Search
31,141 CVEs · Critical severity
CVEs (31,141, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 476–500 of 31,141 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2023-48426 | CRITICAL | 10.0 | 2024-04-05 | u-boot bug that allows for u-boot shell and interrupt over UART | |
| CVE-2024-25096 | CRITICAL | Patched | 10.0 | 2024-04-03 | Improper Control of Generation of Code ('Code Injection') vulnerability in Canto Inc. Canto allows Code Injection.This issue affects Canto: from n/a through 3.0.7. |
| CVE-2024-2389 | CRITICAL | Patched | 10.0 | 2024-04-02 | In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified. An unauthenticated user can gain entry to the sys… |
| CVE-2024-31115 | CRITICAL | 10.0 | 2024-03-31 | Unrestricted Upload of File with Dangerous Type vulnerability in QuanticaLabs Chauffeur Taxi Booking System for WordPress.This issue affects Chauffeur Taxi Booking System f… | |
| CVE-2024-2086 | CRITICAL | 10.0 | 2024-03-30 | The Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site plugin for WordPress is vuln… | |
| CVE-2024-3094 | CRITICAL | 10.0 | 2024-03-29 | Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a … | |
| CVE-2024-30247 | CRITICAL | Patched | 10.0 | 2024-03-29 | NextcloudPi is a ready to use image for Virtual Machines, Raspberry Pi, Odroid HC1, Rock64 and other boards. A command injection vulnerability in NextCloudPi allows command… |
| CVE-2024-30510 | CRITICAL | Patched | 10.0 | 2024-03-29 | Unrestricted Upload of File with Dangerous Type vulnerability in Salon Booking System Salon booking system.This issue affects Salon booking system: from n/a through 9.5. |
| CVE-2024-30224 | CRITICAL | Patched | 10.0 | 2024-03-28 | Deserialization of Untrusted Data vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.2. |
| CVE-2024-30225 | CRITICAL | 10.0 | 2024-03-28 | Deserialization of Untrusted Data vulnerability in WPENGINE, INC. WP Migrate.This issue affects WP Migrate: from n/a through 2.6.10. | |
| CVE-2023-49815 | CRITICAL | 10.0 | 2024-03-27 | Unrestricted Upload of File with Dangerous Type vulnerability in WappPress Team WappPress.This issue affects WappPress: from n/a through 5.0.3. | |
| CVE-2023-23656 | CRITICAL | 10.0 | 2024-03-26 | Unrestricted Upload of File with Dangerous Type vulnerability in MainWP MainWP File Uploader Extension.This issue affects MainWP File Uploader Extension: from n/a through 4.1. | |
| CVE-2024-2227 | CRITICAL | Patched | 10.0 | 2024-03-22 | This vulnerability allows access to arbitrary files in the application server file system due to a path traversal vulnerability in JavaServer Faces (JSF) 2.2.20 documented … |
| CVE-2024-24578 | CRITICAL | Patched | 10.0 | 2024-03-18 | RaspberryMatic is an open-source operating system for HomeMatic internet-of-things devices. RaspberryMatic / OCCU prior to version 3.75.6.20240316 contains a unauthenticate… |
| CVE-2024-27767 | CRITICAL | Patched | 10.0 | 2024-03-18 | CWE-287: Improper Authentication may allow Authentication Bypass |
| CVE-2024-27957 | CRITICAL | Patched | 10.0 | 2024-03-17 | Unrestricted Upload of File with Dangerous Type vulnerability in Pie Register.This issue affects Pie Register: from n/a through 3.8.3.1. |
| CVE-2024-28354 | CRITICAL | 10.0 | 2024-03-15 | There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. An attacker can inject commands into the post request parameters… | |
| CVE-2024-25139 | CRITICAL | Patched | 10.0 | 2024-03-14 | In TP-Link Omada er605 1.0.1 through (v2.6) 2.2.3, a cloud-brd binary is susceptible to an integer overflow that leads to a heap-based buffer overflow. After heap shaping, … |
| CVE-2024-22039 | CRITICAL | Patched | 10.0 | 2024-03-12 | A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions < IP8), Cerberus PRO EN Fire Panel FC72x IP6 (All versions < IP6 SR3), Cerberus PRO EN… |
| CVE-2024-27298 | CRITICAL | Patched | 10.0 | 2024-03-01 | parse-server is a Parse Server for Node.js / Express. This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. The vulnerabil… |
| CVE-2024-1403 | CRITICAL | Patched | 10.0 | 2024-02-27 | In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerabil… |
| CVE-2024-25913 | CRITICAL | Patched | 10.0 | 2024-02-26 | Unrestricted Upload of File with Dangerous Type vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2. |
| CVE-2024-25925 | CRITICAL | Patched | 10.0 | 2024-02-26 | Unrestricted Upload of File with Dangerous Type vulnerability in SYSBASICS WooCommerce Easy Checkout Field Editor, Fees & Discounts.This issue affects WooCommerce Easy Chec… |
| CVE-2024-1212 | CRITICAL | Patched | 10.0 | 2024-02-21 | Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution. |
| CVE-2024-1709 | CRITICAL | Patched | 10.0 | 2024-02-21 | ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct a… |