Search
1,812 CVEs · Critical severity
CVEs (1,812, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 1–25 of 1,812 (capped at 500)
| CVE ID ↑ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2006-10003 | CRITICAL | Patched | 9.8 | 2026-03-19 | XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack. In the case (stackptr == stacksize - 1), the stack will NOT be expand… |
| CVE-2013-10075 | CRITICAL | Patched | 9.1 | 2026-05-08 | Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The session stores Apache::Session::Store::File and Apache::Session::Store::DB_File will create… |
| CVE-2014-125112 | CRITICAL | Patched | 9.8 | 2026-03-26 | Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution. Plack::Middleware::Session::Cookie versions through 0.21 has a security vul… |
| CVE-2016-20024 | CRITICAL | 9.8 | 2026-03-16 | ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by modifying executable files. Attackers… | |
| CVE-2016-20026 | CRITICAL | 9.8 | 2026-03-16 | ZKTeco ZKBioSecurity 3.0 contains hardcoded credentials in the bundled Apache Tomcat server that allow unauthenticated attackers to access the manager application. Attacker… | |
| CVE-2016-20030 | CRITICAL | 9.8 | 2026-03-16 | ZKTeco ZKBioSecurity 3.0 contains a user enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by submitting partial characters via th… | |
| CVE-2016-20049 | CRITICAL | 9.8 | 2026-03-28 | JAD 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying oversized input that exceeds b… | |
| CVE-2016-20052 | CRITICAL | Patched | 9.8 | 2026-04-04 | Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files including PHP executables to the snews_file… |
| CVE-2017-20223 | CRITICAL | 9.8 | 2026-03-16 | Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and acce… | |
| CVE-2017-20224 | CRITICAL | 9.8 | 2026-03-16 | Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious content by explo… | |
| CVE-2017-20225 | CRITICAL | Patched | 9.8 | 2026-03-28 | TiEmu 2.08 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting inadequate boundary checks on user-s… |
| CVE-2017-20227 | CRITICAL | 9.8 | 2026-03-28 | JAD Java Decompiler 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying overly long in… | |
| CVE-2017-20229 | CRITICAL | Patched | 9.8 | 2026-03-28 | MAWK 1.3.3-17 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting inadequate boundary checks on use… |
| CVE-2017-20230 | CRITICAL | Patched | 10.0 | 2026-04-21 | Storable versions before 3.05 for Perl has a stack overflow. The retrieve_hook function stored the length of the class name into a signed integer but in read operations tr… |
| CVE-2017-20234 | CRITICAL | 9.8 | 2026-04-03 | GarrettCom Magnum 6K and 10K managed switches contain an authentication bypass vulnerability that allows unauthenticated attackers to gain unauthorized access by exploiting… | |
| CVE-2017-20235 | CRITICAL | Patched | 9.1 | 2026-04-03 | ProSoft Technology ICX35-HWC version 1.3 and prior cellular gateways contain an authentication bypass vulnerability in the web user interface that allows unauthenticated at… |
| CVE-2017-20236 | CRITICAL | Patched | 9.8 | 2026-04-03 | ProSoft Technology ICX35-HWC versions 1.3 and prior cellular gateways contain an input validation vulnerability in the web user interface that allows remote attackers to in… |
| CVE-2017-20237 | CRITICAL | 9.8 | 2026-04-03 | Hirschmann Industrial HiVision versions prior to 06.0.07 and 07.0.03 contains an authentication bypass vulnerability in the master service that allows unauthenticated remot… | |
| CVE-2018-25159 | CRITICAL | 9.8 | 2026-03-11 | Epross AVCON6 systems management platform contains an object-graph navigation language (OGNL) injection vulnerability that allows unauthenticated attackers to execute arbit… | |
| CVE-2018-25220 | CRITICAL | 9.8 | 2026-03-28 | Bochs 2.6-5 contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized input string to the application. … | |
| CVE-2018-25221 | CRITICAL | Patched | 9.8 | 2026-03-28 | EChat Server 3.1 contains a buffer overflow vulnerability in the chat.ghp endpoint that allows remote attackers to execute arbitrary code by supplying an oversized username… |
| CVE-2018-25223 | CRITICAL | Patched | 9.8 | 2026-03-28 | Crashmail 1.6 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending malicious input to the application. Att… |
| CVE-2018-25236 | CRITICAL | 9.8 | 2026-04-03 | Hirschmann HiOS and HiSecOS products RSP, RSPE, RSPS, RSPL, MSP, EES, EESX, GRS, OS, RED, EAGLE contain an authentication bypass vulnerability in the HTTP(S) management mod… | |
| CVE-2018-25237 | CRITICAL | 9.8 | 2026-04-03 | Hirschmann HiSecOS devices versions prior to 05.3.03 contain a buffer overflow vulnerability in the HTTPS login interface when RADIUS authentication is enabled that allows … | |
| CVE-2018-25254 | CRITICAL | Patched | 9.8 | 2026-04-04 | NICO-FTP 3.0.1.19 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending crafted FTP comman… |