Total
29923 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2003-0130 | 2 Redhat, Ximian | 2 Linux, Evolution | 2026-04-16 | N/A |
| The handle_image function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier does not properly escape HTML characters, which allows remote attackers to inject arbitrary data and HTML via a MIME Content-ID header in a MIME-encoded image. | ||||
| CVE-2003-0149 | 1 Mcafee | 1 Epolicy Orchestrator | 2026-04-16 | N/A |
| Heap-based buffer overflow in ePO agent for McAfee ePolicy Orchestrator 2.0, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code via a POST request containing long parameters. | ||||
| CVE-2005-1495 | 1 Oracle | 3 Application Server, Oracle10g, Oracle9i | 2026-04-16 | N/A |
| Oracle Database 9i and 10g disables Fine Grained Audit (FGA) after the SYS user executes a SELECT statement on an FGA object, which makes it easier for attackers to escape detection. | ||||
| CVE-2003-0163 | 1 Gaim-encryption | 1 Gaim-encryption | 2026-04-16 | N/A |
| decrypt_msg for the Gaim-Encryption GAIM plugin 1.15 and earlier does not properly validate a message length parameter, which allows remote attackers to cause a denial of service (crash) via a negative length, which overwrites arbitrary heap memory with a zero byte. | ||||
| CVE-2003-0169 | 1 Hp | 1 Instant Toptools | 2026-04-16 | N/A |
| hpnst.exe in the GoAhead-Webs webserver for HP Instant TopTools before 5.55 allows remote attackers to cause a denial of service (CPU consumption) via a request to hpnst.exe that calls itself, which causes an infinite loop. | ||||
| CVE-2003-0173 | 2 Sgi, Xfsdump | 2 Irix, Xfsdump | 2026-04-16 | N/A |
| xfsdq in xfsdump does not create quota information files securely, which allows local users to gain root privileges. | ||||
| CVE-2003-0277 | 1 Happycgi | 1 Happymall | 2026-04-16 | N/A |
| Directory traversal vulnerability in normal_html.cgi in Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the file parameter. | ||||
| CVE-2003-0353 | 1 Microsoft | 1 Data Access Components | 2026-04-16 | N/A |
| Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434. | ||||
| CVE-2003-0365 | 1 Icq Inc | 1 Icqlite | 2026-04-16 | N/A |
| ICQLite 2003a creates the ICQ Lite directory with an ACE for "Full Control" privileges for Interactive Users, which allows local users to gain privileges as other users by replacing the executables with malicious programs. | ||||
| CVE-2003-0404 | 1 Vignette | 3 Content Suite, Storyserver, Vignette | 2026-04-16 | N/A |
| Multiple Cross Site Scripting (XSS) vulnerabilities in Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, allow remote attackers to insert arbitrary HTML and script via text variables, as demonstrated using the errInfo parameter of the default login template. | ||||
| CVE-2003-0406 | 1 Palmvnc | 1 Palmvnc | 2026-04-16 | N/A |
| PalmVNC 1.40 and earlier stores passwords in plaintext in the PalmVNCDB, which is backed up to PCs that the Palm is synchronized with, which could allow attackers to gain privileges. | ||||
| CVE-2003-0423 | 1 Apple | 1 Darwin Streaming Server | 2026-04-16 | N/A |
| parse_xml.cgi in Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to obtain the source code for parseable files via the filename parameter. | ||||
| CVE-2003-0429 | 2 Ethereal Group, Redhat | 3 Ethereal, Enterprise Linux, Linux | 2026-04-16 | N/A |
| The OSI dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via invalid IPv4 or IPv6 prefix lengths, possibly triggering a buffer overflow. | ||||
| CVE-2004-0095 | 1 Mcafee | 1 Epolicy Orchestrator | 2026-04-16 | N/A |
| McAfee ePolicy Orchestrator agent allows remote attackers to cause a denial of service (memory consumption and crash) and possibly execute arbitrary code via an HTTP POST request with an invalid Content-Length value, possibly triggering a buffer overflow. | ||||
| CVE-2026-0391 | 1 Microsoft | 1 Edge Chromium | 2026-04-15 | 6.5 Medium |
| User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2026-23651 | 1 Microsoft | 2 Aci Confidential Containers, Microsoft Aci Confidential Containers | 2026-04-15 | 6.7 Medium |
| Permissive regular expression in Azure Compute Gallery allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-33010 | 1 Doobidoo | 1 Mcp-memory-service | 2026-04-15 | 8.1 High |
| mcp-memory-service is an open-source memory backend for multi-agent systems. Prior to version 10.25.1, when the HTTP server is enabled (MCP_HTTP_ENABLED=true), the application configures FastAPI's CORSMiddleware with allow_origins=['*'], allow_credentials=True, allow_methods=["*"], and allow_headers=["*"]. The wildcard Access-Control-Allow-Origin: * header permits any website to read API responses cross-origin. When combined with anonymous access (MCP_ALLOW_ANONYMOUS_ACCESS=true) - the simplest way to get the HTTP dashboard working without OAuth - no credentials are needed, so any malicious website can silently read, modify, and delete all stored memories. This issue has been patched in version 10.25.1. | ||||
| CVE-2026-26117 | 1 Microsoft | 1 Arc Enabled Servers Azure Connected Machine Agent | 2026-04-14 | 7.8 High |
| Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-26113 | 1 Microsoft | 14 365 Apps, Microsoft 365 Apps For Enterprise, Office and 11 more | 2026-04-14 | 8.4 High |
| Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-26112 | 1 Microsoft | 11 365 Apps, Excel, Excel 2016 and 8 more | 2026-04-14 | 7.8 High |
| Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||