Search
31,027 CVEs · Critical severity
CVEs (31,027, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 51–75 of 31,027 (capped at 500)
| CVE ID ↑ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2004-2154 | CRITICAL | Patched | 9.8 | 2004-12-31 | CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows attackers to bypass intended ACLs via a printer name containing uppercase or… |
| CVE-2004-2214 | CRITICAL | Patched | 9.8 | 2004-12-31 | Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to bypass access restrictions via a URI with mixed case characters. |
| CVE-2004-2761 | CRITICAL | 9.8 | 2009-01-05 | The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks o… | |
| CVE-2004-2776 | CRITICAL | 9.8 | 2019-12-31 | go.cgi in GoScript 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) query string or (2) artarchive parameter. | |
| CVE-2005-0102 | CRITICAL | Patched | 9.8 | 2005-01-24 | Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier allows local users or remote malicious POP3 servers to execute arbitrary code via a length value of -1,… |
| CVE-2005-0199 | CRITICAL | Patched | 9.8 | 2005-05-02 | Integer underflow in the Lists_MakeMask() function in lists.c in ngIRCd before 0.8.2 allows remote attackers to cause a denial of service (application crash) and possibly e… |
| CVE-2005-0269 | CRITICAL | Patched | 9.8 | 2005-05-02 | The file extension check in GNUBoard 3.40 and earlier only verifies extensions that contain all lowercase letters, which allows remote attackers to upload arbitrary files v… |
| CVE-2005-0408 | CRITICAL | Patched | 9.8 | 2005-02-14 | CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of the user name for the id_hash cookie, which allows remote attackers to bypass authentication and gain … |
| CVE-2005-0496 | CRITICAL | 9.8 | 2005-02-21 | Arkeia Network Backup Client 5.x contains hard-coded credentials that effectively serve as a back door, which allows remote attackers to access the file system and possibly… | |
| CVE-2005-1141 | CRITICAL | 9.8 | 2005-04-15 | Integer overflow in the readpgm function in pnm.c for GOCR 0.40, when using the netpbm library, allows remote attackers to execute arbitrary code via a PNM file with large … | |
| CVE-2005-1513 | CRITICAL | 9.8 | 2005-05-11 | Integer overflow in the stralloc_readyplus function in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a den… | |
| CVE-2005-1689 | CRITICAL | Patched | 9.8 | 2005-07-18 | Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions. |
| CVE-2005-1744 | CRITICAL | Patched | 9.8 | 2005-05-24 | BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application is redeployed, which allows those users to continue to access… |
| CVE-2005-2103 | CRITICAL | Patched | 9.8 | 2005-08-16 | Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code … |
| CVE-2005-2354 | CRITICAL | 9.8 | 2019-11-05 | Nvu 0.99+1.0pre uses an old copy of Mozilla XPCOM which can result in multiple security issues. | |
| CVE-2005-2773 | CRITICAL | Patched | 9.8 | 2005-09-02 | HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes… |
| CVE-2005-3056 | CRITICAL | 9.8 | 2019-11-01 | TWiki allows arbitrary shell command execution via the Include function | |
| CVE-2005-3120 | CRITICAL | Patched | 9.8 | 2005-10-17 | Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asi… |
| CVE-2005-3435 | CRITICAL | Patched | 9.8 | 2005-11-02 | admin_news.php in Archilles Newsworld up to 1.3.0 allows attackers to bypass authentication by obtaining the password hash for another user, for example through another New… |
| CVE-2005-3590 | CRITICAL | Patched | 9.8 | 2019-04-10 | The getgrouplist function in the GNU C library (glibc) before version 2.3.5, when invoked with a zero argument, writes to the passed pointer even if the specified array siz… |
| CVE-2005-4891 | CRITICAL | Patched | 9.8 | 2020-01-15 | Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary SQL statements. |
| CVE-2006-0061 | CRITICAL | 9.8 | 2019-11-06 | xlockmore 5.13 and 5.22 segfaults when using libpam-opensc and returns the underlying xsession. This allows unauthorized users access to the X session. | |
| CVE-2006-0062 | CRITICAL | 9.8 | 2019-11-06 | xlockmore 5.13 allows potential xlock bypass when FVWM switches to the same virtual desktop as a new Gaim window. | |
| CVE-2006-10003 | CRITICAL | Patched | 9.8 | 2026-03-19 | XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack. In the case (stackptr == stacksize - 1), the stack will NOT be expand… |
| CVE-2006-2827 | CRITICAL | 9.8 | 2006-06-05 | SQL injection vulnerability in search.php in X-Cart Gold and Pro 4.0.18, and X-Cart 4.1.0 beta 1, allows remote attackers to execute arbitrary SQL commands via the "Search … |