2012 — CVEs disclosed (Default sort: published descending; newest first.)

Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.

Showing 4160 of 5939 results
«« First « Prev Page 3 / 297 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2012-10024 XBMC version 11.0 contains a path traversal vulnerability in its embedded HTTP server. When accessed via HTTP Basic Authentication, the server fails to properly sanitize URI input, allowing authenticated users to request files outside the intended document root. An attacker can exploit this flaw to read arbitrary files from the host filesystem, including sensitive configuration or credential files. 7.1 1.06% 2025-08-05 2026-06-16
CVE-2012-10023 A stack-based buffer overflow vulnerability exists in FreeFloat FTP Server version 1.0.0. The server fails to properly validate input passed to the USER command, allowing remote attackers to overwrite memory and potentially execute arbitrary code. The flaw is triggered by sending an overly long username string, which overflows the buffer allocated for user authentication. 6.9 1.67% 2025-08-05 2026-06-16
CVE-2012-10022 Kloxo versions 6.1.12 and earlier contain two setuid root binaries—lxsuexec and lxrestart—that allow local privilege escalation from uid 48. The lxsuexec binary performs a uid check and permits execution of arbitrary commands as root if the invoking user matches uid 48. This flaw enables attackers with Apache-level access to escalate privileges to root without authentication. 8.5 0.44% 2025-08-01 2026-06-16
CVE-2012-10021 A stack-based buffer overflow vulnerability exists in D-Link DIR-605L Wireless N300 Cloud Router firmware versions 1.12 and 1.13 via the getAuthCode() function. The flaw arises from unsafe usage of sprintf() when processing user-supplied CAPTCHA data via the FILECODE parameter in /goform/formLogin. A remote unauthenticated attacker can exploit this to execute arbitrary code with root privileges on the device. 9.3 2.96% 2025-07-31 2026-06-16
CVE-2012-10020 The FoxyPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadify.php file in versions up to, and including, 0.4.2.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. 9.8 2.87% 2025-07-21 2026-06-16
CVE-2012-10019 The Front End Editor plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the upload.php file in versions before 2.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. 9.8 2.28% 2025-07-19 2026-06-16
CVE-2012-10018 The Mapplic and Mapplic Lite plugins for WordPress are vulnerable to Server-Side Request Forgery in versions up to, and including 6.1, 1.0 respectively. This makes it possible for attackers to forgery requests coming from a vulnerable site's server and ultimately perform an XSS attack if requesting an SVG file. 8.3 1.13% 2024-10-16 2026-06-16
CVE-2012-6664 Multiple directory traversal vulnerabilities in the TFTP Server in Distinct Intranet Servers 3.10 and earlier allow remote attackers to read or write arbitrary files via a .. (dot dot) in the (1) get or (2) put commands. 9.1 29.54% 2024-06-21 2026-06-16
CVE-2012-10017 A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.04 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 2.06 is able to address this issue. The patch is named 68af950330c3202a706f0ae9bbb52ceaa17dda9d. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248955. 4.3 0.35% 2023-12-26 2026-06-16
CVE-2012-10016 A vulnerability classified as problematic has been found in Halulu simple-download-button-shortcode Plugin 1.0 on WordPress. Affected is an unknown function of the file simple-download-button_dl.php of the component Download Handler. The manipulation of the argument file leads to information disclosure. It is possible to launch the attack remotely. Upgrading to version 1.1 is able to address this issue. The patch is identified as e648a8706818297cf02a665ae0bae1c069dea5f1. It is recommended to upg 4.3 0.58% 2023-10-16 2026-06-16
CVE-2012-3788 Rejected reason: This candidate is unused by its CNA. N/A 0.04% 2023-09-14 2023-11-06
CVE-2012-3787 Rejected reason: This candidate is unused by its CNA. N/A 0.04% 2023-09-14 2023-11-06
CVE-2012-3786 Rejected reason: This candidate is unused by its CNA. N/A 0.04% 2023-09-14 2023-11-06
CVE-2012-3785 Rejected reason: This candidate is unused by its CNA. N/A 0.04% 2023-09-14 2023-11-06
CVE-2012-3784 Rejected reason: This candidate is unused by its CNA. N/A 0.04% 2023-09-14 2023-11-06
CVE-2012-3783 Rejected reason: This candidate is unused by its CNA. N/A 0.04% 2023-09-14 2023-11-06
CVE-2012-3782 Rejected reason: This candidate is unused by its CNA. N/A 0.04% 2023-09-14 2023-11-06
CVE-2012-3781 Rejected reason: This candidate is unused by its CNA. N/A 0.04% 2023-09-14 2023-11-06
CVE-2012-3780 Rejected reason: This candidate is unused by its CNA. N/A 0.04% 2023-09-14 2023-11-06
CVE-2012-3779 Rejected reason: This candidate is unused by its CNA. N/A 0.04% 2023-09-14 2023-11-06
«« First « Prev Page 3 / 297 Next »
cvelogic Threat Intelligence