v.26.4.2314

Critical Severity Vulnerabilities

Found 1593 vulnerabilities at Critical severity.

Vulnerability Name

CVE

CWE

Severity

GibbonEdu CVE-2023-45878 Vulnerability (CVE-2023-45878)

CVE-2023-45878

-

Critical

XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-46731)

CVE-2023-46731

CWE-94

Critical

OpenVPN AS Use After Free Vulnerability (CVE-2023-46850)

CVE-2023-46850

CWE-416

Critical

Perl Improper Handling of Exceptional Conditions Vulnerability (CVE-2023-47100)

CVE-2023-47100

CWE-755

Critical

WeBid Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-47397)

CVE-2023-47397

CWE-94

Critical

ownCloud Improper Authentication Vulnerability (CVE-2023-49105)

CVE-2023-49105

CWE-287

Critical

phpMyFAQ Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2023-4006)

CVE-2023-4006

CWE-1236

Critical

Podcast Generator Server-Side Request Forgery (SSRF) Vulnerability (CVE-2023-53899)

CVE-2023-53899

CWE-918

Critical

ProjectSend Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-53980)

CVE-2023-53980

CWE-434

Critical

phpMyFAQ Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-5227)

CVE-2023-5227

CWE-434

Critical

Moodle Other Vulnerability (CVE-2023-5550)

CVE-2023-5550

-

Critical

phpMyFAQ Insufficient Session Expiration Vulnerability (CVE-2023-5865)

CVE-2023-5865

CWE-613

Critical

Wordpress Plugin Backup Migration CVE-2023-6553 Vulnerability (CVE-2023-6553)

CVE-2023-6553

-

Critical

osCommerce Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-6579)

CVE-2023-6579

CWE-138

Critical

Wordpress Plugin Backup Migration Inclusion of Functionality from Untrusted Control Sphere Vulnerability (CVE-2023-6971)

CVE-2023-6971

CWE-829

Critical

Wordpress Plugin Backup Migration Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2023-6972)

CVE-2023-6972

CWE-22

Critical

Sqlite Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2023-7104)

CVE-2023-7104

CWE-119

Critical

Pega Infinity Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-10094)

CVE-2024-10094

CWE-94

Critical

PHP Integer Overflow or Wraparound Vulnerability (CVE-2024-11236)

CVE-2024-11236

CWE-190

Critical

ProjectSend Incorrect Authorization Vulnerability (CVE-2024-11680)

CVE-2024-11680

CWE-863

Critical

WordPress Ultimate Member Plugin Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-1071)

CVE-2024-1071

CWE-138

Critical

MongoDb Improper Certificate Validation Vulnerability (CVE-2024-1351)

CVE-2024-1351

CWE-295

Critical

PHP Improper Encoding or Escaping of Output Vulnerability (CVE-2024-1874)

CVE-2024-1874

CWE-116

Critical

WebLogic CVE-2024-21181 Vulnerability (CVE-2024-21181)

CVE-2024-21181

-

Critical

WebLogic CVE-2024-21216 Vulnerability (CVE-2024-21216)

CVE-2024-21216

-

Critical

XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-21650)

CVE-2024-21650

CWE-94

Critical

Jenkins Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-23897)

CVE-2024-23897

CWE-22

Critical

PostgreSQL Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-24213)

CVE-2024-24213

CWE-138

Critical

GibbonEdu Improper Neutralization of Special Elements Used in a Template Engine Vulnerability (CVE-2024-24724)

CVE-2024-24724

CWE-138

Critical

Joomla Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2024-27185)

CVE-2024-27185

-

Critical

Ruby on Rails CVE-2024-28103 Vulnerability (CVE-2024-28103)

CVE-2024-28103

-

Critical

XWikiplatform Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-31982)

CVE-2024-31982

CWE-94

Critical

XWikiplatform Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-31996)

CVE-2024-31996

CWE-94

Critical

Masa CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-32641)

CVE-2024-32641

CWE-94

Critical

Moodle CVE-2024-33999 Vulnerability (CVE-2024-33999)

CVE-2024-33999

-

Critical

MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-34502)

