Search
31,034 CVEs · Critical severity
CVEs (31,034, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 176–200 of 31,034 (capped at 500)
| CVE ID ↑ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2010-1433 | CRITICAL | Patched | 9.8 | 2021-06-21 | Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can ex… |
| CVE-2010-1435 | CRITICAL | Patched | 9.8 | 2021-06-21 | Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently retrieve passwo… |
| CVE-2010-1573 | CRITICAL | Patched | 9.8 | 2010-06-10 | Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded username (Gemtek) and password (gemtekswd) for a debug interface for certain web pages, which allows remote … |
| CVE-2010-1866 | CRITICAL | Patched | 9.8 | 2010-05-07 | The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP chunked encoding stream, allows context-dependent attackers to cause a denial of service (crash) and poss… |
| CVE-2010-20103 | CRITICAL | 9.8 | 2025-08-20 | A malicious backdoor was embedded in the official ProFTPD 1.3.3c source tarball distributed between November 28 and December 2, 2010. The backdoor implements a hidden FTP c… | |
| CVE-2010-20113 | CRITICAL | Patched | 9.8 | 2025-08-21 | EasyFTP Server 1.7.0.11 and earlier contains a stack-based buffer overflow vulnerability in its HTTP interface. When processing a GET request to list.html, the server fails… |
| CVE-2010-20121 | CRITICAL | Patched | 9.8 | 2025-08-21 | EasyFTP Server versions up to 1.7.0.11 contain a stack-based buffer overflow vulnerability in the FTP command parser. When processing the CWD (Change Working Directory) com… |
| CVE-2010-2076 | CRITICAL | Patched | 9.8 | 2010-08-19 | Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, an… |
| CVE-2010-2446 | CRITICAL | 9.8 | 2019-11-06 | Rbot Reaction plugin allows command execution | |
| CVE-2010-2447 | CRITICAL | Patched | 9.8 | 2019-11-07 | gitolite before 1.4.1 does not filter src/ or hooks/ from path names. |
| CVE-2010-2476 | CRITICAL | 9.8 | 2019-11-07 | syscp 1.4.2.1 allows attackers to add arbitrary paths via the documentroot of a domain by appending a colon to it and setting the open basedir path to use that domain documentroot. | |
| CVE-2010-2548 | CRITICAL | Patched | 9.1 | 2019-10-31 | IcedTea6 before 1.7.4 does not properly check property access, which allows unsigned apps to read and write arbitrary files. |
| CVE-2010-2783 | CRITICAL | Patched | 9.1 | 2019-10-31 | IcedTea6 before 1.7.4 allow unsigned apps to read and write arbitrary files, related to Extended JNLP Services. |
| CVE-2010-2861 | CRITICAL | Patched | 9.8 | 2010-08-11 | Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the local… |
| CVE-2010-2941 | CRITICAL | Patched | 9.8 | 2010-11-05 | ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a den… |
| CVE-2010-2965 | CRITICAL | Patched | 9.8 | 2010-08-05 | The WDB target agent debug service in Wind River VxWorks 6.x, 5.x, and earlier, as used on the Rockwell Automation 1756-ENBT series A with firmware 3.2.6 and 3.6.1 and othe… |
| CVE-2010-3375 | CRITICAL | 9.8 | 2019-10-29 | qtparted has insecure library loading which may allow arbitrary code execution | |
| CVE-2010-3416 | CRITICAL | Patched | 9.8 | 2010-09-16 | Google Chrome before 6.0.472.59 on Linux does not properly implement the Khmer locale, which allows remote attackers to cause a denial of service (memory corruption) or pos… |
| CVE-2010-3438 | CRITICAL | Patched | 9.8 | 2019-11-12 | libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argument such as "s… |
| CVE-2010-3729 | CRITICAL | Patched | 9.8 | 2010-10-05 | The SPDY protocol implementation in Google Chrome before 6.0.472.62 does not properly manage buffers, which might allow remote attackers to execute arbitrary code via unspe… |
| CVE-2010-3765 | CRITICAL | Patched | 9.8 | 2010-10-28 | Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is e… |
| CVE-2010-3845 | CRITICAL | 9.8 | 2017-08-08 | libapache-authenhook-perl 2.00-04 stores usernames and passwords in plaintext in the vhost error log. | |
| CVE-2010-4039 | CRITICAL | Patched | 9.8 | 2010-10-21 | Google Chrome before 7.0.517.41 on Linux does not properly set the PATH environment variable, which has unspecified impact and attack vectors. |
| CVE-2010-4041 | CRITICAL | Patched | 9.8 | 2010-10-21 | The sandbox implementation in Google Chrome before 7.0.517.41 on Linux does not properly constrain worker processes, which might allow remote attackers to bypass intended a… |
| CVE-2010-4042 | CRITICAL | Patched | 9.8 | 2010-10-21 | Google Chrome before 7.0.517.41 does not properly handle element maps, which allows remote attackers to cause a denial of service or possibly have unspecified other impact … |