Search
31,027 CVEs · Critical severity
CVEs (31,027, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 426–450 of 31,027 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↑ | Published | Description |
|---|---|---|---|---|---|
| CVE-2022-31098 | CRITICAL | Patched | 9.0 | 2022-06-27 | Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in the logging … |
| CVE-2022-31035 | CRITICAL | Patched | 9.0 | 2022-06-27 | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.0.0 are vulnerable to a cross-site scripting (XSS) bug al… |
| CVE-2022-32158 | CRITICAL | Patched | 9.0 | 2022-06-15 | Splunk Enterprise deployment servers in versions before 8.1.10.1, 8.2.6.1, and 9.0 let clients deploy forwarder bundles to other deployment clients through the deployment s… |
| CVE-2021-30339 | CRITICAL | 9.0 | 2022-06-14 | Reading PRNG output may lead to improper key generation due to lack of buffer validation in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdrago… | |
| CVE-2022-21122 | CRITICAL | Patched | 9.0 | 2022-06-08 | The package metacalc before 0.0.2 are vulnerable to Arbitrary Code Execution when it exposes JavaScript's Math class to the v8 context. As the Math class is exposed to user… |
| CVE-2022-26857 | CRITICAL | Patched | 9.0 | 2022-05-26 | Dell OpenManage Enterprise Versions 3.8.3 and prior contain an improper authorization vulnerability. A remote authenticated malicious user with low privileges may potential… |
| CVE-2022-0947 | CRITICAL | Patched | 9.0 | 2022-05-10 | A vulnerability in ABB ARG600 Wireless Gateway series that could allow an attacker to exploit the vulnerability by remotely connecting to the serial port gateway, and/or pr… |
| CVE-2022-24039 | CRITICAL | Patched | 9.0 | 2022-05-10 | A vulnerability has been identified in Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The “addCell” JavaScript function… |
| CVE-2022-30284 | CRITICAL | Patched | 9.0 | 2022-05-04 | In the python-libnmap package through 0.7.2 for Python, remote command execution can occur (if used in a client application that does not validate arguments). NOTE: the ven… |
| CVE-2021-43932 | CRITICAL | 9.0 | 2022-04-28 | Elcomplus SmartPTT is vulnerable when an attacker injects JavaScript code into a specific parameter that can executed upon accessing the dashboard or the main page. | |
| CVE-2022-28101 | CRITICAL | 9.0 | 2022-04-28 | Turtlapp Turtle Note v0.7.2.6 does not filter the <meta> tag during markdown parsing, allowing attackers to execute HTML injection. | |
| CVE-2022-28464 | CRITICAL | Patched | 9.0 | 2022-04-27 | Apifox through 2.1.6 is vulnerable to Cross Site Scripting (XSS) which can lead to remote code execution. |
| CVE-2022-1345 | CRITICAL | Patched | 9.0 | 2022-04-13 | Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it ca… |
| CVE-2022-1346 | CRITICAL | Patched | 9.0 | 2022-04-13 | Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to ses… |
| CVE-2022-1344 | CRITICAL | Patched | 9.0 | 2022-04-13 | Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's … |
| CVE-2021-42136 | CRITICAL | Patched | 9.0 | 2022-04-13 | A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes functionality of REDCap before 11.4.0 allows remote attackers to execute JavaScript code in the … |
| CVE-2022-20754 | CRITICAL | Patched | 9.0 | 2022-04-06 | Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an au… |
| CVE-2022-20755 | CRITICAL | Patched | 9.0 | 2022-04-06 | Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an au… |
| CVE-2022-23631 | CRITICAL | Patched | 9.0 | 2022-02-09 | superjson is a program to allow JavaScript expressions to be serialized to a superset of JSON. In versions prior to 1.8.1 superjson allows input to run arbitrary code on an… |
| CVE-2022-24123 | CRITICAL | Patched | 9.0 | 2022-01-29 | MarkText through 0.16.3 does not sanitize the input of a mermaid block before rendering. This could lead to Remote Code Execution via a .md file containing a mutation Cross… |
| CVE-2022-21686 | CRITICAL | Patched | 9.0 | 2022-01-26 | PrestaShop is an Open Source e-commerce platform. Starting with version 1.7.0.0 and ending with version 1.7.8.3, an attacker is able to inject twig code inside the back off… |
| CVE-2022-21969 | CRITICAL | 9.0 | 2022-01-11 | Microsoft Exchange Server Remote Code Execution Vulnerability | |
| CVE-2022-21901 | CRITICAL | 9.0 | 2022-01-11 | Windows Hyper-V Elevation of Privilege Vulnerability | |
| CVE-2022-21855 | CRITICAL | 9.0 | 2022-01-11 | Microsoft Exchange Server Remote Code Execution Vulnerability | |
| CVE-2022-21846 | CRITICAL | 9.0 | 2022-01-11 | Microsoft Exchange Server Remote Code Execution Vulnerability |