Search
31,035 CVEs · Critical severity
CVEs (31,035, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 376–400 of 31,035 (capped at 500)
| CVE ID ↑ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2013-1360 | CRITICAL | 9.8 | 2020-02-11 | An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UM… | |
| CVE-2013-1400 | CRITICAL | 9.8 | 2020-02-13 | Multiple SQL injection vulnerabilities in CWPPoll.js in WordPress Poll Plugin 34.5 for WordPress allow attackers to execute arbitrary SQL commands via the pollid or poll_id… | |
| CVE-2013-1401 | CRITICAL | 9.8 | 2020-02-13 | Multiple security bypass vulnerabilities in the editAnswer, deleteAnswer, addAnswer, and deletePoll functions in WordPress Poll Plugin 34.5 for WordPress allow a remote att… | |
| CVE-2013-1430 | CRITICAL | Patched | 9.8 | 2016-12-16 | An issue was discovered in xrdp before 0.9.1. When successfully logging in using RDP into an xrdp session, the file ~/.vnc/sesman_${username}_passwd is created. Its content… |
| CVE-2013-1437 | CRITICAL | Patched | 9.8 | 2020-01-28 | Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value. |
| CVE-2013-1465 | CRITICAL | Patched | 9.8 | 2013-02-08 | The Cubecart::_basket method in classes/cubecart.class.php in CubeCart 5.0.0 through 5.2.0 allows remote attackers to unserialize arbitrary PHP objects via a crafted shippi… |
| CVE-2013-1591 | CRITICAL | Patched | 9.8 | 2013-01-31 | Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vectors. NOTE: … |
| CVE-2013-1592 | CRITICAL | 9.8 | 2020-01-23 | A Buffer Overflow vulnerability exists in the Message Server service _MsJ2EE_AddStatistics() function when sending specially crafted SAP Message Server packets to remote TC… | |
| CVE-2013-1595 | CRITICAL | 9.8 | 2020-01-24 | A Buffer Overflow vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via a specially crafted packet in the Authorization header field sent to the RTSP service… | |
| CVE-2013-1599 | CRITICAL | Patched | 9.8 | 2020-01-28 | A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd.cgi script in D-Link IP Cameras DCS-3411/3430 firmware 1.02, DCS-5605/5635 1.01, DCS-1100L/1130L 1.04,… |
| CVE-2013-1607 | CRITICAL | Patched | 9.8 | 2020-02-11 | Ruby PDFKit gem prior to 0.5.3 has a Code Execution Vulnerability |
| CVE-2013-1666 | CRITICAL | Patched | 9.8 | 2019-11-01 | Foswiki before 1.1.8 contains a code injection vulnerability in the MAKETEXT macro. |
| CVE-2013-1744 | CRITICAL | Patched | 9.8 | 2020-01-25 | IRIS citations management tool through 1.3 allows remote attackers to execute arbitrary commands. |
| CVE-2013-1751 | CRITICAL | Patched | 9.8 | 2019-11-07 | TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted '%MAKETEXT{}%' parameter value containing Perl backtick characters. |
| CVE-2013-1910 | CRITICAL | 9.8 | 2019-10-31 | yum does not properly handle bad metadata, which allows an attacker to cause a denial of service and possibly have other unspecified impact via a Trojan horse file in the m… | |
| CVE-2013-20002 | CRITICAL | Patched | 9.8 | 2021-06-17 | Elemin allows remote attackers to upload and execute arbitrary PHP code via the Themify framework (before 1.2.2) wp-content/themes/elemin/themify/themify-ajax.php file. |
| CVE-2013-20004 | CRITICAL | Patched | 9.8 | 2022-02-06 | A flaw was found in StarWind iSCSI target. StarWind service does not limit client connections and allocates memory on each connection attempt. An attacker could create a de… |
| CVE-2013-2010 | CRITICAL | Patched | 9.8 | 2020-02-12 | WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability |
| CVE-2013-2018 | CRITICAL | 9.8 | 2020-02-20 | Multiple SQL injection vulnerabilities in BOINC allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |
| CVE-2013-2057 | CRITICAL | Patched | 9.8 | 2020-02-11 | YaBB through 2.5.2: 'guestlanguage' Cookie Parameter Local File Include Vulnerability |
| CVE-2013-2060 | CRITICAL | 9.8 | 2020-01-28 | The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart. | |
| CVE-2013-2091 | CRITICAL | 9.8 | 2019-11-20 | SQL injection vulnerability in Dolibarr ERP/CRM 3.3.1 allows remote attackers to execute arbitrary SQL commands via the 'pays' parameter in fiche.php. | |
| CVE-2013-2093 | CRITICAL | 9.8 | 2019-11-20 | Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewimage.php and barcode.lib.php which allows remote attackers to execute arbitrary commands. | |
| CVE-2013-2095 | CRITICAL | 9.8 | 2019-12-10 | rubygem-openshift-origin-controller: API can be used to create applications via cartridge_cache.rb URI.prase() to perform command injection | |
| CVE-2013-2159 | CRITICAL | 9.8 | 2019-12-10 | Monkey HTTP Daemon: broken user name authentication |