Search
31,034 CVEs · Critical severity
CVEs (31,034, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 201–225 of 31,034 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2025-53283 | CRITICAL | 10.0 | 2025-11-06 | Unrestricted Upload of File with Dangerous Type vulnerability in borisolhor Drop Uploader for CF7 - Drag&Drop File Uploader Addon drop-uploader-for-contact-form-7-dragdrop-… | |
| CVE-2025-49372 | CRITICAL | 10.0 | 2025-11-06 | Improper Control of Generation of Code ('Code Injection') vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Remote Code Inclusion.This issue aff… | |
| CVE-2025-62596 | CRITICAL | Patched | 10.0 | 2025-11-06 | Youki is a container runtime written in Rust. In versions 0.5.6 and below, youki’s apparmor handling performs insufficiently strict write-target validation, and when combin… |
| CVE-2025-62161 | CRITICAL | Patched | 10.0 | 2025-11-06 | Youki is a container runtime written in Rust. In versions 0.5.6 and below, the initial validation of the source /dev/null is insufficient, allowing container escape when yo… |
| CVE-2025-55108 | CRITICAL | 10.0 | 2025-11-05 | The Control-M/Agent is vulnerable to unauthenticated remote code execution, arbitrary file read and write and similar unauthorized actions when mutual SSL/TLS authenticatio… | |
| CVE-2025-61945 | CRITICAL | Patched | 10.0 | 2025-11-04 | Radiometrics VizAir is vulnerable to any remote attacker via access to the admin panel of the VizAir system without authentication. Once inside, the attacker can modify cri… |
| CVE-2025-61956 | CRITICAL | Patched | 10.0 | 2025-11-04 | Radiometrics VizAir is vulnerable to a lack of authentication mechanisms for critical functions, such as admin access and API requests. Attackers can modify configurations … |
| CVE-2025-54863 | CRITICAL | Patched | 10.0 | 2025-11-04 | Radiometrics VizAir is vulnerable to exposure of the system's REST API key through a publicly accessible configuration file. This allows attackers to remotely alter weather… |
| CVE-2025-29270 | CRITICAL | 10.0 | 2025-10-31 | Incorrect access control in the realtime.cgi endpoint of Deep Sea Electronics devices DSE855 v1.1.0 to v1.1.26 allows attackers to gain access to the admin panel and comple… | |
| CVE-2025-52665 | CRITICAL | Patched | 10.0 | 2025-10-31 | A malicious actor with access to the management network could exploit a misconfiguration in UniFi’s door access application, UniFi Access, that exposed a management API wit… |
| CVE-2025-64095 | CRITICAL | Patched | 10.0 | 2025-10-28 | DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor provider allows unaut… |
| CVE-2025-61481 | CRITICAL | 10.0 | 2025-10-27 | An issue in MikroTik RouterOS v.7.14.2 and SwOS v.2.18 exposes the WebFig management interface over cleartext HTTP by default, allowing an on-path attacker to execute injec… | |
| CVE-2025-59503 | CRITICAL | 10.0 | 2025-10-23 | Server-side request forgery (ssrf) in Azure Compute Gallery allows an unauthorized attacker to elevate privileges over a network. | |
| CVE-2025-61934 | CRITICAL | 10.0 | 2025-10-23 | A binding to an unrestricted IP address vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an unauthenticated remote at… | |
| CVE-2025-60206 | CRITICAL | 10.0 | 2025-10-22 | Improper Control of Generation of Code ('Code Injection') vulnerability in Beplusthemes Alone alone allows Code Injection.This issue affects Alone: from n/a through <= 7.8.3. | |
| CVE-2025-58963 | CRITICAL | 10.0 | 2025-10-22 | Unrestricted Upload of File with Dangerous Type vulnerability in 7oroof Medcity medcity allows Upload a Web Shell to a Web Server.This issue affects Medcity: from n/a throu… | |
| CVE-2025-57870 | CRITICAL | Patched | 10.0 | 2025-10-22 | A SQL Injection vulnerability exists in Esri ArcGIS Server versions 11.3, 11.4 and 11.5 on Windows, Linux and Kubernetes. This vulnerability allows a remote, unauthenticate… |
| CVE-2025-49060 | CRITICAL | 10.0 | 2025-10-22 | Unrestricted Upload of File with Dangerous Type vulnerability in CMSSuperHeroes Wastia wastia allows Upload a Web Shell to a Web Server.This issue affects Wastia: from n/a … | |
| CVE-2025-48106 | CRITICAL | 10.0 | 2025-10-22 | Unrestricted Upload of File with Dangerous Type vulnerability in CMSSuperHeroes Clanora clanora allows Using Malicious Files.This issue affects Clanora: from n/a through < 1.3.1. | |
| CVE-2025-9574 | CRITICAL | 10.0 | 2025-10-20 | Missing Authentication for Critical Function vulnerability in ABB ALS-mini-s4 IP, ABB ALS-mini-s8 IP.This issue affects . All firmware versions with the Serial Number fro… | |
| CVE-2025-62168 | CRITICAL | Patched | 10.0 | 2025-10-17 | Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. T… |
| CVE-2025-3450 | CRITICAL | Patched | 10.0 | 2025-10-07 | An Improper Resource Locking vulnerability in the SDM component of B&R Automation Runtime versions before 6.3 and before Q4.93 may allow an unauthenticated network-based at… |
| CVE-2025-58384 | CRITICAL | Patched | 10.0 | 2025-09-26 | In DOXENSE WATCHDOC before 6.1.1.5332, Deserialization of Untrusted Data can lead to remote code execution through the .NET Remoting library in the Watchdoc administration … |
| CVE-2025-9846 | CRITICAL | Patched | 10.0 | 2025-09-23 | Unrestricted Upload of File with Dangerous Type vulnerability in TalentSys Consulting Information Technology Industry Inc. Inka.Net allows Command Injection. This issue af… |
| CVE-2025-9588 | CRITICAL | Patched | 10.0 | 2025-09-23 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Iron Mountain Archiving Services Inc. EnVision allows Command In… |