Search
31,037 CVEs · Critical severity
CVEs (31,037, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 451–475 of 31,037 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2024-32962 | CRITICAL | Patched | 10.0 | 2024-05-02 | xml-crypto is an xml digital signature and encryption library for Node.js. In affected versions the default configuration does not check authorization of the signer, it onl… |
| CVE-2024-33566 | CRITICAL | 10.0 | 2024-04-29 | Missing Authorization vulnerability in N-Media OrderConvo allows OS Command Injection.This issue affects OrderConvo: from n/a through 12.4. | |
| CVE-2024-32766 | CRITICAL | Patched | 10.0 | 2024-04-26 | An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute comma… |
| CVE-2024-32651 | CRITICAL | 10.0 | 2024-04-26 | changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Injection (SSTI) … | |
| CVE-2024-0916 | CRITICAL | 10.0 | 2024-04-25 | Unauthenticated file upload allows remote code execution. This issue affects UvDesk Community: from 1.0.0 through 1.1.3. | |
| CVE-2024-28185 | CRITICAL | 10.0 | 2024-04-18 | Judge0 is an open-source online code execution system. The application does not account for symlinks placed inside the sandbox directory, which can be leveraged by an attac… | |
| CVE-2024-28189 | CRITICAL | Patched | 10.0 | 2024-04-18 | Judge0 is an open-source online code execution system. The application uses the UNIX chown command on an untrusted file within the sandbox. An attacker can abuse this by cr… |
| CVE-2024-2912 | CRITICAL | 10.0 | 2024-04-16 | An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution (RCE) by sending a specially crafted POST request. By exploiting t… | |
| CVE-2023-51409 | CRITICAL | Patched | 10.0 | 2024-04-12 | Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 1.9.98. |
| CVE-2024-3400 | CRITICAL | 10.0 | 2024-04-12 | A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and… | |
| CVE-2024-31996 | CRITICAL | Patched | 10.0 | 2024-04-10 | XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, the HTML escaping of escaping tool that is used … |
| CVE-2024-31982 | CRITICAL | Patched | 10.0 | 2024-04-10 | XWiki Platform is a generic wiki platform. Starting in version 2.4-milestone-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, XWiki's database search allows remote … |
| CVE-2024-24576 | CRITICAL | Patched | 10.0 | 2024-04-09 | Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not properly escape arguments when inv… |
| CVE-2024-22004 | CRITICAL | 10.0 | 2024-04-05 | Due to length check, an attacker with privilege access on a Linux Nonsecure operating system can trigger a vulnerability and leak the secure memory from the Trusted Application | |
| CVE-2023-48426 | CRITICAL | 10.0 | 2024-04-05 | u-boot bug that allows for u-boot shell and interrupt over UART | |
| CVE-2024-25096 | CRITICAL | Patched | 10.0 | 2024-04-03 | Improper Control of Generation of Code ('Code Injection') vulnerability in Canto Inc. Canto allows Code Injection.This issue affects Canto: from n/a through 3.0.7. |
| CVE-2024-2389 | CRITICAL | Patched | 10.0 | 2024-04-02 | In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified. An unauthenticated user can gain entry to the sys… |
| CVE-2024-31115 | CRITICAL | 10.0 | 2024-03-31 | Unrestricted Upload of File with Dangerous Type vulnerability in QuanticaLabs Chauffeur Taxi Booking System for WordPress.This issue affects Chauffeur Taxi Booking System f… | |
| CVE-2024-2086 | CRITICAL | 10.0 | 2024-03-30 | The Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site plugin for WordPress is vuln… | |
| CVE-2024-3094 | CRITICAL | 10.0 | 2024-03-29 | Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a … | |
| CVE-2024-30247 | CRITICAL | Patched | 10.0 | 2024-03-29 | NextcloudPi is a ready to use image for Virtual Machines, Raspberry Pi, Odroid HC1, Rock64 and other boards. A command injection vulnerability in NextCloudPi allows command… |
| CVE-2024-30510 | CRITICAL | Patched | 10.0 | 2024-03-29 | Unrestricted Upload of File with Dangerous Type vulnerability in Salon Booking System Salon booking system.This issue affects Salon booking system: from n/a through 9.5. |
| CVE-2024-30224 | CRITICAL | Patched | 10.0 | 2024-03-28 | Deserialization of Untrusted Data vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.2. |
| CVE-2024-30225 | CRITICAL | 10.0 | 2024-03-28 | Deserialization of Untrusted Data vulnerability in WPENGINE, INC. WP Migrate.This issue affects WP Migrate: from n/a through 2.6.10. | |
| CVE-2023-49815 | CRITICAL | 10.0 | 2024-03-27 | Unrestricted Upload of File with Dangerous Type vulnerability in WappPress Team WappPress.This issue affects WappPress: from n/a through 5.0.3. |