Search
585 CVEs · Critical severity
CVEs (585, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 1–25 of 585 (capped at 500)
| CVE ID ↑ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2018-25320 | CRITICAL | 9.8 | 2026-05-17 | ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECU… | |
| CVE-2018-25332 | CRITICAL | Patched | 9.8 | 2026-05-17 | GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generat… |
| CVE-2018-25335 | CRITICAL | 9.8 | 2026-05-17 | WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests … | |
| CVE-2018-25350 | CRITICAL | 9.8 | 2026-05-23 | userSpice 4.3.24 contains a username enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by sending POST requests to the existingUse… | |
| CVE-2018-25357 | CRITICAL | Patched | 9.8 | 2026-05-23 | Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP code through the db_n… |
| CVE-2018-25412 | CRITICAL | 9.8 | 2026-05-30 | Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docs_upload.php … | |
| CVE-2018-25427 | CRITICAL | 9.8 | 2026-06-01 | Arm Whois 3.11 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by supplying oversized input to the IP address or… | |
| CVE-2019-25727 | CRITICAL | 9.8 | 2026-06-04 | WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating th… | |
| CVE-2019-25729 | CRITICAL | 9.8 | 2026-06-04 | PDF Signer 3.0 contains a server-side template injection vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP commands through the… | |
| CVE-2019-25738 | CRITICAL | 9.8 | 2026-06-04 | WordPress Hybrid Composer 1.4.6 contains an unauthenticated settings change vulnerability that allows unauthenticated attackers to modify WordPress options by exploiting th… | |
| CVE-2019-25741 | CRITICAL | 9.8 | 2026-06-04 | Mobatek MobaXterm 12.1 contains a structured exception handling (SEH) based buffer overflow vulnerability in the username field of session files that allows remote attacker… | |
| CVE-2020-37168 | CRITICAL | 9.8 | 2026-05-13 | Ecommerce Systempay 1.0 contains a weak cryptographic implementation vulnerability that allows attackers to brute force the 16-character production secret key used for paym… | |
| CVE-2020-37228 | CRITICAL | 9.8 | 2026-05-16 | iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode… | |
| CVE-2020-37239 | CRITICAL | 9.8 | 2026-05-16 | libbabl 0.1.62 contains a broken double free detection vulnerability that allows attackers to bypass memory safety checks by exploiting signature overwriting in freed chunk… | |
| CVE-2021-47923 | CRITICAL | 9.8 | 2026-05-10 | OpenCart 3.0.3.8 contains a session fixation vulnerability that allows attackers to hijack user sessions by injecting arbitrary values into the OCSESSID cookie. Attackers c… | |
| CVE-2021-47932 | CRITICAL | 9.8 | 2026-05-10 | WordPress TheCartPress 1.5.3.6 contains an unauthenticated privilege escalation vulnerability that allows attackers to create administrator accounts by submitting crafted r… | |
| CVE-2021-47933 | CRITICAL | 9.8 | 2026-05-10 | WordPress MStore API 2.0.6 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the R… | |
| CVE-2021-47936 | CRITICAL | 9.8 | 2026-05-10 | OpenCATS 0.9.4 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by uploading malicious PHP files disguised… | |
| CVE-2021-47940 | CRITICAL | 9.8 | 2026-05-10 | WordPress Plugin Download From Files version 1.48 and earlier contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious file… | |
| CVE-2021-47952 | CRITICAL | 9.8 | 2026-05-16 | python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python commands by deserializing malicious JSON payloads c… | |
| CVE-2021-47965 | CRITICAL | 9.8 | 2026-05-15 | WordPress Plugin WP Super Edit 2.5.4 and earlier contains an unrestricted file upload vulnerability in the FCKeditor component that allows attackers to upload dangerous fil… | |
| CVE-2023-24215 | CRITICAL | 9.1 | 2026-05-18 | Incorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware v1.1.16 allows unauthenticated attackers to obtain administrator credentials via a crafted P… | |
| CVE-2023-54352 | CRITICAL | 9.8 | 2026-06-08 | WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by uploading malicious files to the th… | |
| CVE-2024-27890 | CRITICAL | 9.6 | 2026-06-04 | Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configurati… | |
| CVE-2024-27892 | CRITICAL | 9.6 | 2026-06-04 | Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configurati… |