Search
31,034 CVEs · Critical severity
CVEs (31,034, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 201–225 of 31,034 (capped at 500)
| CVE ID ↑ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2010-4197 | CRITICAL | Patched | 9.8 | 2010-11-06 | Use-after-free vulnerability in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of… |
| CVE-2010-4201 | CRITICAL | Patched | 9.8 | 2010-11-06 | Use-after-free vulnerability in Google Chrome before 7.0.517.44 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors i… |
| CVE-2010-4202 | CRITICAL | Patched | 9.8 | 2010-11-06 | Multiple integer overflows in Google Chrome before 7.0.517.44 on Linux allow remote attackers to cause a denial of service or possibly have unspecified other impact via a c… |
| CVE-2010-4203 | CRITICAL | Patched | 9.8 | 2010-11-06 | WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or po… |
| CVE-2010-4204 | CRITICAL | Patched | 9.8 | 2010-11-06 | WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, accesses a frame object after this object has been destroyed, which allows r… |
| CVE-2010-4205 | CRITICAL | Patched | 9.8 | 2010-11-06 | Google Chrome before 7.0.517.44 does not properly handle the data types of event objects, which allows remote attackers to cause a denial of service or possibly have unspec… |
| CVE-2010-4239 | CRITICAL | 9.8 | 2019-10-28 | Tiki Wiki CMS Groupware 5.2 has Local File Inclusion | |
| CVE-2010-4344 | CRITICAL | Patched | 9.8 | 2010-12-14 | Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that include… |
| CVE-2010-4478 | CRITICAL | Patched | 9.8 | 2010-12-06 | OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need f… |
| CVE-2010-4533 | CRITICAL | Patched | 9.8 | 2019-11-13 | offlineimap before 6.3.4 added support for SSL server certificate validation but it is still possible to use SSL v2 protocol, which is a flawed protocol with multiple secur… |
| CVE-2010-4660 | CRITICAL | Patched | 9.8 | 2019-11-20 | Unspecified vulnerability in statusnet through 2010 due to the way addslashes are used in SQL string escapes.. |
| CVE-2010-4815 | CRITICAL | Patched | 9.8 | 2020-02-05 | Coppermine gallery before 1.4.26 has an input validation vulnerability that allows for code execution. |
| CVE-2010-5305 | CRITICAL | 9.8 | 2019-03-26 | The potential exists for exposure of the product's password used to restrict unauthorized access to Rockwell PLC5/SLC5/0x/RSLogix 1785-Lx and 1747-L5x controllers. The pote… | |
| CVE-2010-5325 | CRITICAL | Patched | 9.8 | 2016-04-15 | Heap-based buffer overflow in the unhtmlify function in foomatic-rip in foomatic-filters before 4.0.6 allows remote attackers to cause a denial of service (memory corruptio… |
| CVE-2010-5326 | CRITICAL | Patched | 10.0 | 2016-05-13 | The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, which allows remote attackers to execute arbit… |
| CVE-2010-5330 | CRITICAL | Patched | 9.8 | 2019-06-11 | On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not sanitized, as demonstrated by s… |
| CVE-2010-5333 | CRITICAL | Patched | 9.8 | 2019-09-13 | The web server in Integard Pro and Home before 2.0.0.9037 and 2.2.x before 2.2.0.9037 has a buffer overflow via a long password in an administration login POST request, lea… |
| CVE-2011-0469 | CRITICAL | 9.8 | 2017-08-17 | Code injection in openSUSE when running some source services used in the open build service 2.1 before March 11 2011. | |
| CVE-2011-0657 | CRITICAL | 9.8 | 2011-04-13 | DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Win… | |
| CVE-2011-0703 | CRITICAL | Patched | 9.8 | 2019-11-15 | In gksu-polkit before 0.0.3, the source file for xauth may contain arbitrary commands that may allow an attacker to overtake an administrator X11 session. |
| CVE-2011-10018 | CRITICAL | 9.8 | 2025-08-13 | myBB version 1.6.4 was distributed with an unauthorized backdoor embedded in the source code. The backdoor allowed remote attackers to execute arbitrary PHP code by injecti… | |
| CVE-2011-10019 | CRITICAL | Patched | 9.8 | 2025-08-13 | Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its search functionality. The application fails to properly sanitize input passe… |
| CVE-2011-10026 | CRITICAL | Patched | 9.8 | 2025-08-20 | Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inj… |
| CVE-2011-1028 | CRITICAL | Patched | 9.8 | 2019-11-20 | The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file. |
| CVE-2011-1134 | CRITICAL | Patched | 9.8 | 2019-11-05 | Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in the image manager. |