2010 CVEs
5249 CVEs published in 2010. 47 critical, 121 high. Browse by vendor, severity, or with PoCs.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2010-5326 | Critical | 10.0 | 2016-05-13 | The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, which allows remote attackers to… |
CVE-2010-20113 | Critical | 9.8 | 2025-08-21 | EasyFTP Server 1.7.0.11 and earlier contains a stack-based buffer overflow vulnerability in its HTTP interface. When processing a GET request to list.html, the… |
CVE-2010-20121 | Critical | 9.8 | 2025-08-21 | EasyFTP Server versions up to 1.7.0.11 contain a stack-based buffer overflow vulnerability in the FTP command parser. When processing the CWD (Change Working D… |
CVE-2010-20103 | Critical | 9.8 | 2025-08-20 | A malicious backdoor was embedded in the official ProFTPD 1.3.3c source tarball distributed between November 28 and December 2, 2010. The backdoor implements a… |
CVE-2010-1435 | Critical | 9.8 | 2021-06-21 | Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently re… |
CVE-2010-1433 | Critical | 9.8 | 2021-06-21 | Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An at… |
CVE-2010-4815 | Critical | 9.8 | 2020-02-05 | Coppermine gallery before 1.4.26 has an input validation vulnerability that allows for code execution. |
CVE-2010-4660 | Critical | 9.8 | 2019-11-20 | Unspecified vulnerability in statusnet through 2010 due to the way addslashes are used in SQL string escapes.. |
CVE-2010-4533 | Critical | 9.8 | 2019-11-13 | offlineimap before 6.3.4 added support for SSL server certificate validation but it is still possible to use SSL v2 protocol, which is a flawed protocol with m… |
CVE-2010-3438 | Critical | 9.8 | 2019-11-12 | libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argume… |
CVE-2010-2476 | Critical | 9.8 | 2019-11-07 | syscp 1.4.2.1 allows attackers to add arbitrary paths via the documentroot of a domain by appending a colon to it and setting the open basedir path to use that… |
CVE-2010-2447 | Critical | 9.8 | 2019-11-07 | gitolite before 1.4.1 does not filter src/ or hooks/ from path names. |
CVE-2010-2446 | Critical | 9.8 | 2019-11-06 | Rbot Reaction plugin allows command execution |
CVE-2010-0748 | Critical | 9.8 | 2019-10-30 | Transmission before 1.92 allows an attacker to cause a denial of service (crash) or possibly have other unspecified impact via a large number of tr arguments i… |
CVE-2010-3375 | Critical | 9.8 | 2019-10-29 | qtparted has insecure library loading which may allow arbitrary code execution |
CVE-2010-4239 | Critical | 9.8 | 2019-10-28 | Tiki Wiki CMS Groupware 5.2 has Local File Inclusion |
CVE-2010-5333 | Critical | 9.8 | 2019-09-13 | The web server in Integard Pro and Home before 2.0.0.9037 and 2.2.x before 2.2.0.9037 has a buffer overflow via a long password in an administration login POST… |
CVE-2010-5330 | Critical | 9.8 | 2019-06-11 | On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not sanitized, as demo… |
CVE-2010-5305 | Critical | 9.8 | 2019-03-26 | The potential exists for exposure of the product's password used to restrict unauthorized access to Rockwell PLC5/SLC5/0x/RSLogix 1785-Lx and 1747-L5x controll… |
CVE-2010-3845 | Critical | 9.8 | 2017-08-08 | libapache-authenhook-perl 2.00-04 stores usernames and passwords in plaintext in the vhost error log. |