Search
31,035 CVEs · Critical severity
CVEs (31,035, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 351–375 of 31,035 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2024-10905 | CRITICAL | Patched | 10.0 | 2024-12-02 | IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8, and … |
| CVE-2024-47407 | CRITICAL | 10.0 | 2024-11-22 | A parameter within a command does not properly validate input within myPRO Manager which could be exploited by an unauthenticated remote attacker to inject arbitrary operat… | |
| CVE-2024-52034 | CRITICAL | 10.0 | 2024-11-22 | An OS Command Injection vulnerability exists within myPRO Manager. A parameter within a command can be exploited by an unauthenticated remote attacker to inject arbitrary o… | |
| CVE-2024-42450 | CRITICAL | 10.0 | 2024-11-19 | The Versa Director uses PostgreSQL (Postgres) to store operational and configuration data. It is also needed for High Availability function of the Versa Director. The defau… | |
| CVE-2024-48966 | CRITICAL | 10.0 | 2024-11-14 | The software tools used by service personnel to test & calibrate the ventilator do not support user authentication. An attacker with access to the Service PC where the tool… | |
| CVE-2024-48967 | CRITICAL | 10.0 | 2024-11-14 | The ventilator and the Service PC lack sufficient audit logging capabilities to allow for detection of malicious activity and subsequent forensic examination. An attacker w… | |
| CVE-2024-44102 | CRITICAL | Patched | 10.0 | 2024-11-12 | A vulnerability has been identified in PP TeleControl Server Basic 1000 to 5000 V3.1 (6NH9910-0AA31-0AE1) (All versions < V3.1.2.1 with redundancy configured), PP TeleContr… |
| CVE-2024-20418 | CRITICAL | 10.0 | 2024-11-06 | A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points could al… | |
| CVE-2024-10081 | CRITICAL | Patched | 10.0 | 2024-11-06 | CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the API URL ends w… |
| CVE-2024-8615 | CRITICAL | Patched | 10.0 | 2024-11-06 | The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearch_location_load_excel_file_callba… |
| CVE-2024-51745 | CRITICAL | Patched | 10.0 | 2024-11-05 | Wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's filesystem sandbox implementation on Windows blocks access to special device filenames such as "COM1", "CO… |
| CVE-2024-51378 | CRITICAL | Patched | 10.0 | 2024-10-29 | getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary comman… |
| CVE-2024-51567 | CRITICAL | Patched | 10.0 | 2024-10-29 | upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via … |
| CVE-2024-51568 | CRITICAL | Patched | 10.0 | 2024-10-29 | CyberPanel (aka Cyber Panel) before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecutioner() sink. There is /filemanager/upload (aka File… |
| CVE-2024-50496 | CRITICAL | Patched | 10.0 | 2024-10-28 | Unrestricted Upload of File with Dangerous Type vulnerability in webandprint AR For WordPress ar-for-wordpress allows Upload a Web Shell to a Web Server.This issue affects … |
| CVE-2024-47901 | CRITICAL | Patched | 10.0 | 2024-10-23 | A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP … |
| CVE-2024-49314 | CRITICAL | 10.0 | 2024-10-17 | Unrestricted Upload of File with Dangerous Type vulnerability in jiangqie JiangQie Free Mini Program jiangqie-free-mini-program allows Upload a Web Shell to a Web Server.Th… | |
| CVE-2024-49291 | CRITICAL | Patched | 10.0 | 2024-10-17 | Unrestricted Upload of File with Dangerous Type vulnerability in Gora Tech LLC Cooked Pro.This issue affects Cooked Pro: from n/a before 1.8.0. |
| CVE-2024-49242 | CRITICAL | 10.0 | 2024-10-16 | Unrestricted Upload of File with Dangerous Type vulnerability in Shafiq Digital Lottery digital-lottery allows Upload a Web Shell to a Web Server.This issue affects Digital… | |
| CVE-2024-49216 | CRITICAL | 10.0 | 2024-10-16 | Unrestricted Upload of File with Dangerous Type vulnerability in jclay06 Feed Comments Number feed-comments-number allows Upload a Web Shell to a Web Server.This issue affe… | |
| CVE-2024-9985 | CRITICAL | Patched | 10.0 | 2024-10-15 | Enterprise Cloud Database from Ragic does not properly validate the file type for uploads. Attackers with regular privileges can upload a webshell and use it to execute arb… |
| CVE-2024-47875 | CRITICAL | Patched | 10.0 | 2024-10-11 | DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.… |
| CVE-2024-45519 | CRITICAL | Patched | 10.0 | 2024-10-02 | The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthentic… |
| CVE-2024-42017 | CRITICAL | 10.0 | 2024-09-30 | An issue was discovered in Atos Eviden iCare 2.7.1 through 2.7.11. The application exposes a web interface locally. In the worst-case scenario, if the application is remote… | |
| CVE-2024-8940 | CRITICAL | 10.0 | 2024-09-25 | Vulnerability in the Scriptcase application version 9.4.019, which involves the arbitrary upload of a file via /scriptcase/devel/lib/third/jquery_plugin/jQuery-File-Upload/… |