Search
31,037 CVEs · Critical severity
CVEs (31,037, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 451–475 of 31,037 (capped at 500)
| CVE ID ↑ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2013-4334 | CRITICAL | 9.8 | 2020-02-07 | opWebAPIPlugin 0.5.1, 0.4.0, and 0.1.0: XXE Vulnerabilities | |
| CVE-2013-4335 | CRITICAL | 9.8 | 2020-02-07 | opOpenSocialPlugin 0.8.2.1, > 0.9.9.2, 0.9.13, 1.2.6: Multiple XML External Entity Injection Vulnerabilities | |
| CVE-2013-4366 | CRITICAL | Patched | 9.8 | 2017-10-30 | http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspec… |
| CVE-2013-4409 | CRITICAL | Patched | 9.8 | 2019-11-04 | An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests. |
| CVE-2013-4441 | CRITICAL | 9.8 | 2020-01-27 | The Phonemes mode in Pwgen 2.06 generates predictable passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack. | |
| CVE-2013-4451 | CRITICAL | Patched | 9.8 | 2018-09-21 | gitolite commit fa06a34 through 3.5.3 might allow attackers to have unspecified impact via vectors involving world-writable permissions when creating (1) ~/.gitolite.rc, (2… |
| CVE-2013-4454 | CRITICAL | 9.1 | 2020-02-18 | WordPress Portable phpMyAdmin Plugin 1.4.1 has Multiple Security Bypass Vulnerabilities | |
| CVE-2013-4462 | CRITICAL | 9.1 | 2020-01-27 | WordPress Portable phpMyAdmin Plugin has an authentication bypass vulnerability | |
| CVE-2013-4486 | CRITICAL | Patched | 9.8 | 2019-12-03 | Zanata 3.0.0 through 3.1.2 has RCE due to EL interpolation in logging |
| CVE-2013-4521 | CRITICAL | 9.8 | 2020-02-06 | RichFaces implementation in Nuxeo Platform 5.6.0 before HF27 and 5.8.0 before HF-01 does not restrict the classes for which deserialization methods can be called, which all… | |
| CVE-2013-4561 | CRITICAL | 9.1 | 2022-06-30 | In a openshift node, there is a cron job to update mcollective facts that mishandles a temporary file. This may lead to loss of confidentiality and integrity. | |
| CVE-2013-4621 | CRITICAL | Patched | 9.8 | 2019-12-27 | Magnolia CMS before 4.5.9 has multiple access bypass vulnerabilities |
| CVE-2013-4654 | CRITICAL | 9.8 | 2019-11-13 | Symlink Traversal vulnerability in TP-LINK TL-WDR4300 and TL-1043ND.. | |
| CVE-2013-4656 | CRITICAL | 9.8 | 2019-11-13 | Symlink Traversal vulnerability in ASUS RT-AC66U and RT-N56U due to misconfiguration in the SMB service. | |
| CVE-2013-4657 | CRITICAL | 9.8 | 2019-11-13 | Symlink Traversal vulnerability in NETGEAR WNR3500U and WNR3500L due to misconfiguration in the SMB service. | |
| CVE-2013-4658 | CRITICAL | 9.8 | 2019-10-25 | Linksys EA6500 has SMB Symlink Traversal allowing symbolic links to be created to locations outside of the Samba share. | |
| CVE-2013-4659 | CRITICAL | 9.8 | 2017-03-14 | Buffer overflow in Broadcom ACSD allows remote attackers to execute arbitrary code via a long string to TCP port 5916. This component is used on routers of multiple vendors… | |
| CVE-2013-4743 | CRITICAL | 9.8 | 2019-12-27 | Static HTTP Server 1.0 has a Local Overflow | |
| CVE-2013-4810 | CRITICAL | 9.8 | 2013-09-16 | HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote attackers to execute arbitra… | |
| CVE-2013-4857 | CRITICAL | Patched | 9.8 | 2019-10-25 | D-Link DIR-865L has PHP File Inclusion in the router xml file. |
| CVE-2013-4864 | CRITICAL | Patched | 9.8 | 2020-01-28 | MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to send HTTP requests to intranet servers via the url parameter to cgi-bin/cmh/proxy.sh, related to a Ser… |
| CVE-2013-4976 | CRITICAL | 9.8 | 2019-12-27 | Hikvision DS-2CD7153-E IP Camera has security bypass via hardcoded credentials | |
| CVE-2013-4982 | CRITICAL | 9.8 | 2019-12-27 | AVTECH AVN801 DVR has a security bypass via the administration login captcha | |
| CVE-2013-5017 | CRITICAL | Patched | 9.8 | 2014-06-18 | SNMPConfig.php in the management console in Symantec Web Gateway (SWG) before 5.2.1 allows remote attackers to execute arbitrary commands via unspecified vectors. |
| CVE-2013-5027 | CRITICAL | 9.8 | 2019-12-27 | Collabtive 1.0 has incorrect access control |