CVE-2021-44228Critical (10.0)Remote Code Execution2021
Log4Shell: Remote code execution via JNDI lookup in Apache Log4j 2.x
Affected: Apache Log4j 2.0-2.14.1
CVE-2014-0160High (7.5)Information Disclosure2014
Heartbleed: Buffer over-read in OpenSSL TLS heartbeat extension leaks memory contents
Affected: OpenSSL 1.0.1-1.0.1f
CVE-2017-5638Critical (10.0)Remote Code Execution2017
Apache Struts 2 RCE via Content-Type header manipulation
Affected: Apache Struts 2.3.5-2.3.31, 2.5-2.5.10
CVE-2014-6271Critical (10.0)Remote Code Execution2014
Shellshock: Arbitrary code execution via crafted environment variables in Bash
Affected: GNU Bash through 4.3
CVE-2017-0144Critical (9.3)Remote Code Execution2017
EternalBlue: SMBv1 remote code execution in Windows (used by WannaCry)
Affected: Microsoft Windows SMBv1
CVE-2019-0708Critical (9.8)Remote Code Execution2019
BlueKeep: Remote code execution via Remote Desktop Services
Affected: Microsoft Windows RDP
CVE-2021-34527Critical (8.8)Remote Code Execution2021
PrintNightmare: Remote code execution via Windows Print Spooler
Affected: Microsoft Windows Print Spooler
CVE-2018-11776Critical (9.8)Remote Code Execution2018
Apache Struts RCE via namespace, wildcard, or URL tag without value/action
Affected: Apache Struts 2.3-2.3.34, 2.5-2.5.16
CVE-2021-26855Critical (9.8)SSRF / Remote Code Execution2021
ProxyLogon: Server-side request forgery in Microsoft Exchange Server
Affected: Microsoft Exchange Server 2013-2019
CVE-2020-1472Critical (10.0)Privilege Escalation2020
Zerologon: Privilege escalation via Netlogon authentication bypass
Affected: Microsoft Windows Netlogon
CVE-2023-44487High (7.5)Denial of Service2023
HTTP/2 Rapid Reset: DDoS attack exploiting HTTP/2 stream cancellation
Affected: Various HTTP/2 implementations
CVE-2023-4863Critical (9.8)Remote Code Execution2023
Heap buffer overflow in WebP image processing (libwebp)
Affected: libwebp, Chrome, Firefox, Safari
CVE-2022-0778High (7.5)Denial of Service2022
OpenSSL infinite loop when parsing crafted certificates (BN_mod_sqrt)
Affected: OpenSSL 1.0.2-3.0.1
CVE-2022-22965Critical (9.8)Remote Code Execution2022
Spring4Shell: RCE via data binding in Spring Framework on JDK 9+
Affected: Spring Framework 5.3.0-5.3.17, 5.2.0-5.2.19
CVE-2021-3156High (7.8)Privilege Escalation2021
Baron Samedit: Heap buffer overflow in sudo leading to local privilege escalation
Affected: Sudo 1.8.2-1.8.31p2, 1.9.0-1.9.5p1
CVE-2018-7600Critical (9.8)Remote Code Execution2018
Drupalgeddon 2: Remote code execution via Drupal Form API
Affected: Drupal 7.x, 8.x before 8.5.1
CVE-2016-5195High (7.8)Privilege Escalation2016
Dirty COW: Race condition in Linux kernel memory management allows local privilege escalation
Affected: Linux Kernel before 4.8.3
CVE-2019-11510Critical (10.0)Information Disclosure2019
Pulse Secure VPN arbitrary file read allowing credential theft
Affected: Pulse Connect Secure 8.2-9.0
CVE-2023-23397Critical (9.8)Credential Theft2023
Microsoft Outlook NTLM credential theft via crafted calendar invite
Affected: Microsoft Outlook for Windows
CVE-2024-3094Critical (10.0)Supply Chain / Backdoor2024
XZ Utils backdoor: Malicious code in xz/liblzma enabling SSH auth bypass
Affected: xz-utils 5.6.0-5.6.1
CVE-2013-3900High (7.6)Code Signing Bypass2013
WinVerifyTrust signature validation vulnerability allows code injection into signed executables
Affected: Microsoft Windows
CVE-2020-0601Critical (8.1)Certificate Spoofing2020
CurveBall: Windows CryptoAPI spoofing of ECC certificates
Affected: Microsoft Windows 10, Server 2016/2019
CVE-2022-26134Critical (9.8)Remote Code Execution2022
Atlassian Confluence OGNL injection RCE
Affected: Atlassian Confluence Server/DC
CVE-2015-7547Critical (8.1)Remote Code Execution2015
glibc getaddrinfo stack-based buffer overflow via crafted DNS responses
Affected: glibc 2.9+
CVE-2021-40444High (8.8)Remote Code Execution2021
MSHTML RCE via crafted ActiveX control in Office documents
Affected: Microsoft MSHTML / Office
Disclaimer
This is a curated reference database of notable CVEs for educational purposes. It is not comprehensive. For authoritative CVE data, consult MITRE CVE or NVD.