Search
1,812 CVEs · Critical severity
CVEs (1,812, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 1–25 of 1,812 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↑ | Description |
|---|---|---|---|---|---|
| CVE-2026-23813 | CRITICAL | 9.8 | 2026-03-11 | A vulnerability has been identified in the web-based management interface of AOS-CX switches that could potentially allow an unauthenticated remote actor to circumvent exis… | |
| CVE-2026-29515 | CRITICAL | 9.8 | 2026-03-11 | MiCode FileExplorer contains an authentication bypass vulnerability in the embedded SwiFTP FTP server component that allows network attackers to log in without valid creden… | |
| CVE-2023-27573 | CRITICAL | Patched | 9.0 | 2026-03-11 | netbox-docker before 2.5.0 has a superuser account with default credentials (admin password for the admin account, and 0123456789abcdef0123456789abcdef01234567 value for SU… |
| CVE-2026-24448 | CRITICAL | 9.8 | 2026-03-11 | Use of hard-coded credentials issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to obtain administrative access. | |
| CVE-2026-27842 | CRITICAL | 9.8 | 2026-03-11 | Authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to bypass authentication and change the device configuration. | |
| CVE-2026-2631 | CRITICAL | Patched | 9.8 | 2026-03-11 | The Datalogics Ecommerce Delivery WordPress plugin before 2.6.60 exposes an unauthenticated REST endpoint that allows any remote user to modify the option `datalogics_toke… |
| CVE-2026-3826 | CRITICAL | Patched | 9.8 | 2026-03-11 | IFTOP developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server. |
| CVE-2026-30903 | CRITICAL | Patched | 9.6 | 2026-03-11 | External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege… |
| CVE-2026-27897 | CRITICAL | Patched | 10.0 | 2026-03-11 | Vociferous provides cross-platform, offline speech-to-text with local AI refinement. Prior to 4.4.2, the vulnerability exists in src/api/system.py within the export_file ro… |
| CVE-2026-28229 | CRITICAL | Patched | 9.8 | 2026-03-11 | Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to 4.0.2 and 3.7.11, Workflow templates endpoints all… |
| CVE-2026-30741 | CRITICAL | Patched | 9.8 | 2026-03-11 | A remote code execution (RCE) vulnerability in OpenClaw Agent Platform v2026.2.6 allows attackers to execute arbitrary code via a Request-Side prompt injection attack. |
| CVE-2025-67035 | CRITICAL | 9.8 | 2026-03-11 | An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS injection vulnerabilities due to missing sanitizatio… | |
| CVE-2025-67038 | CRITICAL | 9.8 | 2026-03-11 | An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directl… | |
| CVE-2025-67039 | CRITICAL | 9.1 | 2026-03-11 | An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The authentication on management pages can be bypassed by appending a specific suffix to the URL and by sending an… | |
| CVE-2025-67041 | CRITICAL | 9.8 | 2026-03-11 | An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client in the Filesystem Browser page is not properly sanitized. This can be exploi… | |
| CVE-2025-70082 | CRITICAL | 9.8 | 2026-03-11 | An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitrary code and obtain sensitive information via the ltrx_evo component | |
| CVE-2026-31840 | CRITICAL | Patched | 9.8 | 2026-03-11 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.2 and 8.6.28, an attacker can use a dot-notatio… |
| CVE-2026-31852 | CRITICAL | 10.0 | 2026-03-11 | Jellyfin is an open-source media system. The code-quality.yml GitHub Actions workflow in jellyfin/jellyfin-ios is vulnerable to arbitrary code execution via pull requests f… | |
| CVE-2026-31856 | CRITICAL | Patched | 9.8 | 2026-03-11 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A SQL injection vulnerability exists in the PostgreSQL storage adapt… |
| CVE-2026-31862 | CRITICAL | Patched | 9.1 | 2026-03-11 | Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.24.0, multiple Git-related API endpoints use execAs… |
| CVE-2026-31871 | CRITICAL | Patched | 9.8 | 2026-03-11 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.5 and 8.6.31, a SQL injection vulnerability exi… |
| CVE-2026-31975 | CRITICAL | Patched | 9.8 | 2026-03-11 | Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.25.0, OS Command Injection via WebSocket Shell. Bot… |
| CVE-2018-25159 | CRITICAL | 9.8 | 2026-03-11 | Epross AVCON6 systems management platform contains an object-graph navigation language (OGNL) injection vulnerability that allows unauthenticated attackers to execute arbit… | |
| CVE-2019-25468 | CRITICAL | 9.8 | 2026-03-11 | NetGain EM Plus 10.1.68 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious pa… | |
| CVE-2019-25471 | CRITICAL | Patched | 9.8 | 2026-03-11 | FileThingie 2.5.7 contains an arbitrary file upload vulnerability that allows attackers to upload malicious files by sending ZIP archives through the ft2.php endpoint. Atta… |