Top Critical CVEs - Common Vulnerabilities and Exposures
Be the first to spot emerging vulnerabilities and strengthen your defense. Explore the latest CVEs affecting software, systems, and networks worldwide.
High CVE Scores in the Last 30 Days - Latest 10 Top Critical CVEs
An unauthenticated remote attacker can run arbitrary commands on the affected devices with high privileges because the authentication for the Node_RED server is not configured by default....Score: 10/10
Unrestricted Upload of File with Dangerous Type vulnerability in HaruTheme Drag and Drop Multiple File Upload (Pro) - WooCommerce allows Upload a Web Shell to a Web Server. This issue affects Drag and...Score: 10/10
Hikka, a Telegram userbot, has vulnerability affects all users on all versions of Hikka. Two scenarios are possible. 1. Web interface does not have an authenticated session: attacker can use his own T...Score: 10/10
Cleartext Transmission of Sensitive Information, Use of Hard-coded Credentials vulnerability in Ataturk University ATA-AOF Mobile Application allows Authentication Abuse, Authentication Bypass.This is...Score: 10/10
Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) contains an ...Score: 10/10
Gogs is an open source self-hosted Git service. Prior to version 0.13.3, it's still possible to delete files under the .git directory and achieve remote command execution due to an insufficient patch ...Score: 10/10
Convoy is a KVM server management panel for hosting businesses. In versions 3.9.0-rc3 to before 4.4.1, there is a directory traversal vulnerability in the LocaleController component of Performave Conv...Score: 10/10
On a client with a non-admin user, a script can be integrated into a report. The reports could later be executed on the BRAIN2 server with administrator rights....Score: 10/10
Pterodactyl is a free, open-source game server management panel. Prior to version 1.11.11, using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to e...Score: 10/10
Unrestricted Upload of File with Dangerous Type vulnerability in Fastw3b LLC FW Food Menu allows Using Malicious Files. This issue affects FW Food Menu : from n/a through 6.0.0....Score: 10/10