Search
31,034 CVEs · Critical severity
CVEs (31,034, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 126–150 of 31,034 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↑ | Published | Description |
|---|---|---|---|---|---|
| CVE-2025-53835 | CRITICAL | Patched | 9.0 | 2025-07-14 | XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax, HTML, etc) into another syntax (XHTML, etc). Starting in version 5… |
| CVE-2025-30023 | CRITICAL | Patched | 9.0 | 2025-07-11 | The communication protocol used between client and server had a flaw that could lead to an authenticated user performing a remote code execution attack. |
| CVE-2025-36038 | CRITICAL | Patched | 9.0 | 2025-06-25 | IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. |
| CVE-2025-49136 | CRITICAL | Patched | 9.0 | 2025-06-09 | listmonk is a standalone, self-hosted, newsletter and mailing list manager. Starting in version 4.0.0 and prior to version 5.0.2, the `env` and `expandenv` template functio… |
| CVE-2025-5086 | CRITICAL | Patched | 9.0 | 2025-06-02 | A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could lead to a remote code execution. |
| CVE-2025-47933 | CRITICAL | Patched | 9.0 | 2025-05-29 | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.13.8, 2.14.13, and 3.0.4, an attacker can perform arbitrary actions on behalf … |
| CVE-2025-48828 | CRITICAL | 9.0 | 2025-05-27 | Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the template engine. By crafting template code in an alte… | |
| CVE-2025-31916 | CRITICAL | 9.0 | 2025-05-23 | Unrestricted Upload of File with Dangerous Type vulnerability in joy2012bd JP Students Result Management System Premium allows Upload a Web Shell to a Web Server. This issu… | |
| CVE-2025-30171 | CRITICAL | 9.0 | 2025-05-22 | System File Deletion vulnerabilities in ASPECT provide attackers access to delete system files if session administrator credentials become compromised. This issue affects A… | |
| CVE-2024-48853 | CRITICAL | 9.0 | 2025-05-22 | An escalation of privilege vulnerability in ASPECT could provide an attacker root access to a server when logged in as a "non" root ASPECT user. This issue affects ASPECT-E… | |
| CVE-2025-48017 | CRITICAL | 9.0 | 2025-05-20 | Improper limitation of pathname in Circuit Provisioning and File Import applications allows modification and uploading of files | |
| CVE-2025-35996 | CRITICAL | 9.0 | 2025-05-01 | KUNBUS PiCtory version 2.11.1 and earlier are vulnerable when an authenticated remote attacker crafts a special filename that can be stored by API endpoints. That filename … | |
| CVE-2025-47154 | CRITICAL | 9.0 | 2025-05-01 | LibJS in Ladybird before f5a6704 mishandles the freeing of the vector that arguments_list references, leading to a use-after-free, and allowing remote attackers to execute … | |
| CVE-2025-46558 | CRITICAL | Patched | 9.0 | 2025-04-30 | XWiki Contrib's Syntax Markdown allows importing Markdown content into wiki pages and creating wiki content in Markdown. In versions starting from 8.2 to before 8.9, the Ma… |
| CVE-2025-32973 | CRITICAL | Patched | 9.0 | 2025-04-30 | XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.8.0-rc-1, whe… |
| CVE-2025-32974 | CRITICAL | Patched | 9.0 | 2025-04-30 | XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.8 and from 16.0.0-rc-1 to before 16.2.0, the required rights analysis doesn't consider… |
| CVE-2024-56156 | CRITICAL | Patched | 9.0 | 2025-04-25 | Halo is an open source website building tool. Prior to version 2.20.13, a vulnerability in Halo allows attackers to bypass file type validation controls. This bypass enable… |
| CVE-2025-32911 | CRITICAL | 9.0 | 2025-04-15 | A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to cause … | |
| CVE-2025-32743 | CRITICAL | 9.0 | 2025-04-10 | In ConnMan through 1.44, the lookup string in ns_resolv in dnsproxy.c can be NULL or an empty string when the TC (Truncated) bit is set in a DNS response. This allows attac… | |
| CVE-2024-58136 | CRITICAL | Patched | 9.0 | 2025-04-10 | Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a CVE-2024-4990 regression, as exploited in the wild in February through A… |
| CVE-2025-30406 | CRITICAL | Patched | 9.0 | 2025-04-03 | Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as e… |
| CVE-2025-22457 | CRITICAL | Patched | 9.0 | 2025-04-03 | A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.… |
| CVE-2025-30095 | CRITICAL | Patched | 9.0 | 2025-03-31 | VyOS 1.3 through 1.5 (fixed in 1.4.2) or any Debian-based system using dropbear in combination with live-build has the same Dropbear private host keys across different inst… |
| CVE-2025-30472 | CRITICAL | Patched | 9.0 | 2025-03-22 | Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c… |
| CVE-2025-2311 | CRITICAL | Patched | 9.0 | 2025-03-20 | Incorrect Use of Privileged APIs, Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in Sechard Information Technologies Se… |