CVE-2024-34502

CWE-352

Critical

CubeCart Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-34832)

CVE-2024-34832

CWE-22

Critical

WeBid Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-35409)

CVE-2024-35409

CWE-138

Critical

GeoServer Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-36401)

CVE-2024-36401

CWE-94

Critical

Roundcube Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2024-37385)

CVE-2024-37385

CWE-138

Critical

Craft CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-37843)

CVE-2024-37843

CWE-138

Critical

Apache HTTP Server Improper Encoding or Escaping of Output Vulnerability (CVE-2024-38474)

CVE-2024-38474

CWE-116

Critical

Apache HTTP Server Improper Encoding or Escaping of Output Vulnerability (CVE-2024-38475)

CVE-2024-38475

CWE-116

Critical

Apache HTTP Server CVE-2024-38476 Vulnerability (CVE-2024-38476)

CVE-2024-38476

-

Critical

Envoy Proxy Use After Free Vulnerability (CVE-2024-39305)

CVE-2024-39305

CWE-416

Critical

PHP Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2024-3566)

CVE-2024-3566

CWE-138

Critical

Django Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-42005)

CVE-2024-42005

CWE-138

Critical

Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-42008)

CVE-2024-42008

CWE-707

Critical

Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-42009)

CVE-2024-42009

CWE-707

Critical

Envoy Proxy Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2024-45806)

CVE-2024-45806

CWE-639

Critical

DOMPurify Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Vulnerability (CVE-2024-48910)

CVE-2024-48910

CWE-1321

Critical

CrushFTP Server Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-4040)

CVE-2024-4040

CWE-94

Critical

PHP Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2024-4577)

CVE-2024-4577

CWE-138

Critical

Apache Traffic Server Unchecked Return Value Vulnerability (CVE-2024-50306)

CVE-2024-50306

CWE-252

Critical

Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability (CVE-2024-50379)

CVE-2024-50379

CWE-367

Critical

Ampache Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-51490)

CVE-2024-51490

CWE-707

Critical

Apache Tomcat Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2024-52316)

CVE-2024-52316

CWE-754

Critical

CrushFTP Server Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2024-53552)

CVE-2024-53552

CWE-640

Critical

Django Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-53908)

CVE-2024-53908

CWE-138

Critical

Drupal Deserialization of Untrusted Data Vulnerability (CVE-2024-55636)

CVE-2024-55636

CWE-502

Critical

Drupal Deserialization of Untrusted Data Vulnerability (CVE-2024-55637)

CVE-2024-55637

CWE-502

Critical

Drupal Deserialization of Untrusted Data Vulnerability (CVE-2024-55638)

CVE-2024-55638

CWE-502

Critical

XWikiplatform Improper Encoding or Escaping of Output Vulnerability (CVE-2024-55663)

CVE-2024-55663

CWE-116

Critical

Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-56145)

CVE-2024-56145

CWE-94

Critical

XWikiplatform Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-56158)

CVE-2024-56158

CWE-138

Critical

axios Origin Validation Error Vulnerability (CVE-2024-57965)

CVE-2024-57965

CWE-346

Critical

Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-5314)

CVE-2024-5314

CWE-138

Critical

Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-5315)

CVE-2024-5315

CWE-138

Critical

MOVEit Transfer Improper Authentication Vulnerability (CVE-2024-6576)

CVE-2024-6576

CWE-287

Critical

Envoy Proxy CVE-2024-7207 Vulnerability (CVE-2024-7207)

CVE-2024-7207

-

Critical

MongoDb Use of Uninitialized Resource Vulnerability (CVE-2024-8654)

CVE-2024-8654

CWE-908

Critical

PHP Out-of-bounds Write Vulnerability (CVE-2024-8932)

CVE-2024-8932

CWE-787

Critical

Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-11165)

CVE-2025-11165

CWE-138

Critical

Undertow Improper Input Validation Vulnerability (CVE-2025-12543)

CVE-2025-12543

CWE-20

Critical

Jboss EAP Improper Input Validation Vulnerability (CVE-2025-12543)

CVE-2025-12543

CWE-20

Critical