Search
31,035 CVEs · Critical severity
CVEs (31,035, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 376–400 of 31,035 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2024-43693 | CRITICAL | Patched | 10.0 | 2024-09-25 | A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a remote attacker to inject arbitrary commands. |
| CVE-2024-45066 | CRITICAL | Patched | 10.0 | 2024-09-25 | A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a remote attacker to inject arbitrary commands. |
| CVE-2024-0001 | CRITICAL | Patched | 10.0 | 2024-09-23 | A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain eleva… |
| CVE-2024-0002 | CRITICAL | Patched | 10.0 | 2024-09-23 | A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access to the array. |
| CVE-2024-8888 | CRITICAL | 10.0 | 2024-09-18 | An attacker with access to the network where CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could steal the tokens used on the web, since these have no expiration… | |
| CVE-2024-8887 | CRITICAL | 10.0 | 2024-09-18 | CIRCUTOR Q-SMT in its firmware version 1.0.4, could be affected by a denial of service (DoS) attack if an attacker with access to the web service bypasses the authenticatio… | |
| CVE-2024-44146 | CRITICAL | Patched | 10.0 | 2024-09-17 | A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15. An app may be able to break out of its sandbox. |
| CVE-2024-44148 | CRITICAL | Patched | 10.0 | 2024-09-17 | This issue was addressed with improved validation of file attributes. This issue is fixed in macOS Sequoia 15. An app may be able to break out of its sandbox. |
| CVE-2024-8522 | CRITICAL | Patched | 10.0 | 2024-09-12 | The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_only_fields' parameter of the /wp-json/learnpress/v1/courses REST API e… |
| CVE-2024-8529 | CRITICAL | Patched | 10.0 | 2024-09-12 | The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_fields' parameter of the /wp-json/lp/v1/courses/archive-course REST API… |
| CVE-2024-45409 | CRITICAL | Patched | 10.0 | 2024-09-10 | The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the S… |
| CVE-2024-45032 | CRITICAL | 10.0 | 2024-09-10 | A vulnerability has been identified in Industrial Edge Management Pro (All versions < V1.9.5), Industrial Edge Management Virtual (All versions < V2.3.1-1). Affected compon… | |
| CVE-2024-6795 | CRITICAL | Patched | 10.0 | 2024-09-09 | In Connex health portal released before8/30/2024, SQL injection vulnerabilities were found that could have allowed an unauthenticated attacker to gain unauthorized access t… |
| CVE-2024-7591 | CRITICAL | Patched | 10.0 | 2024-09-05 | Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This issue affects: * LoadMaster: 7.2.40.0 and above * ECS: All versions * Mul… |
| CVE-2024-43102 | CRITICAL | Patched | 10.0 | 2024-09-05 | Concurrent removals of certain anonymous shared memory mappings by using the UMTX_SHM_DESTROY sub-request of UMTX_OP_SHM can lead to decreasing the reference count of the o… |
| CVE-2024-43955 | CRITICAL | Patched | 10.0 | 2024-08-29 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themeum Droip allows File Manipulation.This issue affects Droip: from n/a th… |
| CVE-2024-43918 | CRITICAL | Patched | 10.0 | 2024-08-29 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW WBW Product Table PRO allows SQL Injection.This issue affects WBW … |
| CVE-2024-7854 | CRITICAL | 10.0 | 2024-08-21 | The Woo Inquiry plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 0.1 due to insufficient escaping on the user supplied parameter 'd… | |
| CVE-2024-5932 | CRITICAL | Patched | 10.0 | 2024-08-20 | The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserializ… |
| CVE-2024-37099 | CRITICAL | Patched | 10.0 | 2024-08-19 | Deserialization of Untrusted Data vulnerability in Liquid Web GiveWP allows Object Injection.This issue affects GiveWP: from n/a through 3.14.1. |
| CVE-2024-6500 | CRITICAL | 10.0 | 2024-08-17 | The InPost for WooCommerce plugin and InPost PL plugin for WordPress are vulnerable to unauthorized access and deletion of data due to a missing capability check on the 'pa… | |
| CVE-2024-42472 | CRITICAL | Patched | 10.0 | 2024-08-15 | Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak app using persistent director… |
| CVE-2024-43160 | CRITICAL | 10.0 | 2024-08-13 | Unrestricted Upload of File with Dangerous Type vulnerability in BerqWP allows Code Injection.This issue affects BerqWP: from n/a through 1.7.6. | |
| CVE-2024-42489 | CRITICAL | Patched | 10.0 | 2024-08-12 | Pro Macros provides XWiki rendering macros. Missing escaping in the Viewpdf macro allows any user with view right on the `CKEditor.HTMLConverter` page or edit or comment ri… |
| CVE-2024-42479 | CRITICAL | Patched | 10.0 | 2024-08-12 | llama.cpp provides LLM inference in C/C++. The unsafe `data` pointer member in the `rpc_tensor` structure can cause arbitrary address writing. This vulnerability is fixed in b3561. |