Search
31,034 CVEs · Critical severity
CVEs (31,034, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 401–425 of 31,034 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↑ | Published | Description |
|---|---|---|---|---|---|
| CVE-2022-40287 | CRITICAL | 9.0 | 2022-10-31 | The application was found to be vulnerable to an authenticated Stored Cross-Site Scripting (XSS) vulnerability in messaging functionality, leading to privilege escalation … | |
| CVE-2022-40288 | CRITICAL | 9.0 | 2022-10-31 | The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the user profile data fields, which could be leveraged to escalate privileges withi… | |
| CVE-2022-40289 | CRITICAL | 9.0 | 2022-10-31 | The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the upload and download functionality, which could be leveraged to escalate privile… | |
| CVE-2022-32176 | CRITICAL | Patched | 9.0 | 2022-10-17 | In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3b are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the "Compress Upload" fun… |
| CVE-2022-32177 | CRITICAL | Patched | 9.0 | 2022-10-14 | In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3beta are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the 'Normal Upload' fu… |
| CVE-2022-32174 | CRITICAL | Patched | 9.0 | 2022-10-11 | In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cross-Site Scripting (XSS) that leads to an account takeover. |
| CVE-2021-44171 | CRITICAL | Patched | 9.0 | 2022-10-10 | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through… |
| CVE-2022-42308 | CRITICAL | Patched | 9.0 | 2022-10-03 | An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can delete arbitrary files by leveraging a path travers… |
| CVE-2022-42302 | CRITICAL | Patched | 9.0 | 2022-10-03 | An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting the N… |
| CVE-2022-39256 | CRITICAL | Patched | 9.0 | 2022-09-27 | Orckestra C1 CMS is a .NET based Web Content Management System. A vulnerability in versions prior to 6.13 allows remote attackers to execute arbitrary code on affected inst… |
| CVE-2022-2566 | CRITICAL | 9.0 | 2022-09-23 | A heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in `build_open_gop_key_points()` goes through all entries in the loop and adds `s… | |
| CVE-2022-25652 | CRITICAL | 9.0 | 2022-09-16 | Cryptographic issues in BSP due to improper hash verification in Snapdragon Wired Infrastructure and Networking | |
| CVE-2020-19586 | CRITICAL | 9.0 | 2022-09-14 | Incorrect Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to escalate privilege via MIAdminStyles.i4 Admin UI. | |
| CVE-2022-39205 | CRITICAL | Patched | 9.0 | 2022-09-13 | Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. In versions of Onedev prior to 7.3.0 unauthenticated users can take over a OneDev instance if there … |
| CVE-2022-34882 | CRITICAL | Patched | 9.0 | 2022-09-06 | Information Exposure Through an Error Message vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to gain sensitive informat… |
| CVE-2022-36045 | CRITICAL | Patched | 9.0 | 2022-08-31 | NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. It utilizes web sockets for instant interactions and real-time not… |
| CVE-2022-28712 | CRITICAL | 9.0 | 2022-08-22 | A cross-site scripting (xss) vulnerability exists in the videoAddNew functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can … | |
| CVE-2022-35975 | CRITICAL | Patched | 9.0 | 2022-08-18 | The GitOps Tools Extension for VSCode can make it easier to manage Flux objects. A specially crafted Flux object may allow for remote code execution in the machine running … |
| CVE-2022-20827 | CRITICAL | Patched | 9.0 | 2022-08-10 | Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or … |
| CVE-2022-20842 | CRITICAL | Patched | 9.0 | 2022-08-10 | Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or … |
| CVE-2022-20841 | CRITICAL | Patched | 9.0 | 2022-08-10 | Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or … |
| CVE-2022-36956 | CRITICAL | 9.0 | 2022-07-27 | In Veritas NetBackup, the NetBackup Client allows arbitrary command execution from any remote host that has access to a valid host-id NetBackup certificate/private key from… | |
| CVE-2022-35131 | CRITICAL | 9.0 | 2022-07-25 | Joplin v2.8.8 allows attackers to execute arbitrary commands via a crafted payload injected into the Node titles. | |
| CVE-2022-20812 | CRITICAL | Patched | 9.0 | 2022-07-06 | Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow… |
| CVE-2022-20813 | CRITICAL | Patched | 9.0 | 2022-07-06 | Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow… |