9.0 | 2024-03-12 | Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability |
| CVE-2024-2005 | CRITICAL | Patched | 9.0 | 2024-03-06 | In Blue Planet® products through 22.12, a misconfiguration in the SAML implementation allows for privilege escalation. Only products using SAML authentication are affecte… |
| CVE-2023-50735 | CRITICAL | 9.0 | 2024-02-28 | A heap corruption vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbit… | |
| CVE-2023-50736 | CRITICAL | 9.0 | 2024-02-28 | A memory corruption vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arb… | |
| CVE-2023-50734 | CRITICAL | 9.0 | 2024-02-28 | A buffer overflow vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbit… | |
| CVE-2023-46241 | CRITICAL | Patched | 9.0 | 2024-02-21 | `discourse-microsoft-auth` is a plugin that enables authentication via Microsoft. On sites with the `discourse-microsoft-auth` plugin enabled, an attack can potentially tak… |
| CVE-2023-47795 | CRITICAL | Patched | 9.0 | 2024-02-21 | Stored cross-site scripting (XSS) vulnerability in the Document and Media widget in Liferay Portal 7.4.3.18 through 7.4.3.101, and Liferay DXP 2023.Q3 before patch 6, and 7… |
| CVE-2024-25603 | CRITICAL | Patched | 9.0 | 2024-02-21 | Stored cross-site scripting (XSS) vulnerability in the Dynamic Data Mapping module's DDMForm in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Li… |
| CVE-2024-26266 | CRITICAL | Patched | 9.0 | 2024-02-21 | Multiple stored cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.2.0 through 7.4.3.13, and older unsupported versions, and Liferay DXP 7.4 before update 10, 7… |
| CVE-2023-40191 | CRITICAL | Patched | 9.0 | 2024-02-21 | Reflected cross-site scripting (XSS) vulnerability in the instance settings for Accounts in Liferay Portal 7.4.3.44 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 6… |
| CVE-2024-25601 | CRITICAL | Patched | 9.0 | 2024-02-21 | Stored cross-site scripting (XSS) vulnerability in Expando module's geolocation custom fields in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Lif… |
| CVE-2024-25602 | CRITICAL | Patched | 9.0 | 2024-02-21 | Stored cross-site scripting (XSS) vulnerability in Users Admin module's edit user page in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DX… |
| CVE-2024-25152 | CRITICAL | Patched | 9.0 | 2024-02-21 | Stored cross-site scripting (XSS) vulnerability in Message Board widget in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before se… |
| CVE-2024-25610 | CRITICAL | Patched | 9.0 | 2024-02-20 | In Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 before update 4, 7.2 before fix pack 19, and older unsupp… |
| CVE-2023-6260 | CRITICAL | Patched | 9.0 | 2024-02-19 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Brivo ACS100, ACS300 allows OS Command Injection, Bypassing Phys… |
| CVE-2024-21915 | CRITICAL | Patched | 9.0 | 2024-02-16 | A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform (FTSP). If exploited, a malicious user with basic user group privileges co… |