v.26.4.2314

Critical Severity Vulnerabilities

Found 1593 vulnerabilities at Critical severity.

Vulnerability Name

CVE

CWE

Severity

Progress Kemp LoadMaster RCE (CVE-2024-1212)

CVE-2024-1212

CWE-78

Critical

Telerik Report Server Authentication Bypass Vulnerability

CVE-2024-4358

CWE-287

Critical

Rejetto HTTP File Server SSTI RCE (CVE-2024-23692)

CVE-2024-23692

CWE-1336

Critical

Remote File Inclusion

CWE-98

Critical

ScreenConnect Auth bypass (CVE-2024-1709)

CVE-2024-1708

CWE-288

Critical

ServiceNow SSTI (CVE-2024-4879)

CVE-2024-5217

CWE-1287

Critical

SolarWinds Web Help Desk Hardcoded Credential (CVE-2024-28987)

CVE-2024-28987

CWE-798

Critical

SolarWinds Web Help Desk RCE (CVE-2024-28986)

CVE-2024-28986

CWE-502

Critical

SuiteCRM SQL Injection (CVE-2024-36412)

CVE-2024-36412

CWE-89

Critical

SysAid On-Premise RCE (CVE-2023-47246)

CVE-2023-47246

CWE-22

Critical

TeamCity Authentication Bypass (CVE-2024-27198)

CVE-2024-27198

CWE-288

Critical

Kramer VIAware RCE (CVE-2021-36356/CVE-2021-35064)

CVE-2021-35064

CWE-434

Critical

VMware Aria Operations for Networks RCE (CVE-2023-20887)

CVE-2023-20887

CWE-77

Critical

ColdFusion WDDX Deserialization RCE (CVE-2023-44353)

CVE-2023-44353

CWE-502

Critical

Lucee CF_CLIENT_ RCE

CWE-200

Critical

Lucee Unset Admin Password

CWE-200

Critical

Unrestricted access to Apache HugeGraph

CWE-200

Critical

Apache Struts Path traversal (S2-067/CVE-2024-53677, S2-066/CVE-2023-50164)

CVE-2023-50164

CWE-434

Critical

Adobe Commerce/Magento "SessionReaper" RCE (CVE-2025-54236)

CVE-2025-54236

CWE-20

Critical

Apache Tika XXE via PDF XFA Content (CVE-2025-66516)

CVE-2025-66516

CWE-611

Critical

Craft CMS register_argc_argv RCE (CVE-2024-56145)

CVE-2024-56145

CWE-94

Critical

Craft CMS RCE (CVE-2025-32432)

CVE-2025-32432

CWE-470

Critical

CrushFTP Authentication Bypass (CVE-2025-2825)

CVE-2025-2825

CWE-287

Critical

Django SQL Injection via _connector parameter (CVE-2025-64459)

CVE-2025-64459

CWE-89

Critical

FortiWeb Authentication Bypass (CVE-2025-64446)

CVE-2025-58034

CWE-23

Critical

Ingress-Nginx "IngressNightmare" RCE (CVE-2025-1974)

CVE-2025-1974

CWE-653

Critical

Kentico Staging API Authentication Bypass

CVE-2025-2746

CWE-287

Critical

LLM Command Injection

CWE-78

Critical

Next.js/React Server Components RCE (CVE-2025-55182 & CVE-2025-66478)

CVE-2025-66478

CWE-502

Critical

Oracle E-Business Suite SSRF (CVE-2025-61882)

CVE-2025-61882

CWE-918

Critical

Oracle Identity Manager Authentication Bypass (CVE-2025-61757)

CVE-2025-61757

CWE-306

Critical

PAN-OS Management Interface Authentication Bypass (CVE-2025-0108)

CVE-2025-0108

CWE-287

Critical

SAP NetWeaver Visual Composer Unrestricted File Uploading (CVE-2025-31324)

CVE-2025-31324

CWE-434

Critical

Server-Side Request Forgery (Cloud Metadata)

CWE-918

Critical

SharePoint "ToolShell" RCE (CVE-2025-49704/CVE-2025-49706/CVE-2025-53770/CVE-2025-53771)

CVE-2025-53771

CWE-287

Critical

Sitecore XM/XP Insecure Deserialization (CVE-2025-27218)

