Search
127 CVEs · Critical severity
CVEs (127)
Showing 1–25 of 127
| CVE ID ↑ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2019-25727 | CRITICAL | 9.8 | 2026-06-04 | WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating th… | |
| CVE-2019-25729 | CRITICAL | 9.8 | 2026-06-04 | PDF Signer 3.0 contains a server-side template injection vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP commands through the… | |
| CVE-2019-25738 | CRITICAL | 9.8 | 2026-06-04 | WordPress Hybrid Composer 1.4.6 contains an unauthenticated settings change vulnerability that allows unauthenticated attackers to modify WordPress options by exploiting th… | |
| CVE-2019-25741 | CRITICAL | 9.8 | 2026-06-04 | Mobatek MobaXterm 12.1 contains a structured exception handling (SEH) based buffer overflow vulnerability in the username field of session files that allows remote attacker… | |
| CVE-2023-54352 | CRITICAL | 9.8 | 2026-06-08 | WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by uploading malicious files to the th… | |
| CVE-2024-27890 | CRITICAL | 9.6 | 2026-06-04 | Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configurati… | |
| CVE-2024-27892 | CRITICAL | 9.6 | 2026-06-04 | Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configurati… | |
| CVE-2024-58348 | CRITICAL | 9.8 | 2026-06-08 | WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability that allows unauthenticated attackers to upload arbitrary files by accessing t… | |
| CVE-2024-58349 | CRITICAL | 9.8 | 2026-06-08 | WordPress Theme Travelscape 1.0.3 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting insufficient… | |
| CVE-2025-14771 | CRITICAL | 9.9 | 2026-06-03 | Files or directories accessible to external parties vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24. | |
| CVE-2025-53209 | CRITICAL | 9.8 | 2026-06-02 | Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0. | |
| CVE-2025-67446 | CRITICAL | 9.8 | 2026-06-04 | Improper Authentication (Authentication Bypass) exists in Neterbit NW-431F Router 20241014-IR03 and before. The router uses a weak/predictable cookie value for authenticati… | |
| CVE-2025-67447 | CRITICAL | 9.8 | 2026-06-04 | The network diagnosis (ping) module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to OS command injection. The application does not properly sanitize us… | |
| CVE-2025-71316 | CRITICAL | 9.8 | 2026-06-04 | SQLite 'sqldiff.exe' does not securely handle the way the Microsoft Windows C runtime converts Unicode characters to ANSI codepages. An attacker could use the '-L' option … | |
| CVE-2025-71317 | CRITICAL | 9.8 | 2026-06-05 | NetMan 204 contains a hard-coded backdoor account with the username and password 'eurek' that grants administrative access. A remote, unauthenticated attacker can authentic… | |
| CVE-2025-71318 | CRITICAL | 9.8 | 2026-06-05 | NetMan 204 fails to enforce authentication on its administrative pages and command endpoints. A remote, unauthenticated attacker can directly request administrative pages (… | |
| CVE-2026-0611 | CRITICAL | Patched | 9.8 | 2026-06-02 | Spacelabs Healthcare Sentinel versions 10.5.x and higher and 11.x.x before 11.6.0 contain an unauthenticated remote code execution vulnerability through a deprecated .NET R… |
| CVE-2026-10580 | CRITICAL | 9.8 | 2026-06-05 | The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass leading to Administrator Account Takeover in all versions up to and includ… | |
| CVE-2026-10840 | CRITICAL | 9.6 | 2026-06-04 | A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and ce… | |
| CVE-2026-10879 | CRITICAL | Patched | 9.8 | 2026-06-05 | DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The preparse method expands SQL placeholder characters to … |
| CVE-2026-10880 | CRITICAL | 9.8 | 2026-06-04 | OSNexus QuantaStor SDS Manager is vulnerable to SQL injection in the login endpoint. The username field is not properly sanitized before being incorporated into a SQL query… | |
| CVE-2026-10881 | CRITICAL | Patched | 9.6 | 2026-06-04 | Out of bounds read and write in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Ch… |
| CVE-2026-10886 | CRITICAL | Patched | 9.6 | 2026-06-04 | Use after free in FileSystem in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium se… |
| CVE-2026-10892 | CRITICAL | Patched | 9.6 | 2026-06-04 | Out of bounds write in GPU in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Ch… |
| CVE-2026-10931 | CRITICAL | Patched | 9.6 | 2026-06-04 | Use after free in FileSystem in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium se… |