Critical Severity CVEs Critical

1,151 documented vulnerabilities classified as critical severity.

Other levels: High Medium Low
2026
712
2025
230
2024
42
2023
99
2022
10
2021
12
2020
4
2019
14

Top Affected Vendors (Critical Severity)

Apache 16 Trustedfirmware 14 Microsoft 13 Schneider-Electric 12 Google 11 Mozilla 11 Tenda 11 Waterfall-Security 9 Linux 9 Joomla 8 Oracle 7 Rockwellautomation 6 Ibm 6 Crmperks 6 Acer 6

All Critical CVEs

Recent Highest Score Oldest
CVE-2026-45629
9.9 critical

Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.28.8 and earlier, authenticated OS command injection in the /listen-deployment WebSocket endpoint allows any organization member to execute arbitrary system commands on remote servers managed by Dokploy, leading to full server compr

May 29, 2026
CVE-2026-46376
9.8 critical

FreePBX is an open source IP PBX. From 15.0.42 to before 16.0.45 and 17.0.7, unauthenticated users may be able to access the User Control Panel (UCP) using hard-coded initial template credentials if these were not immediately changed by the Administrator who enabled UCP. Authenticated access to ACP

Sangoma Freepbx May 29, 2026
CVE-2026-45312
9.9 critical

RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In 0.24.0 and earlier, a Jinja2 template injection in the prompt generator (rag/prompts/generator.py) allows any authenticated user to execute arbitrary OS commands on the server. Any normal user can register, create a Canvas wor

May 29, 2026
CVE-2025-41277
9.8 critical

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating sys

Waterfall-Security Wf-500 Firmware May 29, 2026
CVE-2025-41276
9.8 critical

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating sys

Waterfall-Security Wf-500 Firmware May 29, 2026
CVE-2025-41275
9.8 critical

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating sys

Waterfall-Security Wf-500 Firmware May 29, 2026
CVE-2025-41274
9.8 critical

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating sys

Waterfall-Security Wf-500 Firmware May 29, 2026
CVE-2025-41273
9.8 critical

Nozomi Networks Labs identified a CWE-288: Authentication Bypass Using an Alternate Path or Channel in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to bypass authentication of the Console web application and perform

Waterfall-Security Wf-500 Firmware May 29, 2026
CVE-2025-41272
9.8 critical

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating sys

Waterfall-Security Wf-500 Firmware May 29, 2026
CVE-2025-41270
9.8 critical

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating sys

Waterfall-Security Wf-500 Firmware May 29, 2026
CVE-2025-41269
9.8 critical

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating sys

Waterfall-Security Wf-500 Firmware May 29, 2026
CVE-2025-41268
9.1 critical

Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Administration WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to delete arbitrary files on the Host machines.

Waterfall-Security Wf-500 Firmware May 29, 2026
CVE-2026-49201
9.8 critical

The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify, and re-encrypt system backups, facilitating persistent backdoor injection.

Acer Wave 7 Firmware May 29, 2026
CVE-2026-49200
9.8 critical

The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials (for web and Telnet), leading to unauthorized system access.

Acer Wave 7 Firmware May 29, 2026
CVE-2026-49199
9.8 critical

Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device.

Acer Predator Connect W6X Firmware May 29, 2026
CVE-2026-49197
9.8 critical

Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails.

Acer Predator Connect W6X Firmware May 29, 2026
CVE-2026-3655
9.8 critical

The OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass in versions 1.8.50 through 1.8.60. This is due to the Firebase verification flow in the `lwp_ajax_register` AJAX handler not binding the Firebase session to the phone number supplied in the

May 29, 2026
CVE-2026-8732
9.8 critical

The WP Maps Pro plugin for WordPress is vulnerable to Privilege Escalation via Administrator Account Creation in all versions up to, and including, 6.1.0. This is due to the wpgmp_temp_access_ajax AJAX action being registered with wp_ajax_nopriv_ and protected only by a nonce check using the fc-call

May 29, 2026
CVE-2026-9967
9.6 critical

Out of bounds write in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

May 28, 2026
CVE-2026-9918
9.6 critical

Inappropriate implementation in Tint in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

May 28, 2026
CVE-2026-9891
9.0 critical

Use after free in Extensions in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted Chrome Extension. (Chromium security severity: Critical)

Google Chrome May 28, 2026
CVE-2026-9886
9.6 critical

Use after free in Base in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

May 28, 2026
CVE-2026-9881
9.0 critical

Use after free in Bluetooth in Google Chrome on Mac prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. (Chromium security severity: Critical)

May 28, 2026
CVE-2026-9876
9.6 critical

Use after free in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

May 28, 2026