Search
31,141 CVEs · Critical severity
CVEs (31,141, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 301–325 of 31,141 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↑ | Published | Description |
|---|---|---|---|---|---|
| CVE-2023-25181 | CRITICAL | 9.0 | 2023-11-14 | A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted set of network packets can lead … | |
| CVE-2023-45849 | CRITICAL | Patched | 9.0 | 2023-11-08 | An arbitrary code execution which results in privilege escalation was discovered in Helix Core versions prior to 2023.2. Reported by Jason Geffner. |
| CVE-2023-28574 | CRITICAL | 9.0 | 2023-11-07 | Memory corruption in core services when Diag handler receives a command to configure event listeners. | |
| CVE-2023-23369 | CRITICAL | 9.0 | 2023-11-03 | An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute comma… | |
| CVE-2023-1715 | CRITICAL | 9.0 | 2023-11-01 | A logic error when using mb_strpos() to check for potential XSS payload in Bitrix24 22.0.300 allows attackers to bypass XSS sanitisation via placing HTML tags at the begin… | |
| CVE-2023-1716 | CRITICAL | 9.0 | 2023-11-01 | Cross-site scripting (XSS) vulnerability in Invoice Edit Page in Bitrix24 22.0.300 allows attackers to execute arbitrary JavaScript code in the victim's browser, and possi… | |
| CVE-2023-46248 | CRITICAL | Patched | 9.0 | 2023-10-31 | Cody is an artificial intelligence (AI) coding assistant. The Cody AI VSCode extension versions 0.10.0 through 0.14.0 are vulnerable to Remote Code Execution under certain … |
| CVE-2023-5843 | CRITICAL | Patched | 9.0 | 2023-10-30 | The Ads by datafeedr.com plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 1.1.3 via the 'dfads_ajax_load_ads' function. This al… |
| CVE-2023-45869 | CRITICAL | 9.0 | 2023-10-26 | ILIAS 7.25 (2023-09-12) allows any authenticated user to execute arbitrary operating system commands remotely, when a highly privileged account accesses an XSS payload. The… | |
| CVE-2023-31422 | CRITICAL | 9.0 | 2023-10-26 | An issue was discovered by Elastic whereby sensitive information is recorded in Kibana logs in the event of an error. The issue impacts only Kibana version 8.10.0 when logg… | |
| CVE-2023-45137 | CRITICAL | Patched | 9.0 | 2023-10-25 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. `org.xwiki.platform:xwiki-platform-web` starting in version 3.1-mil… |
| CVE-2023-45134 | CRITICAL | Patched | 9.0 | 2023-10-25 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. `org.xwiki.platform:xwiki-platform-web` starting in version 3.1-mil… |
| CVE-2023-45135 | CRITICAL | Patched | 9.0 | 2023-10-25 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In `org.xwiki.platform:xwiki-platform-web` versions 7.2-milestone-2… |
| CVE-2023-37908 | CRITICAL | Patched | 9.0 | 2023-10-25 | XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. The cleaning of attributes during XHTML rendering, introduc… |
| CVE-2023-37502 | CRITICAL | Patched | 9.0 | 2023-10-18 | HCL Compass is vulnerable to lack of file upload security. An attacker could upload files containing active code that can be executed by the server or by a user's web browser. |
| CVE-2023-45146 | CRITICAL | Patched | 9.0 | 2023-10-18 | XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a… |
| CVE-2023-42628 | CRITICAL | Patched | 9.0 | 2023-10-17 | Stored cross-site scripting (XSS) vulnerability in the Wiki widget in Liferay Portal 7.1.0 through 7.4.3.87, and Liferay DXP 7.0 fix pack 83 through 102, 7.1 fix pack 28 an… |
| CVE-2023-44310 | CRITICAL | Patched | 9.0 | 2023-10-17 | Stored cross-site scripting (XSS) vulnerability in Page Tree menu Liferay Portal 7.3.6 through 7.4.3.78, and Liferay DXP 7.3 fix pack 1 through update 23, and 7.4 before up… |
| CVE-2023-42629 | CRITICAL | Patched | 9.0 | 2023-10-17 | Stored cross-site scripting (XSS) vulnerability in the manage vocabulary page in Liferay Portal 7.4.2 through 7.4.3.87, and Liferay DXP 7.4 before update 88 allows remote a… |
| CVE-2023-44309 | CRITICAL | Patched | 9.0 | 2023-10-17 | Multiple stored cross-site scripting (XSS) vulnerabilities in the fragment components in Liferay Portal 7.4.2 through 7.4.3.53, and Liferay DXP 7.4 before update 54 allow r… |
| CVE-2023-27395 | CRITICAL | 9.0 | 2023-10-12 | A heap-based buffer overflow vulnerability exists in the vpnserver WpcParsePacket() functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. A specially crafted n… | |
| CVE-2023-32670 | CRITICAL | 9.0 | 2023-10-03 | Cross-Site Scripting vulnerability in BuddyBoss 2.2.9 version , which could allow a local attacker with basic privileges to execute a malicious payload through the "[nam… | |
| CVE-2023-43632 | CRITICAL | Patched | 9.0 | 2023-09-21 | As noted in the “VTPM.md” file in the eve documentation, “VTPM is a server listening on port 8877 in EVE, exposing limited functionality of the TPM to the clients. VTPM a… |
| CVE-2023-39612 | CRITICAL | Patched | 9.0 | 2023-09-16 | A cross-site scripting (XSS) vulnerability in FileBrowser before v2.23.0 allows an authenticated attacker to escalate privileges to Administrator via user interaction with … |
| CVE-2017-9453 | CRITICAL | Patched | 9.0 | 2023-09-05 | BMC Server Automation before 8.9.01 patch 1 allows Process Spawner command execution because of authentication bypass. |