Search
31,034 CVEs · Critical severity
CVEs (31,034, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 251–275 of 31,034 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2025-5243 | CRITICAL | Patched | 10.0 | 2025-07-24 | Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SMG Software In… |
| CVE-2025-41240 | CRITICAL | 10.0 | 2025-07-24 | Three Bitnami Helm charts mount Kubernetes Secrets under a predictable path (/opt/bitnami/*/secrets) that is located within the web server document root. In affected versio… | |
| CVE-2025-4285 | CRITICAL | Patched | 10.0 | 2025-07-22 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rolantis Information Technologies Agentis allows SQL Injection. This … |
| CVE-2025-54122 | CRITICAL | Patched | 10.0 | 2025-07-21 | Manager-io/Manager is accounting software. A critical unauthenticated full read Server-Side Request Forgery (SSRF) vulnerability has been identified in the proxy handler co… |
| CVE-2025-20337 | CRITICAL | 10.0 | 2025-07-16 | A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating syste… | |
| CVE-2025-53833 | CRITICAL | Patched | 10.0 | 2025-07-14 | LaRecipe is an application that allows users to create documentation with Markdown inside a Laravel app. Versions prior to 2.8.1 are vulnerable to Server-Side Template Inje… |
| CVE-2025-47812 | CRITICAL | Patched | 10.0 | 2025-07-10 | In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This c… |
| CVE-2025-53624 | CRITICAL | Patched | 10.0 | 2025-07-09 | The Docusaurus gists plugin adds a page to your Docusaurus instance, displaying all public gists of a GitHub user. docusaurus-plugin-content-gists versions prior to 4.0.0 a… |
| CVE-2025-3499 | CRITICAL | 10.0 | 2025-07-09 | The device has two web servers that expose unauthenticated REST APIs on the management network (TCP ports 8084 and 8086). Exploiting OS command injection through these APIs… | |
| CVE-2025-41672 | CRITICAL | 10.0 | 2025-07-07 | A remote unauthenticated attacker may use default certificates to generate JWT Tokens and gain full access to the tool and all connected devices. | |
| CVE-2025-20309 | CRITICAL | 10.0 | 2025-07-02 | A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an una… | |
| CVE-2025-41656 | CRITICAL | 10.0 | 2025-07-01 | An unauthenticated remote attacker can run arbitrary commands on the affected devices with high privileges because the authentication for the Node_RED server is not configu… | |
| CVE-2025-20282 | CRITICAL | 10.0 | 2025-06-25 | A vulnerability in an internal API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device and then e… | |
| CVE-2025-20281 | CRITICAL | 10.0 | 2025-06-25 | A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating syste… | |
| CVE-2025-52572 | CRITICAL | 10.0 | 2025-06-24 | Hikka, a Telegram userbot, has vulnerability affects all users on all versions of Hikka. Two scenarios are possible. 1. Web interface does not have an authenticated session… | |
| CVE-2025-4378 | CRITICAL | Patched | 10.0 | 2025-06-24 | Cleartext Transmission of Sensitive Information, Use of Hard-coded Credentials vulnerability in Ataturk University ATA-AOF Mobile Application allows Authentication Abuse, A… |
| CVE-2025-32975 | CRITICAL | Patched | 10.0 | 2025-06-24 | Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.… |
| CVE-2024-56731 | CRITICAL | Patched | 10.0 | 2025-06-24 | Gogs is an open source self-hosted Git service. Prior to version 0.13.3, it's still possible to delete files under the .git directory and achieve remote command execution d… |
| CVE-2025-52562 | CRITICAL | Patched | 10.0 | 2025-06-23 | Convoy is a KVM server management panel for hosting businesses. In versions 3.9.0-rc3 to before 4.4.1, there is a directory traversal vulnerability in the LocaleController … |
| CVE-2025-2828 | CRITICAL | Patched | 10.0 | 2025-06-23 | A Server-Side Request Forgery (SSRF) vulnerability exists in the RequestsToolkit component of the langchain-community package (specifically, langchain_community.agent_toolk… |
| CVE-2025-6512 | CRITICAL | 10.0 | 2025-06-23 | On a client with a non-admin user, a script can be integrated into a report. The reports could later be executed on the BRAIN2 server with administrator rights. | |
| CVE-2025-49132 | CRITICAL | Patched | 10.0 | 2025-06-20 | Pterodactyl is a free, open-source game server management panel. Prior to version 1.11.11, using the /locales/locale.json with the locale and namespace query parameters, a … |
| CVE-2025-49447 | CRITICAL | 10.0 | 2025-06-17 | Unrestricted Upload of File with Dangerous Type vulnerability in Fastw3b LLC FW Food Menu allows Using Malicious Files. This issue affects FW Food Menu : from n/a through 6.0.0. | |
| CVE-2025-29902 | CRITICAL | 10.0 | 2025-06-13 | Remote code execution that allows unauthorized users to execute arbitrary code on the server machine. | |
| CVE-2025-45854 | CRITICAL | Patched | 10.0 | 2025-06-03 | /server/executeExec of JEHC-BPM 2.0.1 allows attackers to execute arbitrary code via execParams. |