Search
31,035 CVEs · Critical severity
CVEs (31,035, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 426–450 of 31,035 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2024-36679 | CRITICAL | 10.0 | 2024-06-19 | In the module "Module Live Chat Pro (All in One Messaging)" (livechatpro) <=8.4.0, a guest can perform PHP Code injection. Due to a predictable token, the method `Lcp::save… | |
| CVE-2024-37902 | CRITICAL | Patched | 10.0 | 2024-06-17 | DeepJavaLibrary(DJL) is an Engine-Agnostic Deep Learning Framework in Java. DJL versions 0.1.0 through 0.27.0 do not prevent absolute path archived artifacts from inserting… |
| CVE-2024-30299 | CRITICAL | Patched | 10.0 | 2024-06-13 | Adobe Framemaker Publishing Server versions 2020.3, 2022.2 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. A… |
| CVE-2024-3922 | CRITICAL | Patched | 10.0 | 2024-06-13 | The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the … |
| CVE-2024-2013 | CRITICAL | 10.0 | 2024-06-11 | An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with t… | |
| CVE-2024-36412 | CRITICAL | Patched | 10.0 | 2024-06-10 | SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point a… |
| CVE-2024-35746 | CRITICAL | Patched | 10.0 | 2024-06-10 | Unrestricted Upload of File with Dangerous Type vulnerability in Asghar Hatampoor BuddyPress Cover allows Code Injection.This issue affects BuddyPress Cover: from n/a throu… |
| CVE-2024-5675 | CRITICAL | 10.0 | 2024-06-06 | Untrusted data deserialization vulnerability has been found in Mentor - Employee Portal, affecting version 3.83.35. This vulnerability could allow an attacker to execute ar… | |
| CVE-2024-25600 | CRITICAL | 10.0 | 2024-06-04 | Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a t… | |
| CVE-2024-36388 | CRITICAL | 10.0 | 2024-06-02 | MileSight DeviceHub - CWE-305 Missing Authentication for Critical Function | |
| CVE-2024-3820 | CRITICAL | 10.0 | 2024-06-01 | The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to SQL Injection via the 'id_key' parameter of the wdt_dele… | |
| CVE-2024-5407 | CRITICAL | 10.0 | 2024-05-27 | A vulnerability in RhinOS 3.0-1190 could allow PHP code injection through the "search" parameter in /portal/search.htm. This vulnerability could allow a remote attacker to … | |
| CVE-2023-3943 | CRITICAL | 10.0 | 2024-05-21 | Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such … | |
| CVE-2023-3941 | CRITICAL | 10.0 | 2024-05-21 | Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to write any file on the system with root privileges. This issue affects ZkTeco-ba… | |
| CVE-2023-3939 | CRITICAL | 10.0 | 2024-05-21 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in ZkTeco-based OEM devices allows OS Command Injection. Since a… | |
| CVE-2024-32809 | CRITICAL | 10.0 | 2024-05-17 | Unrestricted Upload of File with Dangerous Type vulnerability in JumpDEMAND Inc. ActiveDEMAND allows Using Malicious Files.This issue affects ActiveDEMAND: from n/a through 0.2.41. | |
| CVE-2024-31351 | CRITICAL | Patched | 10.0 | 2024-05-17 | Unrestricted Upload of File with Dangerous Type vulnerability in Copymatic Copymatic – AI Content Writer & Generator.This issue affects Copymatic – AI Content Writer & Gene… |
| CVE-2024-22476 | CRITICAL | 10.0 | 2024-05-16 | Improper input validation in some Intel(R) Neural Compressor software before version 2.5.0 may allow an unauthenticated user to potentially enable escalation of privilege v… | |
| CVE-2024-32888 | CRITICAL | Patched | 10.0 | 2024-05-15 | The Amazon JDBC Driver for Redshift is a Type 4 JDBC driver that provides database connectivity through the standard JDBC application program interfaces (APIs) available in… |
| CVE-2024-32741 | CRITICAL | Patched | 10.0 | 2024-05-14 | A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains hard coded password which is used for the privileged system user … |
| CVE-2024-30207 | CRITICAL | 10.0 | 2024-05-14 | A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions … | |
| CVE-2024-34555 | CRITICAL | 10.0 | 2024-05-14 | Unrestricted Upload of File with Dangerous Type vulnerability in URBAN BASE Z-Downloads.This issue affects Z-Downloads: from n/a through 1.11.3. | |
| CVE-2024-32700 | CRITICAL | 10.0 | 2024-05-14 | Unrestricted Upload of File with Dangerous Type vulnerability in Kognetiks Kognetiks Chatbot for WordPress.This issue affects Kognetiks Chatbot for WordPress: from n/a thro… | |
| CVE-2024-31377 | CRITICAL | 10.0 | 2024-05-14 | Unrestricted Upload of File with Dangerous Type vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a through … | |
| CVE-2024-29895 | CRITICAL | 10.0 | 2024-05-14 | Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execut… |