Search
31,027 CVEs · Critical severity
CVEs (31,027, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 451–475 of 31,027 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↑ | Published | Description |
|---|---|---|---|---|---|
| CVE-2022-22115 | CRITICAL | Patched | 9.0 | 2022-01-10 | In Teedy, versions v1.5 through v1.9 are vulnerable to Stored Cross-Site Scripting (XSS) in the name of a created Tag. Since the Tag name is not being sanitized properly in… |
| CVE-2021-4139 | CRITICAL | Patched | 9.0 | 2021-12-21 | pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| CVE-2021-43882 | CRITICAL | Patched | 9.0 | 2021-12-15 | Microsoft Defender for IoT Remote Code Execution Vulnerability |
| CVE-2021-45046 | CRITICAL | Patched | 9.0 | 2021-12-14 | It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control ov… |
| CVE-2021-24922 | CRITICAL | Patched | 9.0 | 2021-12-13 | The Pixel Cat WordPress plugin before 2.6.2 does not have CSRF check when saving its settings, and did not sanitise as well as escape some of them, which could allow attack… |
| CVE-2021-40333 | CRITICAL | Patched | 9.0 | 2021-12-02 | Weak Password Requirements vulnerability in Hitachi Energy FOX61x, XCM20 allows an attacker to gain unauthorized access to the Data Communication Network (DCN) routing conf… |
| CVE-2021-3985 | CRITICAL | Patched | 9.0 | 2021-12-01 | kimai2 is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| CVE-2021-43787 | CRITICAL | Patched | 9.0 | 2021-11-29 | Nodebb is an open source Node.js based forum software. In affected versions a prototype pollution vulnerability in the uploader module allowed a malicious user to inject ar… |
| CVE-2021-3554 | CRITICAL | Patched | 9.0 | 2021-11-24 | Improper Access Control vulnerability in the patchesUpdate API as implemented in Bitdefender Endpoint Security Tools for Linux as a relay role allows an attacker to manipul… |
| CVE-2021-23732 | CRITICAL | 9.0 | 2021-11-22 | This affects all versions of package docker-cli-js. If the command parameter of the Docker.command method can at least be partially controlled by a user, they will be in a … | |
| CVE-2021-23155 | CRITICAL | Patched | 9.0 | 2021-11-18 | Improper validation of the cloud certificate chain in Mobile Client allows man-in-the-middle attack to impersonate the legitimate Command Centre Server. This issue affects:… |
| CVE-2021-43047 | CRITICAL | Patched | 9.0 | 2021-11-16 | The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress contain easily exploitable Stored and Reflected Cross Site Scripting (XSS) v… |
| CVE-2021-42114 | CRITICAL | 9.0 | 2021-11-16 | Modern DRAM devices (PC-DDR4, LPDDR4X) are affected by a vulnerability in their internal Target Row Refresh (TRR) mitigation against Rowhammer attacks. Novel non-uniform Ro… | |
| CVE-2021-43616 | CRITICAL | Patched | 9.0 | 2021-11-13 | The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavi… |
| CVE-2021-1924 | CRITICAL | 9.0 | 2021-11-12 | Information disclosure through timing and power side-channels during mod exponentiation for RSA-CRT in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdra… | |
| CVE-2021-26443 | CRITICAL | 9.0 | 2021-11-10 | Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability | |
| CVE-2021-24693 | CRITICAL | Patched | 9.0 | 2021-11-08 | The Simple Download Monitor WordPress plugin before 3.9.5 does not escape the "File Thumbnail" post meta before outputting it in some pages, which could allow users with a … |
| CVE-2021-26427 | CRITICAL | 9.0 | 2021-10-13 | Microsoft Exchange Server Remote Code Execution Vulnerability | |
| CVE-2021-35495 | CRITICAL | Patched | 9.0 | 2021-10-12 | The Scheduler Connection component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, … |
| CVE-2021-21941 | CRITICAL | 9.0 | 2021-10-12 | A use-after-free vulnerability exists in the pushMuxer CreatePushThread functionality of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead… | |
| CVE-2021-40438 | CRITICAL | Patched | 9.0 | 2021-09-16 | A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. |
| CVE-2021-23038 | CRITICAL | Patched | 9.0 | 2021-09-14 | On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x, a stored cross-site scripting (XSS) v… |
| CVE-2021-35493 | CRITICAL | Patched | 9.0 | 2021-09-14 | The WebFOCUS Reporting Server and WebFOCUS Client components of TIBCO Software Inc.'s TIBCO WebFOCUS Client, TIBCO WebFOCUS Installer, and TIBCO WebFOCUS Reporting Server c… |
| CVE-2021-22156 | CRITICAL | Patched | 9.0 | 2021-08-17 | An integer overflow vulnerability in the calloc() function of the C runtime library of affected versions of BlackBerry® QNX Software Development Platform (SDP) version(s) 6… |
| CVE-2021-25955 | CRITICAL | Patched | 9.0 | 2021-08-15 | In “Dolibarr ERP CRM”, WYSIWYG Editor module, v2.8.1 to v13.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious s… |