Search
31,035 CVEs · Critical severity
CVEs (31,035, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 351–375 of 31,035 (capped at 500)
| CVE ID ↑ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2012-6437 | CRITICAL | Patched | 9.8 | 2013-01-24 | The device does not properly authenticate users and the potential exists for a remote user to upload a new firmware image to the Ethernet card, whether it is a corrupt or l… |
| CVE-2012-6451 | CRITICAL | Patched | 9.8 | 2020-01-24 | Lorex LNC116 and LNC104 IP Cameras have a Remote Authentication Bypass Vulnerability |
| CVE-2012-6611 | CRITICAL | Patched | 9.8 | 2020-02-10 | An issue was discovered in Polycom Web Management Interface G3/HDX 8000 HD with Durango 2.6.0 4740 software and embedded Polycom Linux Development Platform 2.14.g3. It has … |
| CVE-2012-6649 | CRITICAL | 9.8 | 2020-01-23 | WordPress WP GPX Maps Plugin 1.1.21 allows remote attackers to execute arbitrary PHP code via improper file upload. | |
| CVE-2012-6652 | CRITICAL | 9.8 | 2019-05-13 | Directory traversal vulnerability in pageflipbook.php script from index.php in Page Flip Book plugin for WordPress (wppageflip) allows remote attackers to include and execu… | |
| CVE-2012-6664 | CRITICAL | 9.1 | 2024-06-21 | Multiple directory traversal vulnerabilities in the TFTP Server in Distinct Intranet Servers 3.10 and earlier allow remote attackers to read or write arbitrary files via a … | |
| CVE-2012-6696 | CRITICAL | Patched | 9.8 | 2017-09-25 | inspircd in Debian before 2.0.7 does not properly handle unsigned integers. NOTE: This vulnerability exists because of an incomplete fix to CVE-2012-1836. |
| CVE-2012-6706 | CRITICAL | Patched | 9.8 | 2017-06-22 | A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to… |
| CVE-2012-6710 | CRITICAL | Patched | 9.8 | 2018-10-07 | ext_find_user in eXtplorer through 2.1.2 allows remote attackers to bypass authentication via a password[]= (aka an empty array) in an action=login request to index.php. |
| CVE-2012-6712 | CRITICAL | Patched | 9.8 | 2019-07-27 | In the Linux kernel before 3.4, a buffer overflow occurs in drivers/net/wireless/iwlwifi/iwl-agn-sta.c, which will cause at least memory corruption. |
| CVE-2012-6719 | CRITICAL | Patched | 9.8 | 2019-08-28 | The sharebar plugin before 1.2.2 for WordPress has SQL injection. |
| CVE-2013-0022 | CRITICAL | 9.0 | 2013-02-13 | Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted obj… | |
| CVE-2013-0422 | CRITICAL | Patched | 9.8 | 2013-01-10 | Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMB… |
| CVE-2013-0625 | CRITICAL | 9.8 | 2013-01-09 | Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecif… | |
| CVE-2013-0632 | CRITICAL | 9.8 | 2013-01-17 | administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and possibly execute arbitrary code by logging in to the RD… | |
| CVE-2013-0803 | CRITICAL | 9.8 | 2020-02-11 | A PHP File Upload Vulnerability exists in PolarBear CMS 2.5 via upload.php, which could let a malicious user execute arbitrary code. | |
| CVE-2013-0870 | CRITICAL | 9.8 | 2017-08-28 | The 'vp3_decode_frame' function in FFmpeg 1.1.4 moves threads check out of header packet type check. | |
| CVE-2013-10040 | CRITICAL | Patched | 9.8 | 2025-07-31 | ClipBucket version 2.6 and earlier contains a critical vulnerability in the ofc_upload_image.php script located at /admin_area/charts/ofc-library/. This endpoint allows una… |
| CVE-2013-10042 | CRITICAL | Patched | 9.8 | 2025-07-31 | A stack-based buffer overflow vulnerability exists in freeFTPd version 1.0.10 and earlier in the handling of the FTP PASS command. When an attacker sends a specially crafte… |
| CVE-2013-10048 | CRITICAL | Patched | 9.8 | 2025-08-01 | An OS command injection vulnerability exists in various legacy D-Link routers—including DIR-300 rev B and DIR-600 (firmware ≤ 2.13 and ≤ 2.14b01, respectively)—due to impro… |
| CVE-2013-10051 | CRITICAL | Patched | 9.8 | 2025-08-01 | A remote PHP code execution vulnerability exists in InstantCMS version 1.6 and earlier due to unsafe use of eval() within the search view handler. Specifically, user-suppli… |
| CVE-2013-10069 | CRITICAL | Patched | 9.8 | 2025-08-05 | The web interface of multiple D-Link routers, including DIR-600 rev B (≤2.14b01) and DIR-300 rev B (≤2.13), contains an unauthenticated OS command injection vulnerability i… |
| CVE-2013-10075 | CRITICAL | Patched | 9.1 | 2026-05-08 | Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The session stores Apache::Session::Store::File and Apache::Session::Store::DB_File will create… |
| CVE-2013-1350 | CRITICAL | Patched | 9.1 | 2020-01-30 | Verax NMS prior to 2.1.0 has multiple security bypass vulnerabilities |
| CVE-2013-1359 | CRITICAL | 9.8 | 2020-02-11 | An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UM… |