Search
31,034 CVEs · Critical severity
CVEs (31,034, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 276–300 of 31,034 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2025-48748 | CRITICAL | Patched | 10.0 | 2025-05-29 | Netwrix Directory Manager (formerly Imanami GroupID) through v.10.0.7784.0 has a hard-coded password. |
| CVE-2025-32440 | CRITICAL | Patched | 10.0 | 2025-05-27 | NetAlertX is a network, presence scanner and alert framework. Prior to version 25.4.14, it is possible to bypass the authentication mechanism of NetAlertX to update setting… |
| CVE-2025-48827 | CRITICAL | Patched | 10.0 | 2025-05-27 | vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' methods when running on PHP 8.1 or later, as demonst… |
| CVE-2025-36535 | CRITICAL | 10.0 | 2025-05-21 | The embedded web server lacks authentication and access controls, allowing unrestricted remote access. This could lead to configuration changes, operational disruption, or … | |
| CVE-2025-48200 | CRITICAL | 10.0 | 2025-05-21 | The sr_feuser_register extension through 12.4.8 for TYPO3 allows Remote Code Execution. | |
| CVE-2025-23123 | CRITICAL | 10.0 | 2025-05-19 | A malicious actor with access to the management network could execute a remote code execution (RCE) by exploiting a heap buffer overflow vulnerability in the UniFi Protect … | |
| CVE-2025-47916 | CRITICAL | Patched | 10.0 | 2025-05-16 | Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The issue lies within the themeeditor controller (file: … |
| CVE-2024-46506 | CRITICAL | Patched | 10.0 | 2025-05-13 | NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because function=savesettings lacks an authentication requireme… |
| CVE-2025-26389 | CRITICAL | Patched | 10.0 | 2025-05-13 | A vulnerability has been identified in OZW672 (All versions < V8.0), OZW772 (All versions < V8.0). The web service in affected devices does not sanitize the input parameter… |
| CVE-2025-30012 | CRITICAL | 10.0 | 2025-05-13 | The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component, which allows an unauthenticated attacker to send malicious p… | |
| CVE-2025-29813 | CRITICAL | 10.0 | 2025-05-08 | Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network. | |
| CVE-2025-0505 | CRITICAL | 10.0 | 2025-05-08 | On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with mor… | |
| CVE-2024-11186 | CRITICAL | 10.0 | 2025-05-08 | On affected versions of the CloudVision Portal, improper access controls could enable a malicious authenticated user to take broader actions on managed EOS devices than int… | |
| CVE-2025-20188 | CRITICAL | 10.0 | 2025-05-07 | A vulnerability in the Out-of-Band Access Point (AP) Image Download, the Clean Air Spectral Recording, and the client debug bundles features of Cisco IOS XE Software for Wi… | |
| CVE-2025-24522 | CRITICAL | 10.0 | 2025-05-01 | KUNBUS Revolution Pi OS Bookworm 01/2025 is vulnerable because authentication is not configured by default for the Node-RED server. This can give an unauthenticated remote … | |
| CVE-2025-46337 | CRITICAL | Patched | 10.0 | 2025-05-01 | ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. Prior to version 5.22.9, improper escaping of a query parame… |
| CVE-2025-32444 | CRITICAL | Patched | 10.0 | 2025-04-30 | vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.6.5 and prior to 0.8.5, having vLLM integration with mooncake… |
| CVE-2025-46348 | CRITICAL | Patched | 10.0 | 2025-04-29 | YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the request to commence a site backup can be performed and downloaded without authentication. The archives … |
| CVE-2025-46661 | CRITICAL | Patched | 10.0 | 2025-04-28 | IPW Systems Metazo through 8.1.3 allows unauthenticated Remote Code Execution because smartyValidator.php enables the attacker to provide template expressions, aka Server-S… |
| CVE-2025-32432 | CRITICAL | Patched | 10.0 | 2025-04-25 | Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before … |
| CVE-2025-31324 | CRITICAL | 10.0 | 2025-04-24 | SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable bina… | |
| CVE-2025-34028 | CRITICAL | Patched | 10.0 | 2025-04-22 | The Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files that represent install packages that, when expanded by the target server… |
| CVE-2025-32433 | CRITICAL | Patched | 10.0 | 2025-04-16 | Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to … |
| CVE-2024-41794 | CRITICAL | 10.0 | 2025-04-08 | A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). Affected devices contain hardcoded credentials for remote access to the device opera… | |
| CVE-2021-47667 | CRITICAL | Patched | 10.0 | 2025-04-05 | An OS command injection vulnerability in lib/NSSDropoff.php in ZendTo 5.24-3 through 6.x before 6.10-7 allows unauthenticated remote attackers to execute arbitrary commands… |