Search
31,027 CVEs · Critical severity
CVEs (31,027, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 51–75 of 31,027 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↑ | Description |
|---|---|---|---|---|---|
| CVE-2005-0102 | CRITICAL | Patched | 9.8 | 2005-01-24 | Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier allows local users or remote malicious POP3 servers to execute arbitrary code via a length value of -1,… |
| CVE-2005-0408 | CRITICAL | Patched | 9.8 | 2005-02-14 | CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of the user name for the id_hash cookie, which allows remote attackers to bypass authentication and gain … |
| CVE-2005-0496 | CRITICAL | 9.8 | 2005-02-21 | Arkeia Network Backup Client 5.x contains hard-coded credentials that effectively serve as a back door, which allows remote attackers to access the file system and possibly… | |
| CVE-2005-1141 | CRITICAL | 9.8 | 2005-04-15 | Integer overflow in the readpgm function in pnm.c for GOCR 0.40, when using the netpbm library, allows remote attackers to execute arbitrary code via a PNM file with large … | |
| CVE-2005-0199 | CRITICAL | Patched | 9.8 | 2005-05-02 | Integer underflow in the Lists_MakeMask() function in lists.c in ngIRCd before 0.8.2 allows remote attackers to cause a denial of service (application crash) and possibly e… |
| CVE-2005-0269 | CRITICAL | Patched | 9.8 | 2005-05-02 | The file extension check in GNUBoard 3.40 and earlier only verifies extensions that contain all lowercase letters, which allows remote attackers to upload arbitrary files v… |
| CVE-2005-1513 | CRITICAL | 9.8 | 2005-05-11 | Integer overflow in the stralloc_readyplus function in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a den… | |
| CVE-2005-1744 | CRITICAL | Patched | 9.8 | 2005-05-24 | BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application is redeployed, which allows those users to continue to access… |
| CVE-2005-1689 | CRITICAL | Patched | 9.8 | 2005-07-18 | Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions. |
| CVE-2005-2103 | CRITICAL | Patched | 9.8 | 2005-08-16 | Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code … |
| CVE-2005-2773 | CRITICAL | Patched | 9.8 | 2005-09-02 | HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes… |
| CVE-2005-3120 | CRITICAL | Patched | 9.8 | 2005-10-17 | Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asi… |
| CVE-2005-3435 | CRITICAL | Patched | 9.8 | 2005-11-02 | admin_news.php in Archilles Newsworld up to 1.3.0 allows attackers to bypass authentication by obtaining the password hash for another user, for example through another New… |
| CVE-2006-2827 | CRITICAL | 9.8 | 2006-06-05 | SQL injection vulnerability in search.php in X-Cart Gold and Pro 4.0.18, and X-Cart 4.1.0 beta 1, allows remote attackers to execute arbitrary SQL commands via the "Search … | |
| CVE-2006-3136 | CRITICAL | 9.8 | 2006-06-22 | Multiple PHP remote file inclusion vulnerabilities in Nucleus 3.23 allow remote attackers to execute arbitrary PHP code via a URL the DIR_LIBS parameter in (1) path/action.… | |
| CVE-2006-4264 | CRITICAL | 9.8 | 2006-08-21 | Multiple PHP remote file inclusion vulnerabilities in the lmtg_myhomepage Component (com_lmtg_myhomepage) for Mambo allow remote attackers to execute arbitrary PHP code via… | |
| CVE-2006-4428 | CRITICAL | 9.8 | 2006-08-29 | PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1.1.5 allows remote attackers to execute arbitrary PHP code via a URL in the template parameter. NOTE: … | |
| CVE-2006-5021 | CRITICAL | 9.8 | 2006-09-27 | Multiple PHP remote file inclusion vulnerabilities in redgun RedBLoG 0.5 allow remote attackers to execute arbitrary PHP code via a URL in (1) the root parameter in imgen.p… | |
| CVE-2006-5024 | CRITICAL | Patched | 9.8 | 2006-09-27 | Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner (sHTTPScanner) before 0.4 have unknown impact and attack vectors. |
| CVE-2006-5603 | CRITICAL | 9.8 | 2006-10-30 | SQL injection vulnerability in pop_mail.asp in Snitz Forums 2000 3.4.06 allows remote attackers to execute arbitrary SQL commands via the RC parameter. NOTE: the provenanc… | |
| CVE-2006-5610 | CRITICAL | 9.8 | 2006-10-31 | PHP remote file inclusion vulnerability in player/includes/common.php in Teake Nutma Foing, as modified in Fully Modded phpBB (phpbbfm) 2021.4.40, allows remote attackers t… | |
| CVE-2006-5678 | CRITICAL | 9.8 | 2006-11-03 | PHP remote file inclusion vulnerability in common/visiteurs/include/library.inc.php in J-Pierre DEZELUS Les Visiteurs 2.0.1, as used in phpMyConferences (phpMyConference) 8… | |
| CVE-2006-6024 | CRITICAL | 9.8 | 2006-11-21 | Multiple buffer overflows in Eudora Worldmail, possibly Worldmail 3 version 6.1.22.0, have unknown impact and attack vectors, as demonstrated by the (1) "Eudora WorldMail s… | |
| CVE-2006-6863 | CRITICAL | 9.8 | 2006-12-31 | PHP remote file inclusion vulnerability in the Enigma2 plugin (Enigma2.php) in Enigma WordPress Bridge allows remote attackers to execute arbitrary PHP code via a URL in th… | |
| CVE-2007-0681 | CRITICAL | Patched | 9.8 | 2007-02-03 | profile.php in ExtCalendar 2 and earlier allows remote attackers to change the passwords of arbitrary users without providing the original password, and possibly perform ot… |