Search
31,034 CVEs · Critical severity
CVEs (31,034, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 351–375 of 31,034 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↑ | Published | Description |
|---|---|---|---|---|---|
| CVE-2023-22585 | CRITICAL | Patched | 9.0 | 2023-06-11 | The Danfoss AK-EM100 web applications allow for Reflected Cross-Site Scripting in the title parameter. |
| CVE-2021-4356 | CRITICAL | Patched | 9.0 | 2023-06-07 | The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Download in versions up to, and including, 18.2. This is due to lacking aut… |
| CVE-2023-32217 | CRITICAL | 9.0 | 2023-06-05 | IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, Iden… | |
| CVE-2023-3086 | CRITICAL | Patched | 9.0 | 2023-06-03 | Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. |
| CVE-2022-45938 | CRITICAL | Patched | 9.0 | 2023-06-02 | An issue was discovered in Comcast Defined Technologies microeisbss through 2021. An attacker can inject a stored XSS payload in the Device ID field under Inventory Managem… |
| CVE-2023-2586 | CRITICAL | 9.0 | 2023-05-22 | Teltonika’s Remote Management System versions 4.14.0 is vulnerable to an unauthorized attacker registering previously unregistered devices through the RMS platform. If the… | |
| CVE-2023-31703 | CRITICAL | 9.0 | 2023-05-17 | Cross Site Scripting (XSS) in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the … | |
| CVE-2023-32080 | CRITICAL | Patched | 9.0 | 2023-05-10 | Wings is the server control plane for Pterodactyl Panel. A vulnerability affecting versions prior to 1.7.5 and versions 1.11.0 prior to 1.11.6 impacts anyone running the af… |
| CVE-2023-32070 | CRITICAL | Patched | 9.0 | 2023-05-10 | XWiki Platform is a generic wiki platform. Prior to version 14.6-rc-1, HTML rendering didn't check for dangerous attributes/attribute values. This allowed cross-site script… |
| CVE-2023-32071 | CRITICAL | Patched | 9.0 | 2023-05-09 | XWiki Platform is a generic wiki platform. Starting in versions 2.2-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, it's possible to execute javascript wi… |
| CVE-2023-31126 | CRITICAL | Patched | 9.0 | 2023-05-09 | `org.xwiki.commons:xwiki-commons-xml` is an XML library used by the open-source wiki platform XWiki. The HTML sanitizer, introduced in version 14.6-rc-1, allows the injecti… |
| CVE-2023-31127 | CRITICAL | Patched | 9.0 | 2023-05-08 | libspdm is a sample implementation that follows the DMTF SPDM specifications. A vulnerability has been identified in SPDM session establishment in libspdm prior to version … |
| CVE-2023-30627 | CRITICAL | Patched | 9.0 | 2023-04-24 | jellyfin-web is the web client for Jellyfin, a free-software media system. Starting in version 10.1.0 and prior to version 10.8.10, a stored cross-site scripting vulnerabil… |
| CVE-2023-29528 | CRITICAL | Patched | 9.0 | 2023-04-20 | XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milest… |
| CVE-2023-29519 | CRITICAL | Patched | 9.0 | 2023-04-19 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A registered user can perform remote code execution leading to priv… |
| CVE-2023-29213 | CRITICAL | Patched | 9.0 | 2023-04-17 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of `org.xwiki.platform:xwiki-platform-logging-… |
| CVE-2023-29206 | CRITICAL | Patched | 9.0 | 2023-04-15 | XWiki Commons are technical libraries common to several other top level XWiki projects. There was no check in the author of a JavaScript xobject or StyleSheet xobject added… |
| CVE-2023-29201 | CRITICAL | Patched | 9.0 | 2023-04-15 | XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milest… |
| CVE-2023-29202 | CRITICAL | Patched | 9.0 | 2023-04-15 | XWiki Commons are technical libraries common to several other top level XWiki projects. The RSS macro that is bundled in XWiki included the content of the feed items withou… |
| CVE-2023-27830 | CRITICAL | Patched | 9.0 | 2023-04-12 | TightVNC before v2.8.75 allows attackers to escalate privileges on the host operating system via replacing legitimate files with crafted files when executing a file transfe… |
| CVE-2023-27267 | CRITICAL | 9.0 | 2023-04-11 | Due to missing authentication and insufficient input validation, the OSCommand Bridge of SAP Diagnostics Agent - version 720, allows an attacker with deep knowledge of the … | |
| CVE-2023-0432 | CRITICAL | Patched | 9.0 | 2023-03-31 | The web configuration service of the affected device contains an authenticated command injection vulnerability. It can be used to execute system commands on the operating … |
| CVE-2023-26482 | CRITICAL | Patched | 9.0 | 2023-03-30 | Nextcloud server is an open source home cloud implementation. In affected versions a missing scope validation allowed users to create workflows which are designed to be onl… |
| CVE-2023-21456 | CRITICAL | 9.0 | 2023-03-16 | Path traversal vulnerability in Galaxy Themes Service prior to SMR Mar-2023 Release 1 allows attacker to access arbitrary file with system uid. | |
| CVE-2023-25617 | CRITICAL | 9.0 | 2023-03-14 | SAP Business Object (Adaptive Job Server) - versions 420, 430, allows remote execution of arbitrary commands on Unix, when program objects execution is enabled, to authenti… |