Top Critical CVEs - Common Vulnerabilities and Exposures

Be the first to spot emerging vulnerabilities and strengthen your defense. Explore the latest CVEs affecting software, systems, and networks worldwide.

High CVE Scores in the Last 30 Days - Latest 10 Top Critical CVEs

  • CVE-2025-41656
    An unauthenticated remote attacker can run arbitrary commands on the affected devices with high privileges because the authentication for the Node_RED server is not configured by default.... Score: 10/10
  • CVE-2025-49885
    Unrestricted Upload of File with Dangerous Type vulnerability in HaruTheme Drag and Drop Multiple File Upload (Pro) - WooCommerce allows Upload a Web Shell to a Web Server. This issue affects Drag and... Score: 10/10
  • CVE-2025-52572
    Hikka, a Telegram userbot, has vulnerability affects all users on all versions of Hikka. Two scenarios are possible. 1. Web interface does not have an authenticated session: attacker can use his own T... Score: 10/10
  • CVE-2025-4378
    Cleartext Transmission of Sensitive Information, Use of Hard-coded Credentials vulnerability in Ataturk University ATA-AOF Mobile Application allows Authentication Abuse, Authentication Bypass.This is... Score: 10/10
  • CVE-2025-32975
    Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) contains an ... Score: 10/10
  • CVE-2024-56731
    Gogs is an open source self-hosted Git service. Prior to version 0.13.3, it's still possible to delete files under the .git directory and achieve remote command execution due to an insufficient patch ... Score: 10/10
  • CVE-2025-52562
    Convoy is a KVM server management panel for hosting businesses. In versions 3.9.0-rc3 to before 4.4.1, there is a directory traversal vulnerability in the LocaleController component of Performave Conv... Score: 10/10
  • CVE-2025-6512
    On a client with a non-admin user, a script can be integrated into a report. The reports could later be executed on the BRAIN2 server with administrator rights.... Score: 10/10
  • CVE-2025-49132
    Pterodactyl is a free, open-source game server management panel. Prior to version 1.11.11, using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to e... Score: 10/10
  • CVE-2025-49447
    Unrestricted Upload of File with Dangerous Type vulnerability in Fastw3b LLC FW Food Menu allows Using Malicious Files. This issue affects FW Food Menu : from n/a through 6.0.0.... Score: 10/10