Search
31,034 CVEs · Critical severity
CVEs (31,034, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 176–200 of 31,034 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2025-37164 | CRITICAL | Patched | 10.0 | 2025-12-16 | A remote code execution issue exists in HPE OneView. |
| CVE-2025-64721 | CRITICAL | Patched | 10.0 | 2025-12-11 | Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. In versions 1.16.6 and below, the SYSTEM-level service SbieSvc.exe… |
| CVE-2025-66570 | CRITICAL | Patched | 10.0 | 2025-12-05 | cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence serv… |
| CVE-2025-55182 | CRITICAL | Patched | 10.0 | 2025-12-03 | A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: rea… |
| CVE-2025-13390 | CRITICAL | Patched | 10.0 | 2025-12-03 | The WP Directory Kit plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.4.4 due to incorrect implementation of the authenti… |
| CVE-2025-63531 | CRITICAL | 10.0 | 2025-12-01 | A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the receiverLogin.php component. The application fails to properly sanitize user-supplie… | |
| CVE-2025-64126 | CRITICAL | 10.0 | 2025-11-26 | An OS command injection vulnerability exists due to improper input validation. The application accepts a parameter directly from user input without verifying it is a vali… | |
| CVE-2025-64127 | CRITICAL | 10.0 | 2025-11-26 | An OS command injection vulnerability exists due to insufficient sanitization of user-supplied input. The application accepts parameters that are later incorporated into … | |
| CVE-2025-64128 | CRITICAL | 10.0 | 2025-11-26 | An OS command injection vulnerability exists due to incomplete validation of user-supplied input. Validation fails to enforce sufficient formatting rules, which could per… | |
| CVE-2025-65108 | CRITICAL | Patched | 10.0 | 2025-11-21 | md-to-pdf is a CLI tool for converting Markdown files to PDF using Node.js and headless Chrome. Prior to version 5.2.5, a Markdown front-matter block that contains JavaScri… |
| CVE-2025-41115 | CRITICAL | Patched | 10.0 | 2025-11-21 | SCIM provisioning was introduced in Grafana Enterprise and Grafana Cloud in April to improve how organizations manage users and teams in Grafana by introducing automated us… |
| CVE-2025-49752 | CRITICAL | 10.0 | 2025-11-20 | Azure Bastion Elevation of Privilege Vulnerability | |
| CVE-2025-63224 | CRITICAL | 10.0 | 2025-11-19 | The Itel DAB Encoder (IDEnc build 25aec8d) is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid JWT token obtai… | |
| CVE-2025-63216 | CRITICAL | 10.0 | 2025-11-18 | The Itel DAB Gateway (IDGat build c041640a) is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid JWT token obta… | |
| CVE-2025-58083 | CRITICAL | 10.0 | 2025-11-15 | General Industrial Controls Lynx+ Gateway is missing critical authentication in the embedded web server which could allow an attacker to remotely reset the device. | |
| CVE-2025-54339 | CRITICAL | Patched | 10.0 | 2025-11-14 | An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 exploitable remotely for Escalation of … |
| CVE-2025-36250 | CRITICAL | Patched | 10.0 | 2025-11-13 | IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to execute arbitrary commands due t… |
| CVE-2025-12539 | CRITICAL | 10.0 | 2025-11-11 | The TNC Toolbox: Web Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2. This is due to the plugin… | |
| CVE-2025-42890 | CRITICAL | 10.0 | 2025-11-11 | SQL Anywhere Monitor (Non-GUI) baked credentials into the code,exposing the resources or functionality to unintended users and providing attackers with the possibility of a… | |
| CVE-2025-10230 | CRITICAL | 10.0 | 2025-11-07 | A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanit… | |
| CVE-2025-63689 | CRITICAL | Patched | 10.0 | 2025-11-07 | Multiple SQL injection vulnerabilitites in ycf1998 money-pos system before commit 11f276bd20a41f089298d804e43cb1c39d041e59 (2025-09-14) allows a remote attacker to execute … |
| CVE-2025-64180 | CRITICAL | Patched | 10.0 | 2025-11-07 | Manager-io/Manager is accounting software. In Manager Desktop and Server versions 25.11.1.3085 and below, a critical vulnerability permits unauthorized access to internal n… |
| CVE-2025-6327 | CRITICAL | 10.0 | 2025-11-06 | Unrestricted Upload of File with Dangerous Type vulnerability in KingAddons.com King Addons for Elementor king-addons allows Upload a Web Shell to a Web Server.This issue a… | |
| CVE-2025-60207 | CRITICAL | 10.0 | 2025-11-06 | Unrestricted Upload of File with Dangerous Type vulnerability in Addify Custom User Registration Fields for WooCommerce user-registration-plugin-for-woocommerce allows Uplo… | |
| CVE-2025-60235 | CRITICAL | 10.0 | 2025-11-06 | Unrestricted Upload of File with Dangerous Type vulnerability in Plugify Support Ticket System for WooCommerce (Premium) support-ticket-system-for-woocommerce allows Using … |