Critical Severity Vulnerabilities

28.6K CVEs classified as critical severity

CRITICAL
Total CVEs
28.6K
Vulnerabilities
Avg CVSS
9.8
Critical
Max CVSS
9.8
Highest
Min CVSS
9.8
Lowest

Browse by Severity

Critical
28.6K
High
111.5K
Medium
128.7K
Low
9.9K

Critical Severity CVEs

Page 404 of 1190

CVE-2022-35726

CRITICAL
CVSS:9.8(Critical)

Broken Authentication vulnerability in yotuwp Video Gallery plugin <= 1.3.4.5 at WordPress.

CWE-2872022

CVE-2022-35712

CRITICAL
CVSS:9.8(Critical)

Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of ...

CWE-1222022

CVE-2022-35711

CRITICAL
CVSS:9.8(Critical)

Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of ...

CWE-1222022

CVE-2022-35710

CRITICAL
CVSS:9.8(Critical)

Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of...

CWE-1212022

CVE-2022-35690

CRITICAL
CVSS:9.8(Critical)

Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of...

CWE-1212022

CVE-2022-35649

CRITICAL
CVSS:9.8(Critical)

The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter results in a remote code execution risk for sites running Gh...

CWE-942022

CVE-2022-35628

CRITICAL
CVSS:9.8(Critical)

A SQL injection issue was discovered in the lux extension before 17.6.1, and 18.x through 24.x before 24.0.2, for TYPO3.

CWE-892022

CVE-2022-35620

CRITICAL
CVSS:9.8(Critical)

D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remote code execution (RCE) vulnerability via the function binary.soapcgi_main.

NVD-CWE-Other2022

CVE-2022-35619

CRITICAL
CVSS:9.8(Critical)

D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remote code execution (RCE) vulnerability via the function ssdpcgi_main.

NVD-CWE-Other2022

CVE-2022-35606

CRITICAL
CVSS:9.8(Critical)

A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameter 'customerCode.'

CWE-892022

CVE-2022-35605

CRITICAL
CVSS:9.8(Critical)

A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as 'users', 'pass', etc.

CWE-892022

CVE-2022-35603

CRITICAL
CVSS:9.8(Critical)

A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt.

CWE-892022

CVE-2022-35602

CRITICAL
CVSS:9.8(Critical)

A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter user.

CWE-892022

CVE-2022-35601

CRITICAL
CVSS:9.8(Critical)

A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt.

CWE-892022

CVE-2022-35599

CRITICAL
CVSS:9.8(Critical)

A SQL injection vulnerability in Stocks.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter productcode.

CWE-892022

CVE-2022-35598

CRITICAL
CVSS:9.8(Critical)

A SQL injection vulnerability in ConnectionFactoryDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter username.

CWE-892022

CVE-2022-35583

CRITICAL
CVSS:9.8(Critical)

wkhtmlTOpdf 0.12.6 is vulnerable to SSRF which allows an attacker to get initial access into the target's system by injecting iframe tag with initial asset IP address on it's source. This allows the a...

CWE-9182022

CVE-2022-35559

CRITICAL
CVSS:9.8(Critical)

A stack overflow vulnerability exists in /goform/setAutoPing in Tenda W6 V1.0.0.9(4122), which allows an attacker to construct ping1 parameters and ping2 parameters for a stack overflow attack. An att...

CWE-7872022

CVE-2022-35555

CRITICAL
CVSS:9.8(Critical)

A command injection vulnerability exists in /goform/exeCommand in Tenda W6 V1.0.0.9(4122), which allows attackers to construct cmdinput parameters for arbitrary command execution.

CWE-782022

CVE-2022-35540

CRITICAL
CVSS:9.8(Critical)

Hardcoded JWT Secret in AgileConfig <1.6.8 Server allows remote attackers to use the generated JWT token to gain administrator access.

CWE-7982022

CVE-2022-35538

CRITICAL
CVSS:9.8(Critical)

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameters: delete_list, delete_al_mac, b_delete_list and b_delete_al_mac, which leads to command injection in pag...

NVD-CWE-Other2022

CVE-2022-35537

CRITICAL
CVSS:9.8(Critical)

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameters: mac_5g and Newname, which leads to command injection in page /wifi_mesh.shtml.

NVD-CWE-Other2022

CVE-2022-35536

CRITICAL
CVSS:9.8(Critical)

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no filtering on parameters: qos_bandwith and qos_dat, which leads to command injection in page /qos.shtml.

NVD-CWE-Other2022

CVE-2022-35535

CRITICAL
CVSS:9.8(Critical)

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameter macAddr, which leads to command injection in page /wifi_mesh.shtml.

NVD-CWE-Other2022