CVE-2025-27218

CWE-502

Critical

ASP.NET ViewState Weak Validation Key

CWE-321

Critical

Wing FTP Server RCE (CVE-2025-47812)

CVE-2025-47812

CWE-158

Critical

Citrix NetScaler Memory Disclosure 'Citrix Bleed 2' (CVE-2025-5777)

CVE-2025-5349

CWE-457

Critical

CWP (Control Web Panel) < 0.9.8.1205 - Remote Code Execution (CVE-2025-48703)

CVE-2025-48703

CWE-78

Critical

Citrix NetScaler Memory Overread (CVE-2026-3055)

CVE-2026-3055

CWE-125

Critical

Laravel Livewire RCE (CVE-2025-54068)

CVE-2025-54068

CWE-94

Critical

Vulnerable Laravel Livewire version (CVE-2025-54068)

CVE-2025-54068

CWE-94

Critical

Nginx UI Information Disclosure (CVE-2026-27944)

CVE-2026-27944

CWE-311

Critical

SmarterTools SmarterMail Admin Password Reset (CVE-2026-23760)

CVE-2026-23760

CWE-288

Critical

Apache HTTP Server Other Vulnerability (CVE-1999-0067)

CVE-1999-0067

Critical

Internet Information Services Other Vulnerability (CVE-1999-0233)

CVE-1999-0233

Critical

PHP Other Vulnerability (CVE-1999-0238)

CVE-1999-0238

Critical

Internet Information Services Other Vulnerability (CVE-1999-0407)

CVE-1999-0407

Critical

Internet Information Services Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-1999-0874)

CVE-1999-0874

CWE-119

Critical

Apache HTTP Server Other Vulnerability (CVE-1999-0926)

CVE-1999-0926

Critical

Internet Information Services Permissions, Privileges, and Access Controls Vulnerability (CVE-1999-1011)

CVE-1999-1011

CWE-264

Critical

Oracle HTTP Server Other Vulnerability (CVE-1999-1125)

CVE-1999-1125

Critical

Apache HTTP Server Other Vulnerability (CVE-1999-1199)

CVE-1999-1199

Critical

Apache HTTP Server Other Vulnerability (CVE-1999-1293)

CVE-1999-1293

Critical

Internet Information Services Other Vulnerability (CVE-1999-1376)

CVE-1999-1376

Critical

PHP Other Vulnerability (CVE-2000-0059)

CVE-2000-0059

Critical

Zope Web Application Server Other Vulnerability (CVE-2000-0062)

CVE-2000-0062

Critical

PHP Other Vulnerability (CVE-2000-0967)

CVE-2000-0967

Critical

Apache HTTP Server Improper Handling of Case Sensitivity Vulnerability (CVE-2001-0766)

CVE-2001-0766

CWE-178

Critical

Microsoft SQL Server Other Vulnerability (CVE-2002-0721)

CVE-2002-0721

Critical

Microsoft SQL Server Other Vulnerability (CVE-2002-1145)

CVE-2002-1145

Critical

PostgreSQL Other Vulnerability (CVE-2002-1399)

CVE-2002-1399

Critical

Oracle Database Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2003-0095)

CVE-2003-0095

CWE-119

Critical

Oracle Database Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2003-0096)

CVE-2003-0096

CWE-119

Critical

MySQL Other Vulnerability (CVE-2003-0150)

CVE-2003-0150

Critical

Oracle Database Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2003-0222)

CVE-2003-0222

CWE-119

Critical

Internet Information Services Other Vulnerability (CVE-2003-0224)

CVE-2003-0224

Critical

OpenSSL Double Free Vulnerability (CVE-2003-0545)

CVE-2003-0545

CWE-415

Critical

MySQL Other Vulnerability (CVE-2003-0780)

CVE-2003-0780

Critical

Apache HTTP Server CVE-2003-0789 Vulnerability (CVE-2003-0789)

CVE-2003-0789

Critical

PHP Other Vulnerability (CVE-2003-0860)

CVE-2003-0860

Critical

PHP Other Vulnerability (CVE-2003-0861)

CVE-2003-0861

Critical

Apache HTTP Server Other Vulnerability (CVE-2004-0492)

CVE-2004-0492

Critical

IBMHttpServer Other Vulnerability (CVE-2004-0492)

CVE-2004-0492

Critical