Search
31,035 CVEs · Critical severity
CVEs (31,035, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 326–350 of 31,035 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2024-39760 | CRITICAL | 10.0 | 2025-01-14 | Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can… | |
| CVE-2024-39761 | CRITICAL | 10.0 | 2025-01-14 | Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can… | |
| CVE-2024-39608 | CRITICAL | 10.0 | 2025-01-14 | A firmware update vulnerability exists in the login.cgi functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary firmware … | |
| CVE-2024-39754 | CRITICAL | 10.0 | 2025-01-14 | A static login vulnerability exists in the wctrls functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of network packets can lead to root access. An… | |
| CVE-2024-36258 | CRITICAL | 10.0 | 2025-01-14 | A stack-based buffer overflow vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP re… | |
| CVE-2024-36290 | CRITICAL | 10.0 | 2025-01-14 | A buffer overflow vulnerability exists in the login.cgi Goto_chidx() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-… | |
| CVE-2024-34166 | CRITICAL | 10.0 | 2025-01-14 | An os command injection vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of HTTP r… | |
| CVE-2024-50603 | CRITICAL | Patched | 10.0 | 2025-01-08 | An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutralization of special elements used in an OS command, an u… |
| CVE-2024-56829 | CRITICAL | 10.0 | 2025-01-02 | Huang Yaoshi Pharmaceutical Management Software through 16.0 allows arbitrary file upload via a .asp filename in the fileName element of the UploadFile element in a SOAP re… | |
| CVE-2024-56799 | CRITICAL | Patched | 10.0 | 2024-12-30 | Simofa is a tool to help automate static website building and deployment. Prior to version 0.2.7, due to a design mistake in the RouteLoader class, some API routes may be p… |
| CVE-2023-4617 | CRITICAL | Patched | 10.0 | 2024-12-19 | Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other users via ch… |
| CVE-2024-21576 | CRITICAL | 10.0 | 2024-12-13 | ComfyUI-Bmad-Nodes is vulnerable to Code Injection. The issue stems from a validation bypass in the BuildColorRangeHSVAdvanced, FilterContour and FindContour custom nodes. … | |
| CVE-2024-21577 | CRITICAL | 10.0 | 2024-12-13 | ComfyUI-Ace-Nodes is vulnerable to Code Injection. The ACE_ExpressionEval node contains an eval() in its entrypoint function that accepts arbitrary user-controlled data. A … | |
| CVE-2024-21574 | CRITICAL | 10.0 | 2024-12-12 | The issue stems from a missing validation of the pip field in a POST request sent to the /customnode/install endpoint used to install custom nodes which is added to the ser… | |
| CVE-2024-11639 | CRITICAL | Patched | 10.0 | 2024-12-10 | An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access |
| CVE-2024-37143 | CRITICAL | Patched | 10.0 | 2024-12-10 | Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (… |
| CVE-2024-53822 | CRITICAL | Patched | 10.0 | 2024-12-09 | Unrestricted Upload of File with Dangerous Type vulnerability in Genetech Pie Register Premium.This issue affects Pie Register Premium: from n/a before 3.8.3.3. |
| CVE-2024-51549 | CRITICAL | Patched | 10.0 | 2024-12-05 | Absolute File Traversal vulnerabilities allows access and modification of un-intended resources. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.0… |
| CVE-2024-51550 | CRITICAL | Patched | 10.0 | 2024-12-05 | Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device. Affected products: ABB ASPECT -… |
| CVE-2024-51551 | CRITICAL | Patched | 10.0 | 2024-12-05 | Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Affected products: ABB ASPECT - Enterpri… |
| CVE-2024-51555 | CRITICAL | 10.0 | 2024-12-05 | Default Credentail vulnerabilities allows access to an Aspect device using publicly available default credentials since the system does not require the installer to change … | |
| CVE-2024-51545 | CRITICAL | Patched | 10.0 | 2024-12-05 | Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions. Affected products: ABB ASPECT - Enterprise v3.08.… |
| CVE-2024-48839 | CRITICAL | Patched | 10.0 | 2024-12-05 | Improper Input Validation vulnerability allows Remote Code Execution. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 |
| CVE-2024-48840 | CRITICAL | Patched | 10.0 | 2024-12-05 | Unauthorized Access vulnerabilities allow Remote Code Execution. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 |
| CVE-2024-11317 | CRITICAL | Patched | 10.0 | 2024-12-05 | Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login providing an opportunity for session takeover on a product. Affected prod… |