Search
31,035 CVEs · Critical severity
CVEs (31,035, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 301–325 of 31,035 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2025-30886 | CRITICAL | Patched | 10.0 | 2025-04-01 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Help Desk js-support-ticket allows SQL Injection.This issue… |
| CVE-2025-2857 | CRITICAL | Patched | 10.0 | 2025-03-27 | Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause… |
| CVE-2025-26852 | CRITICAL | Patched | 10.0 | 2025-03-20 | DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 allows SQL Injection. |
| CVE-2025-26853 | CRITICAL | Patched | 10.0 | 2025-03-20 | DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 has a broken authorization schema. |
| CVE-2024-10442 | CRITICAL | Patched | 10.0 | 2025-03-19 | Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller (… |
| CVE-2024-56346 | CRITICAL | 10.0 | 2025-03-18 | IBM AIX 7.2 and 7.3 nimesis NIM master service could allow a remote attacker to execute arbitrary commands due to improper process controls. | |
| CVE-2025-22954 | CRITICAL | Patched | 10.0 | 2025-03-12 | GetLateOrMissingIssues in C4/Serials.pm in Koha before 24.11.02 allows SQL Injection in /serials/lateissues-export.pl via the supplierid or serialid parameter. |
| CVE-2025-26701 | CRITICAL | Patched | 10.0 | 2025-03-11 | An issue was discovered in Percona PMM Server (OVA) before 3.0.0-1.ova. The default service account credentials can lead to SSH access, use of Sudo to root, and sensitive d… |
| CVE-2025-24201 | CRITICAL | Patched | 10.0 | 2025-03-11 | An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in Safari 18.3.1, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.… |
| CVE-2024-50704 | CRITICAL | Patched | 10.0 | 2025-03-04 | Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via a specially crafted HTTP POST… |
| CVE-2024-50707 | CRITICAL | Patched | 10.0 | 2025-03-04 | Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via the X-Forwarded-For header in… |
| CVE-2023-25574 | CRITICAL | 10.0 | 2025-02-25 | `jupyterhub-ltiauthenticator` is a JupyterHub authenticator for learning tools interoperability (LTI). LTI13Authenticator that was introduced in `jupyterhub-ltiauthenticato… | |
| CVE-2025-27364 | CRITICAL | Patched | 10.0 | 2025-02-24 | In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a Remote Code Execution (RCE) vulnerability was found in the dynamic agent (implant) compilation functionality of t… |
| CVE-2025-26776 | CRITICAL | 10.0 | 2025-02-22 | Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Chaty Pro allows Upload a Web Shell to a Web Server. This issue affects Chaty Pro: from n/a through 3.3.3. | |
| CVE-2025-26615 | CRITICAL | Patched | 10.0 | 2025-02-18 | WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Path Traversal vulnerability was discovered in the WeGIA application, `exa… |
| CVE-2024-13152 | CRITICAL | Patched | 10.0 | 2025-02-14 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BSS Software Mobuy Online Machinery Monitoring Panel allows SQL Inject… |
| CVE-2025-24865 | CRITICAL | Patched | 10.0 | 2025-02-13 | The administrative web interface of mySCADA myPRO Manager can be accessed without authentication which could allow an unauthorized attacker to retrieve sensitive inform… |
| CVE-2025-24786 | CRITICAL | Patched | 10.0 | 2025-02-06 | WhoDB is an open source database management tool. While the application only displays Sqlite3 databases present in the directory `/db`, there is no path traversal preventio… |
| CVE-2025-0982 | CRITICAL | Patched | 10.0 | 2025-02-06 | Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an actor to execute arbitrary unsandboxed code via crafted JavaScript code exec… |
| CVE-2025-24085 | CRITICAL | Patched | 10.0 | 2025-01-27 | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sonoma 14.7.… |
| CVE-2024-48841 | CRITICAL | 10.0 | 2025-01-27 | Network access can be used to execute arbitrary code with elevated privileges. This issue affects FLXEON 9.3.4 and older. | |
| CVE-2025-22609 | CRITICAL | Patched | 10.0 | 2025-01-24 | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any au… |
| CVE-2025-22612 | CRITICAL | Patched | 10.0 | 2025-01-24 | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.374, the missing authorization allows an aut… |
| CVE-2024-55971 | CRITICAL | 10.0 | 2025-01-23 | SQL Injection vulnerability in the default configuration of the Logitime WebClock application <= 5.43.0 allows an unauthenticated user to run arbitrary code on the backend … | |
| CVE-2024-39759 | CRITICAL | 10.0 | 2025-01-14 | Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can… |