Search
31,027 CVEs · Critical severity
CVEs (31,027, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 51–75 of 31,027 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↑ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-32751 | CRITICAL | Patched | 9.0 | 2026-03-19 | SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the mobile file tree (MobileFiles.ts) renders notebook names via innerHTML without HTML escap… |
| CVE-2026-27540 | CRITICAL | 9.0 | 2026-03-19 | Unrestricted Upload of File with Dangerous Type vulnerability in Rymera Web Co Pty Ltd. Woocommerce Wholesale Lead Capture woocommerce-wholesale-lead-capture allows Using M… | |
| CVE-2026-32703 | CRITICAL | Patched | 9.0 | 2026-03-18 | OpenProject is an open-source, web-based project management software. In versions prior to 16.6.9, 17.0.6, 17.1.3, and 17.2.1, the Repositories module did not properly esca… |
| CVE-2026-3564 | CRITICAL | 9.0 | 2026-03-17 | A condition in ScreenConnect may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated… | |
| CVE-2026-32635 | CRITICAL | Patched | 9.0 | 2026-03-16 | Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-next.3, 21.2.4, 20.3.18,… |
| CVE-2023-27573 | CRITICAL | Patched | 9.0 | 2026-03-11 | netbox-docker before 2.5.0 has a superuser account with default credentials (admin password for the admin account, and 0123456789abcdef0123456789abcdef01234567 value for SU… |
| CVE-2026-27825 | CRITICAL | Patched | 9.0 | 2026-03-10 | MCP Atlassian is a Model Context Protocol (MCP) server for Atlassian products (Confluence and Jira). Prior to version 0.17.0, the `confluence_download_attachment` MCP tool … |
| CVE-2026-30862 | CRITICAL | Patched | 9.0 | 2026-03-10 | Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.96, a Critical Stored XSS vulnerability exists in the Table Widget (TableWidgetV2).… |
| CVE-2025-59542 | CRITICAL | Patched | 9.0 | 2026-03-06 | Chamilo is a learning management system. Prior to version 1.11.34, there is a stored cross-site scripting (XSS) vulnerability. By injecting malicious JavaScript into the co… |
| CVE-2025-59543 | CRITICAL | Patched | 9.0 | 2026-03-06 | Chamilo is a learning management system. Prior to version 1.11.34, there is a stored cross-site scripting (XSS) vulnerability. By injecting malicious JavaScript into the co… |
| CVE-2025-55208 | CRITICAL | Patched | 9.0 | 2026-03-05 | Chamilo is a learning management system. Versions prior to 1.11.34 have a Stored XSS through insecure file uploads in `Social Networks`. Through it, a low-privilege user ca… |
| CVE-2026-27984 | CRITICAL | 9.0 | 2026-03-05 | Improper Control of Generation of Code ('Code Injection') vulnerability in Marketing Fire Widget Options widget-options allows Code Injection.This issue affects Widget Opti… | |
| CVE-2026-27384 | CRITICAL | 9.0 | 2026-03-05 | Improper Validation of Specified Quantity in Input vulnerability in BoldGrid W3 Total Cache w3-total-cache allows Accessing Functionality Not Properly Constrained by ACLs.T… | |
| CVE-2025-66024 | CRITICAL | Patched | 9.0 | 2026-03-04 | The XWiki blog application allows users of the XWiki platform to create and manage blog posts. Versions prior to 9.15.7 are vulnerable to Stored Cross-Site Scripting (XSS) … |
| CVE-2026-24663 | CRITICAL | Patched | 9.0 | 2026-02-27 | An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an unauthenticated attacker to achieve remote code execution on the system by … |
| CVE-2026-27493 | CRITICAL | Patched | 9.0 | 2026-02-25 | n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, a second-order expression injection vulnerability existed in n8n's Form n… |
| CVE-2026-27822 | CRITICAL | 9.0 | 2026-02-25 | RustFS is a distributed object storage system built in Rust. Prior to version 1.0.0-alpha.83, a Stored Cross-Site Scripting (XSS) vulnerability in the RustFS Console allows… | |
| CVE-2026-0573 | CRITICAL | Patched | 9.0 | 2026-02-18 | An URL redirection vulnerability was identified in GitHub Enterprise Server that allowed attacker-controlled redirects to leak sensitive authorization tokens. The repositor… |
| CVE-2025-69634 | CRITICAL | 9.0 | 2026-02-12 | Cross Site Request Forgery vulnerability in Dolibarr ERP & CRM v.22.0.9 allows a remote attacker to escalate privileges via the notes field in perms.php NOTE: this is dispu… | |
| CVE-2026-20677 | CRITICAL | Patched | 9.0 | 2026-02-11 | A race condition was addressed with improved handling of symbolic links. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sonoma 14.8.4,… |
| CVE-2026-25881 | CRITICAL | Patched | 9.0 | 2026-02-09 | SandboxJS is a JavaScript sandboxing library. Prior to 0.8.31, a sandbox escape vulnerability allows sandboxed code to mutate host built-in prototypes by laundering the isG… |
| CVE-2025-68723 | CRITICAL | Patched | 9.0 | 2026-02-05 | Axigen Mail Server before 10.5.57 contains multiple stored Cross-Site Scripting (XSS) vulnerabilities in the WebAdmin interface. Three instances exist: (1) the log file nam… |
| CVE-2026-24769 | CRITICAL | Patched | 9.0 | 2026-01-28 | NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, a stored cross-site scripting (XSS) vulnerability exists in NocoDB’s attachment handlin… |
| CVE-2025-68015 | CRITICAL | 9.0 | 2026-01-22 | Improper Control of Generation of Code ('Code Injection') vulnerability in Vollstart Event Tickets with Ticket Scanner event-tickets-with-ticket-scanner allows Code Injecti… | |
| CVE-2026-24002 | CRITICAL | Patched | 9.0 | 2026-01-22 | Grist is spreadsheet software using Python as its formula language. Grist offers several methods for running those formulas in a sandbox, for cases where the user may be wo… |