Search
31,034 CVEs · Critical severity
CVEs (31,034, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 326–350 of 31,034 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↑ | Published | Description |
|---|---|---|---|---|---|
| CVE-2023-4299 | CRITICAL | Patched | 9.0 | 2023-08-31 | Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment. |
| CVE-2023-40572 | CRITICAL | Patched | 9.0 | 2023-08-24 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The create action is vulnerable to a CSRF attack, allowing script a… |
| CVE-2023-40573 | CRITICAL | Patched | 9.0 | 2023-08-24 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki supports scheduled jobs that contain Groovy scripts. Currentl… |
| CVE-2023-41028 | CRITICAL | Patched | 9.0 | 2023-08-23 | A stack-based buffer overflow exists in Juplink RX4-1500, a WiFi router, in versions 1.0.2 through 1.0.5. An authenticated attacker can exploit this vulnerability to achiev… |
| CVE-2023-40176 | CRITICAL | Patched | 9.0 | 2023-08-23 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can exploit a stored XSS through their user pro… |
| CVE-2023-39969 | CRITICAL | Patched | 9.0 | 2023-08-09 | uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. Version 1.0.9 of uthenticode hashed the entire file rather than hashi… |
| CVE-2023-4203 | CRITICAL | Patched | 9.0 | 2023-08-08 | Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in th… |
| CVE-2023-4202 | CRITICAL | Patched | 9.0 | 2023-08-08 | Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in th… |
| CVE-2023-36217 | CRITICAL | 9.0 | 2023-08-03 | Cross Site Scripting vulnerability in Xoops CMS v.2.5.10 allows a remote attacker to execute arbitrary code via the category name field of the image manager function. | |
| CVE-2023-32478 | CRITICAL | Patched | 9.0 | 2023-07-21 | Dell PowerStore versions prior to 3.5.0.1 contain an insertion of sensitive information into log file vulnerability. A high privileged malicious user could potentially exp… |
| CVE-2023-21974 | CRITICAL | Patched | 9.0 | 2023-07-18 | Vulnerability in the Application Express Team Calendar Plugin product of Oracle Application Express (component: User Account). Supported versions that are affected are App… |
| CVE-2023-21975 | CRITICAL | Patched | 9.0 | 2023-07-18 | Vulnerability in the Application Express Customers Plugin product of Oracle Application Express (component: User Account). Supported versions that are affected are Applica… |
| CVE-2023-34142 | CRITICAL | Patched | 9.0 | 2023-07-18 | Cleartext Transmission of Sensitive Information vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector … |
| CVE-2023-32250 | CRITICAL | Patched | 9.0 | 2023-07-10 | A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_SESSION_SETUP commands. The is… |
| CVE-2023-34192 | CRITICAL | 9.0 | 2023-07-06 | Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function. | |
| CVE-2023-30320 | CRITICAL | 9.0 | 2023-07-06 | Cross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/chatWindow.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allo… | |
| CVE-2023-30321 | CRITICAL | 9.0 | 2023-07-06 | Cross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/LoginServlet.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, al… | |
| CVE-2023-31997 | CRITICAL | 9.0 | 2023-07-01 | UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a local network to access MongoDB. Applicable Cloud Keys that are both (1)… | |
| CVE-2023-36477 | CRITICAL | Patched | 9.0 | 2023-06-30 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights can edit all pages in the `CKEditor' spac… |
| CVE-2023-36471 | CRITICAL | Patched | 9.0 | 2023-06-29 | Xwiki commons is the common modules used by other XWiki top level projects. The HTML sanitizer that is included in XWiki since version 14.6RC1 allowed form and input HTML t… |
| CVE-2023-2625 | CRITICAL | Patched | 9.0 | 2023-06-28 | A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, having any level of access VIEWER to… |
| CVE-2023-35169 | CRITICAL | Patched | 9.0 | 2023-06-23 | PHP-IMAP is a wrapper for common IMAP communication without the need to have the php-imap module installed / enabled. Prior to version 5.3.0, an unsanitized attachment file… |
| CVE-2023-35153 | CRITICAL | Patched | 9.0 | 2023-06-23 | XWiki Platform is a generic wiki platform. Starting in version 5.4.4 and prior to versions 14.4.8, 14.10.4, and 15.0, a stored cross-site scripting vulnerability can be exp… |
| CVE-2023-34464 | CRITICAL | Patched | 9.0 | 2023-06-23 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 2.2.1 until versions 14.4.8, 14.10.5, and 15.1R… |
| CVE-2023-22582 | CRITICAL | Patched | 9.0 | 2023-06-11 | The Danfoss AK-EM100 web applications allow for Reflected Cross-Site Scripting. |