Search
31,034 CVEs · Critical severity
CVEs (31,034, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 201–225 of 31,034 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↑ | Published | Description |
|---|---|---|---|---|---|
| CVE-2024-45593 | CRITICAL | Patched | 9.0 | 2024-09-10 | Nix is a package manager for Linux and other Unix systems. A bug in Nix 2.24 prior to 2.24.6 allows a substituter or malicious user to craft a NAR that, when unpacked by Ni… |
| CVE-2024-35540 | CRITICAL | Patched | 9.0 | 2024-08-20 | A stored cross-site scripting (XSS) vulnerability in Typecho v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. |
| CVE-2024-7777 | CRITICAL | Patched | 9.0 | 2024-08-20 | The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary … |
| CVE-2024-43242 | CRITICAL | Patched | 9.0 | 2024-08-19 | Deserialization of Untrusted Data vulnerability in azzaroco Ultimate Membership Pro indeed-membership-pro.This issue affects Ultimate Membership Pro: from n/a through <= 12.7. |
| CVE-2024-43400 | CRITICAL | Patched | 9.0 | 2024-08-19 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible for a user without Script or Programming rights to c… |
| CVE-2024-43401 | CRITICAL | Patched | 9.0 | 2024-08-19 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A user without script/programming right can trick a user with eleva… |
| CVE-2024-39397 | CRITICAL | Patched | 9.0 | 2024-08-14 | Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could resul… |
| CVE-2024-42366 | CRITICAL | Patched | 9.0 | 2024-08-08 | VRCX is an assistant/companion application for VRChat. In versions prior to 2024.03.23, a CefSharp browser with over-permission and cross-site scripting via overlay notific… |
| CVE-2024-38182 | CRITICAL | 9.0 | 2024-07-31 | Weak authentication in Microsoft Dynamics 365 allows an unauthenticated attacker to elevate privileges over a network. | |
| CVE-2024-41947 | CRITICAL | Patched | 9.0 | 2024-07-31 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By creating a conflict when another user with more rights is curren… |
| CVE-2024-38529 | CRITICAL | Patched | 9.0 | 2024-07-29 | Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.3.10, there is a Remote Code Execution Vulnerabi… |
| CVE-2024-6834 | CRITICAL | 9.0 | 2024-07-17 | A vulnerability in APIML Spring Cloud Gateway which leverages user privileges by unexpected signing proxied request by Zowe's client certificate. This allows access to a us… | |
| CVE-2024-37310 | CRITICAL | Patched | 9.0 | 2024-07-10 | EVerest is an EV charging software stack. An integer overflow in the "v2g_incoming_v2gtp" function in the v2g_server.cpp implementation can allow a remote attacker to overf… |
| CVE-2024-3596 | CRITICAL | Patched | 9.0 | 2024-07-09 | RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) t… |
| CVE-2024-29039 | CRITICAL | Patched | 9.0 | 2024-06-28 | tpm2 is the source repository for the Trusted Platform Module (TPM2.0) tools. This vulnerability allows attackers to manipulate tpm2_checkquote outputs by altering the TPML… |
| CVE-2024-37089 | CRITICAL | Patched | 9.0 | 2024-06-24 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.… |
| CVE-2024-37899 | CRITICAL | Patched | 9.0 | 2024-06-20 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When an admin disables a user account, the user's profile is execut… |
| CVE-2024-0095 | CRITICAL | Patched | 9.0 | 2024-06-13 | NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where a user can inject forged logs and executable commands by injecting arbitrary data as a n… |
| CVE-2024-4371 | CRITICAL | Patched | 9.0 | 2024-06-13 | The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to PHP Object Injection in all versio… |
| CVE-2024-35213 | CRITICAL | Patched | 9.0 | 2024-06-11 | An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause a denial-of-service c… |
| CVE-2024-31401 | CRITICAL | Patched | 9.0 | 2024-06-11 | Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script on… |
| CVE-2024-29855 | CRITICAL | Patched | 9.0 | 2024-06-11 | Hard-coded JWT secret allows authentication bypass in Veeam Recovery Orchestrator |
| CVE-2024-35677 | CRITICAL | Patched | 9.0 | 2024-06-10 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes MegaMenu allows PHP Local File Inclusion.This issue affects M… |
| CVE-2024-34551 | CRITICAL | Patched | 9.0 | 2024-06-04 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Select-Themes Stockholm allows PHP Local File Inclusion.This issue affects S… |
| CVE-2024-33560 | CRITICAL | 9.0 | 2024-06-04 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in 8theme XStore allows PHP Local File Inclusion.This issue affects XStore: fro… |