Search
4,940 CVEs · Critical severity
CVEs (4,940, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 1–25 of 4,940 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↑ | Description |
|---|---|---|---|---|---|
| CVE-2025-5893 | CRITICAL | 9.8 | 2025-06-09 | Smart Parking Management System from Honding Technology has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to access a specif… | |
| CVE-2025-3835 | CRITICAL | Patched | 9.6 | 2025-06-09 | Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code execution in the Content Search module. |
| CVE-2025-48877 | CRITICAL | Patched | 9.8 | 2025-06-09 | Discourse is an open-source discussion platform. Prior to version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the… |
| CVE-2025-49013 | CRITICAL | 9.9 | 2025-06-09 | WilderForge is a Wildermyth coremodding API. A critical vulnerability has been identified in multiple projects across the WilderForge organization. The issue arises from un… | |
| CVE-2025-31396 | CRITICAL | 9.8 | 2025-06-09 | Deserialization of Untrusted Data vulnerability in themeton FLAP - Business WordPress Theme allows Object Injection. This issue affects FLAP - Business WordPress Theme: fro… | |
| CVE-2025-31398 | CRITICAL | 9.8 | 2025-06-09 | Deserialization of Untrusted Data vulnerability in themeton PIMP - Creative MultiPurpose allows Object Injection. This issue affects PIMP - Creative MultiPurpose: from n/a … | |
| CVE-2025-31429 | CRITICAL | 9.8 | 2025-06-09 | Deserialization of Untrusted Data vulnerability in themeton PressGrid - Frontend Publish Reaction & Multimedia Theme allows Object Injection. This issue affects PressGrid -… | |
| CVE-2025-49295 | CRITICAL | Patched | 9.8 | 2025-06-09 | Path Traversal: '.../...//' vulnerability in Mikado-Themes MediClinic mediclinic allows PHP Local File Inclusion.This issue affects MediClinic: from n/a through <= 2.1. |
| CVE-2025-49296 | CRITICAL | Patched | 9.8 | 2025-06-09 | Path Traversal: '.../...//' vulnerability in Mikado-Themes GrandPrix grandprix allows PHP Local File Inclusion.This issue affects GrandPrix: from n/a through <= 1.6. |
| CVE-2025-49297 | CRITICAL | Patched | 9.8 | 2025-06-09 | Path Traversal: '.../...//' vulnerability in Mikado-Themes Grill and Chow grillandchow allows PHP Local File Inclusion.This issue affects Grill and Chow: from n/a through <= 1.6. |
| CVE-2025-49136 | CRITICAL | Patched | 9.0 | 2025-06-09 | listmonk is a standalone, self-hosted, newsletter and mailing list manager. Starting in version 4.0.0 and prior to version 5.0.2, the `env` and `expandenv` template functio… |
| CVE-2025-49652 | CRITICAL | 9.8 | 2025-06-09 | Missing Authentication in the registration feature of Lablup's BackendAI allows arbitrary users to create user accounts that can access private data even when registration … | |
| CVE-2025-30184 | CRITICAL | Patched | 9.8 | 2025-06-09 | CyberData 011209 Intercom could allow an unauthenticated user access to the Web Interface through an alternate path. |
| CVE-2025-30515 | CRITICAL | Patched | 9.8 | 2025-06-09 | CyberData 011209 Intercom could allow an authenticated attacker to upload arbitrary files to multiple locations within the system. |
| CVE-2025-42989 | CRITICAL | 9.6 | 2025-06-10 | RFC inbound processing�does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation the atta… | |
| CVE-2025-1041 | CRITICAL | Patched | 9.9 | 2025-06-10 | An improper input validation discovered in Avaya Call Management System could allow an unauthorized remote command via a specially crafted web request. Affected version… |
| CVE-2025-40654 | CRITICAL | Patched | 9.8 | 2025-06-10 | A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the name … |
| CVE-2025-40655 | CRITICAL | Patched | 9.8 | 2025-06-10 | A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the name … |
| CVE-2025-40656 | CRITICAL | Patched | 9.8 | 2025-06-10 | A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the cod p… |
| CVE-2025-40657 | CRITICAL | Patched | 9.8 | 2025-06-10 | A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the codfo… |
| CVE-2025-43698 | CRITICAL | 9.1 | 2025-06-10 | Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows bypass of field level security controls for Salesforce objects. This impacts… | |
| CVE-2024-34711 | CRITICAL | Patched | 9.3 | 2025-06-10 | GeoServer is an open source server that allows users to share and edit geospatial data. An improper URI validation vulnerability exists that enables an unauthorized attacke… |
| CVE-2025-30220 | CRITICAL | Patched | 9.9 | 2025-06-10 | GeoServer is an open source server that allows users to share and edit geospatial data. GeoTools Schema class use of Eclipse XSD library to represent schema data structure … |
| CVE-2025-40585 | CRITICAL | 9.9 | 2025-06-10 | A vulnerability has been identified in Energy Services (All versions with G5DFR). Affected solutions using G5DFR contain default credentials. This could allow an attacker t… | |
| CVE-2024-57190 | CRITICAL | Patched | 9.8 | 2025-06-10 | Erxes <1.6.1 is vulnerable to Incorrect Access Control. An attacker can bypass authentication by providing a "User" HTTP header that contains any user, allowing them to tal… |