Search
31,027 CVEs · Critical severity
CVEs (31,027, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 101–125 of 31,027 (capped at 500)
| CVE ID ↑ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2007-3194 | CRITICAL | 9.8 | 2007-06-12 | Multiple PHP remote file inclusion vulnerabilities in myBloggie 2.1.5 allow remote attackers to execute arbitrary PHP code via a URL in the bloggie_root_path parameter to (… | |
| CVE-2007-3652 | CRITICAL | 9.8 | 2008-07-09 | SQL injection vulnerability in class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOT… | |
| CVE-2007-3798 | CRITICAL | Patched | 9.8 | 2007-07-16 | Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, relate… |
| CVE-2007-3915 | CRITICAL | 9.1 | 2019-11-07 | Mondo 2.24 has insecure handling of temporary files. | |
| CVE-2007-4039 | CRITICAL | 9.8 | 2007-07-27 | Argument injection vulnerability involving Mozilla, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitra… | |
| CVE-2007-4043 | CRITICAL | Patched | 9.8 | 2007-07-27 | file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) before 4.6.3 allows remote attackers to bypass authentication via a name parameter ending with… |
| CVE-2007-4290 | CRITICAL | 9.8 | 2007-08-09 | Multiple PHP remote file inclusion vulnerabilities in Guestbook Script 1.9 allow remote attackers to execute arbitrary PHP code via a URL in the script_root parameter to (1… | |
| CVE-2007-4559 | CRITICAL | Patched | 9.8 | 2007-08-28 | Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitra… |
| CVE-2007-4773 | CRITICAL | Patched | 9.8 | 2020-01-15 | Systrace before 1.6.0 has insufficient escape policy enforcement. |
| CVE-2007-5097 | CRITICAL | 9.8 | 2007-09-26 | PHP remote file inclusion vulnerability in lib/classes/offl_nflteam.php in Online Fantasy Football League (OFFL) 0.2.6 allows remote attackers to execute arbitrary PHP code… | |
| CVE-2007-5199 | CRITICAL | 9.8 | 2017-08-18 | A single byte overflow in catalogue.c in X.Org libXfont 1.3.1 allows remote attackers to have unspecified impact. | |
| CVE-2007-5341 | CRITICAL | Patched | 9.8 | 2017-08-18 | Remote code execution in the Venkman script debugger in Mozilla Firefox before 2.0.0.8. |
| CVE-2007-5565 | CRITICAL | 9.8 | 2007-10-18 | PHP remote file inclusion vulnerability in includes/functions.php in phpSCMS 0.0.1-Alpha1 allows remote attackers to execute arbitrary PHP code via a URL in the dir paramet… | |
| CVE-2007-5775 | CRITICAL | 9.8 | 2007-11-01 | Unspecified vulnerability in BitDefender allows attackers to execute arbitrary code via unspecified vectors, aka EEYEB-20071024. NOTE: as of 20071029, the only disclosure … | |
| CVE-2007-6013 | CRITICAL | Patched | 9.8 | 2007-11-19 | Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from … |
| CVE-2007-6745 | CRITICAL | 9.8 | 2019-11-07 | clamav 0.91.2 suffers from a floating point exception when using ScanOLE2. | |
| CVE-2007-6759 | CRITICAL | Patched | 9.8 | 2017-04-07 | Dataprobe iBootBar (with 2007-09-20 and possibly later released firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected dev… |
| CVE-2007-6760 | CRITICAL | Patched | 9.8 | 2017-04-07 | Dataprobe iBootBar (with 2007-09-20 and possibly later beta firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices… |
| CVE-2007-6762 | CRITICAL | Patched | 9.8 | 2019-07-27 | In the Linux kernel before 2.6.20, there is an off-by-one bug in net/netlabel/netlabel_cipso_v4.c where it is possible to overflow the doi_def->tags[] array. |
| CVE-2008-0062 | CRITICAL | Patched | 9.8 | 2008-03-19 | KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly … |
| CVE-2008-0081 | CRITICAL | 9.8 | 2008-01-16 | Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code… | |
| CVE-2008-0174 | CRITICAL | Patched | 9.8 | 2008-01-29 | GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows… |
| CVE-2008-0599 | CRITICAL | Patched | 9.8 | 2008-05-05 | The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, whi… |
| CVE-2008-0961 | CRITICAL | 9.8 | 2008-04-14 | EMV DiskXtender 6.20.060 has a hard-coded login and password, which allows remote attackers to bypass authentication via the RPC interface. | |
| CVE-2008-1160 | CRITICAL | 9.8 | 2008-03-25 | ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra processes that is not changed when it is set by a user, which allows remote attackers to gain privileges. |