Search
31,035 CVEs · Critical severity
CVEs (31,035, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 276–300 of 31,035 (capped at 500)
| CVE ID ↑ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2011-5327 | CRITICAL | Patched | 9.8 | 2019-07-27 | In the Linux kernel before 3.1, an off by one in the drivers/target/loopback/tcm_loop.c tcm_loop_make_naa_tpg() function could result in at least memory corruption. |
| CVE-2011-5330 | CRITICAL | 9.8 | 2019-11-18 | Distributed Ruby (aka DRuby) 1.8 mishandles the sending of syscalls. | |
| CVE-2011-5331 | CRITICAL | 9.8 | 2019-11-18 | Distributed Ruby (aka DRuby) 1.8 mishandles instance_eval. | |
| CVE-2012-0391 | CRITICAL | Patched | 9.8 | 2012-01-08 | The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types… |
| CVE-2012-0507 | CRITICAL | 9.8 | 2012-06-07 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier a… | |
| CVE-2012-0694 | CRITICAL | Patched | 9.8 | 2019-10-29 | SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute arbitrary PHP code. |
| CVE-2012-0803 | CRITICAL | 9.8 | 2017-08-08 | The WS-SP UsernameToken policy in Apache CXF 2.4.5 and 2.5.1 allows remote attackers to bypass authentication by sending an empty UsernameToken as part of a SOAP request. | |
| CVE-2012-0824 | CRITICAL | 9.8 | 2019-11-19 | gnusound 0.7.5 has format string issue | |
| CVE-2012-0828 | CRITICAL | Patched | 9.8 | 2020-02-21 | Heap-based buffer overflow in Xchat-WDK before 1499-4 (2012-01-18) xchat 2.8.6 on Maemo architecture could allow remote attackers to cause a denial of service (xchat client… |
| CVE-2012-0911 | CRITICAL | Patched | 9.8 | 2012-07-12 | TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows remote attackers to execute arbitrary PHP code via a crafted serialized object in the (1) cookieName to lib/bann… |
| CVE-2012-0931 | CRITICAL | 9.8 | 2012-01-28 | Schneider Electric Modicon Quantum PLC does not perform authentication between the Unity software and PLC, which allows remote attackers to cause a denial of service or pos… | |
| CVE-2012-10001 | CRITICAL | Patched | 9.8 | 2021-01-06 | The Limit Login Attempts plugin before 1.7.1 for WordPress does not clear auth cookies upon a lockout, which might make it easier for remote attackers to conduct brute-forc… |
| CVE-2012-10019 | CRITICAL | Patched | 9.8 | 2025-07-19 | The Front End Editor plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the upload.php file in versions before 2.3. This m… |
| CVE-2012-10020 | CRITICAL | Patched | 9.8 | 2025-07-22 | The FoxyPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadify.php file in versions up to, and including, 0… |
| CVE-2012-10021 | CRITICAL | Patched | 9.8 | 2025-07-31 | A stack-based buffer overflow vulnerability exists in D-Link DIR-605L Wireless N300 Cloud Router firmware versions 1.12 and 1.13 via the getAuthCode() function. The flaw ar… |
| CVE-2012-10023 | CRITICAL | 9.8 | 2025-08-05 | A stack-based buffer overflow vulnerability exists in FreeFloat FTP Server version 1.0.0. The server fails to properly validate input passed to the USER command, allowing r… | |
| CVE-2012-10030 | CRITICAL | 9.8 | 2025-08-05 | FreeFloat FTP Server contains multiple critical design flaws that allow unauthenticated remote attackers to upload arbitrary files to sensitive system directories. The serv… | |
| CVE-2012-10054 | CRITICAL | Patched | 9.8 | 2025-08-13 | Umbraco CMS versions prior to 4.7.1 are vulnerable to unauthenticated remote code execution via the codeEditorSave.asmx SOAP endpoint, which exposes a SaveDLRScript operati… |
| CVE-2012-10060 | CRITICAL | Patched | 9.8 | 2025-08-13 | Sysax Multi Server versions prior to 5.55 contain a stack-based buffer overflow in its SSH service. When a remote attacker supplies an overly long username during authentic… |
| CVE-2012-10063 | CRITICAL | Patched | 9.8 | 2025-10-30 | Nagios XI versions prior to 2012R1.3 contain a SQL injection vulnerability in the legacy Core Configuration Manager (CCM) interface. Authenticated users could manipulate SQ… |
| CVE-2012-1124 | CRITICAL | 9.8 | 2020-02-11 | SQL injection vulnerability in search.php in phxEventManager 2.0 beta 5 allows remote attackers to execute arbitrary SQL commands via the search_terms parameter. | |
| CVE-2012-1187 | CRITICAL | 9.8 | 2019-10-29 | Bitlbee does not drop extra group privileges correctly in unix.c | |
| CVE-2012-1259 | CRITICAL | Patched | 9.8 | 2020-01-09 | Multiple SQL injection vulnerabilities in Plixer International Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204, and possibly other versions before 9.0.1.19899, allow remot… |
| CVE-2012-1301 | CRITICAL | 9.8 | 2017-04-13 | The FeedProxy.aspx script in Umbraco 4.7.0 allows remote attackers to proxy requests on their behalf via the "url" parameter. | |
| CVE-2012-1495 | CRITICAL | Patched | 9.8 | 2020-01-27 | install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter. |