Search
31,141 CVEs · Critical severity
CVEs (31,141, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 276–300 of 31,141 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↑ | Published | Description |
|---|---|---|---|---|---|
| CVE-2023-40057 | CRITICAL | Patched | 9.0 | 2024-02-15 | The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to … |
| CVE-2024-21403 | CRITICAL | 9.0 | 2024-02-13 | Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability | |
| CVE-2024-21376 | CRITICAL | 9.0 | 2024-02-13 | Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability | |
| CVE-2024-23724 | CRITICAL | Patched | 9.0 | 2024-02-11 | Ghost through 5.76.0 allows stored XSS, and resultant privilege escalation in which a contributor can take over any account, via an SVG profile picture that contains JavaSc… |
| CVE-2023-45025 | CRITICAL | 9.0 | 2024-02-02 | An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute comma… | |
| CVE-2024-23630 | CRITICAL | 9.0 | 2024-01-26 | An arbitrary firmware upload vulnerability exists in the Motorola MR2600. An attacker can exploit this vulnerability to achieve code execution on the device. Authenticati… | |
| CVE-2024-23627 | CRITICAL | 9.0 | 2024-01-26 | A command injection vulnerability exists in the 'SaveStaticRouteIPv4Params' parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve co… | |
| CVE-2024-23628 | CRITICAL | 9.0 | 2024-01-26 | A command injection vulnerability exists in the 'SaveStaticRouteIPv6Params' parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve … | |
| CVE-2024-23626 | CRITICAL | 9.0 | 2024-01-26 | A command injection vulnerability exists in the ‘SaveSysLogParams’ parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command e… | |
| CVE-2024-22206 | CRITICAL | Patched | 9.0 | 2024-01-12 | Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. … |
| CVE-2023-31024 | CRITICAL | Patched | 9.0 | 2024-01-12 | NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause stack memory corruption by sending a specially crafted netw… |
| CVE-2023-47861 | CRITICAL | 9.0 | 2024-01-10 | A cross-site scripting (xss) vulnerability exists in the channelBody.php user name functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted H… | |
| CVE-2023-50982 | CRITICAL | Patched | 9.0 | 2024-01-08 | Stud.IP 5.x through 5.3.3 allows XSS with resultant upload of executable files, because upload_action and edit_action in Admin_SmileysController do not check the file exten… |
| CVE-2023-39157 | CRITICAL | Patched | 9.0 | 2023-12-31 | Improper Control of Generation of Code ('Code Injection') vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a throu… |
| CVE-2023-52139 | CRITICAL | Patched | 9.0 | 2023-12-29 | Misskey is an open source, decentralized social media platform. Third-party applications may be able to access some endpoints or Websocket APIs that are incorrectly specifi… |
| CVE-2023-51412 | CRITICAL | Patched | 9.0 | 2023-12-29 | Unrestricted Upload of File with Dangerous Type vulnerability in Piotnet Piotnet Forms.This issue affects Piotnet Forms: from n/a through 1.0.25. |
| CVE-2023-6879 | CRITICAL | Patched | 9.0 | 2023-12-27 | Increasing the resolution of video frames, while performing a multi-threaded encode, can result in a heap overflow in av1_loop_restoration_dealloc(). |
| CVE-2023-45603 | CRITICAL | Patched | 9.0 | 2023-12-20 | Unrestricted Upload of File with Dangerous Type vulnerability in Jeff Starr User Submitted Posts – Enable Users to Submit Posts from the Front End.This issue affects User S… |
| CVE-2023-4020 | CRITICAL | Patched | 9.0 | 2023-12-15 | An unvalidated input in a library function responsible for communicating between secure and non-secure memory in Silicon Labs TrustZone implementation allows reading/writin… |
| CVE-2023-48692 | CRITICAL | Patched | 9.0 | 2023-12-05 | Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to m… |
| CVE-2023-48240 | CRITICAL | Patched | 9.0 | 2023-11-20 | XWiki Platform is a generic wiki platform. The rendered diff in XWiki embeds images to be able to compare the contents and not display a difference for an actually unchange… |
| CVE-2023-31247 | CRITICAL | 9.0 | 2023-11-14 | A memory corruption vulnerability exists in the HTTP Server Host header parsing functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can le… | |
| CVE-2023-27882 | CRITICAL | 9.0 | 2023-11-14 | A heap-based buffer overflow vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can… | |
| CVE-2023-28379 | CRITICAL | 9.0 | 2023-11-14 | A memory corruption vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to … | |
| CVE-2023-28391 | CRITICAL | 9.0 | 2023-11-14 | A memory corruption vulnerability exists in the HTTP Server header parsing functionality of Weston Embedded uC-HTTP v3.01.01. Specially crafted network packets can lead to … |