Search
31,035 CVEs · Critical severity
CVEs (31,035, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 401–425 of 31,035 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2024-42467 | CRITICAL | Patched | 10.0 | 2024-08-12 | openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Prior to version 4.2.1, the proxy endpoint of openHAB… |
| CVE-2024-39791 | CRITICAL | Patched | 10.0 | 2024-08-12 | Stack-based buffer overflow vulnerabilities affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable… |
| CVE-2024-40628 | CRITICAL | Patched | 10.0 | 2024-07-18 | JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database an… |
| CVE-2024-40629 | CRITICAL | Patched | 10.0 | 2024-07-18 | JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database an… |
| CVE-2024-39911 | CRITICAL | Patched | 10.0 | 2024-07-18 | 1Panel is a web-based linux server management control panel. 1Panel contains an unspecified sql injection via User-Agent handling. This issue has been addressed in version … |
| CVE-2024-20419 | CRITICAL | Patched | 10.0 | 2024-07-17 | A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of… |
| CVE-2024-37112 | CRITICAL | Patched | 10.0 | 2024-07-09 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Membership Software WishList Member X.This issue affects WishList Memb… |
| CVE-2024-6209 | CRITICAL | Patched | 10.0 | 2024-07-05 | Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to access files unauthorized |
| CVE-2024-6298 | CRITICAL | Patched | 10.0 | 2024-07-05 | Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to execute arbitrary code remotely |
| CVE-2023-41917 | CRITICAL | 10.0 | 2024-07-02 | Inadequate input validation exposes the system to potential remote code execution (RCE) risks. Attackers can exploit this vulnerability by appending shell commands to the S… | |
| CVE-2023-41918 | CRITICAL | 10.0 | 2024-07-02 | A vulnerability allows unauthorized access to functionality inadequately constrained by ACLs. Attackers may exploit this to unauthenticated execute commands potentially lea… | |
| CVE-2024-38366 | CRITICAL | Patched | 10.0 | 2024-07-01 | trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. The part of trunk which verifies whether a user has a real email address on signup u… |
| CVE-2024-38513 | CRITICAL | Patched | 10.0 | 2024-07-01 | Fiber is an Express-inspired web framework written in Go A vulnerability present in versions prior to 2.52.5 is a session middleware issue in GoFiber versions 2 and above. … |
| CVE-2024-39251 | CRITICAL | 10.0 | 2024-07-01 | An issue in the component ControlCenter.sys/ControlCenter64.sys of ThundeRobot Control Center v2.0.0.10 allows attackers to access sensitive information, execute arbitrary … | |
| CVE-2024-38999 | CRITICAL | 10.0 | 2024-07-01 | jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function s.contexts._.configure. This vulnerability allows attackers to execute arbitrary c… | |
| CVE-2024-39008 | CRITICAL | 10.0 | 2024-07-01 | robinweser fast-loops v1.1.3 was discovered to contain a prototype pollution via the function objectMergeDeep. This vulnerability allows attackers to execute arbitrary code… | |
| CVE-2024-6071 | CRITICAL | 10.0 | 2024-06-27 | PTC Creo Elements/Direct License Server exposes a web interface which can be used by unauthenticated remote attackers to execute arbitrary OS commands on the server. | |
| CVE-2024-2973 | CRITICAL | Patched | 10.0 | 2024-06-27 | An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or conductor running with a redundant peer allows a netwo… |
| CVE-2024-1839 | CRITICAL | 10.0 | 2024-06-26 | Intrado 911 Emergency Gateway login form is vulnerable to an unauthenticated blind time-based SQL injection, which may allow an unauthenticated remote attacker to execute m… | |
| CVE-2024-6297 | CRITICAL | 10.0 | 2024-06-25 | Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of… | |
| CVE-2024-4196 | CRITICAL | Patched | 10.0 | 2024-06-25 | An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the W… |
| CVE-2023-50029 | CRITICAL | 10.0 | 2024-06-24 | PHP Injection vulnerability in the module "M4 PDF Extensions" (m4pdf) up to version 3.3.2 from PrestaAddons for PrestaShop allows attackers to run arbitrary code via the M4… | |
| CVE-2024-36532 | CRITICAL | 10.0 | 2024-06-21 | Insecure permissions in kruise v1.6.2 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. | |
| CVE-2024-3605 | CRITICAL | Patched | 10.0 | 2024-06-20 | The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the 'room_type' parameter of the /wphb/v1/rooms/search-rooms REST API endpoint in all versions … |
| CVE-2024-34990 | CRITICAL | 10.0 | 2024-06-19 | In the module "Help Desk - Customer Support Management System" (helpdesk) up to version 2.4.0 from FME Modules for PrestaShop, a customer can upload .php files. Methods `He… |