Total
29914 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-4080 | 1 Sun | 2 Opensolaris, Sunos | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in ldap_cachemgr (aka the LDAP client configuration cache daemon) in Sun Solaris 9 and 10, and OpenSolaris before snv_78, allow local users to cause a denial of service (daemon crash) via vectors involving multiple serviceSearchDescriptor attributes and a call to the getldap_lookup function, and unspecified other vectors. | ||||
| CVE-2009-4081 | 1 Dag.wieers | 1 Dstat | 2026-04-23 | N/A |
| Untrusted search path vulnerability in dstat before r3199 allows local users to gain privileges via a Trojan horse Python module in the current working directory, a different vulnerability than CVE-2009-3894. | ||||
| CVE-2008-6775 | 1 Htc | 2 Touch Cruise, Touch Pro | 2026-04-23 | N/A |
| HTC Touch Pro and HTC Touch Cruise vCard allows remote attackers to cause denial of service (CPU consumption, SMS consumption, and connectivity loss) via a flood of vCards to UDP port 9204. | ||||
| CVE-2009-4130 | 1 Mozilla | 1 Firefox | 2026-04-23 | N/A |
| Visual truncation vulnerability in the MakeScriptDialogTitle function in nsGlobalWindow.cpp in Mozilla Firefox allows remote attackers to spoof the origin domain name of a script via a long name. | ||||
| CVE-2006-5479 | 1 Novell | 1 Edirectory | 2026-04-23 | N/A |
| The NCP Engine in Novell eDirectory before 8.7.3.8 FTF1 allows remote attackers to cause an unspecified denial of service via a certain "NCP Fragment." | ||||
| CVE-2006-5477 | 1 Drupal | 1 Drupal | 2026-04-23 | N/A |
| Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows form submissions to be redirected, which allows remote attackers to obtain arbitrary form information via a crafted URL. | ||||
| CVE-2007-3542 | 1 Pluxml | 1 Pluxml | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/auth.php in Pluxml 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | ||||
| CVE-2007-3430 | 1 Simple Invoices | 1 Simple Invoices | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Simple Invoices 2007 05 25 allows remote attackers to execute arbitrary SQL commands via the submit parameter in an email action. | ||||
| CVE-2007-3426 | 1 Zoneo-soft | 1 Phptraffica | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | ||||
| CVE-2010-0315 | 1 Google | 1 Chrome | 2026-04-23 | N/A |
| WebKit before r53607, as used in Google Chrome before 4.0.249.89, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value, related to an IFRAME element. | ||||
| CVE-2010-0313 | 1 Sun | 1 Java System Directory Server | 2026-04-23 | N/A |
| The core_get_proxyauth_dn function in ns-slapd in Sun Java System Directory Server Enterprise Edition 7.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted LDAP Search Request message. | ||||
| CVE-2007-1455 | 1 Cpanel-host | 1 Fantastico De Luxe | 2026-04-23 | N/A |
| Multiple absolute path traversal vulnerabilities in Fantastico, as used with cPanel 10.x, allow remote authenticated users to include and execute arbitrary local files via (1) the userlanguage parameter to includes/load_language.php or (2) the fantasticopath parameter to includes/mysqlconfig.php and certain other files. | ||||
| CVE-2010-0278 | 1 Microsoft | 3 Windows 7, Windows Live Messenger, Windows Vista | 2026-04-23 | N/A |
| A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build 14.0.8089.726 on Windows Vista and Windows 7 allows remote attackers to cause a denial of service (msnmsgr.exe crash) by calling the ViewProfile method with a crafted argument during an MSN Messenger session. | ||||
| CVE-2006-6399 | 1 Superfreaker Studios | 1 Upublisher | 2026-04-23 | N/A |
| SQL injection vulnerability in Superfreaker Studios UPublisher 1.0 allows remote attackers to execute arbitrary SQL commands via the Username parameter in login.asp. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | ||||
| CVE-2007-2961 | 1 Filecloset | 1 Filecloset | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in FileCloset before 1.1.5 allows remote attackers to upload arbitrary PHP files via unspecified vectors. | ||||
| CVE-2009-2812 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| Launch Services in Apple Mac OS X 10.5.8 does not properly recognize an unsafe Uniform Type Identifier (UTI) in an exported document type in a downloaded application, which allows remote attackers to trigger the automatic opening of a file, and execute arbitrary code, via a crafted web site. | ||||
| CVE-2008-4728 | 1 Hummingbird | 1 Deployment Wizard | 2026-04-23 | N/A |
| Multiple insecure method vulnerabilities in the DeployRun.DeploymentSetup.1 (DeployRun.dll) ActiveX control 10.0.0.44 in Hummingbird Deployment Wizard 2008 allow remote attackers to execute arbitrary programs via the (1) Run and (2) PerformUpdateAsync methods, and (3) modify arbitrary registry values via the SetRegistryValueAsString method. NOTE: the SetRegistryValueAsString method could be leveraged for code execution by specifying executable file values to Startup folders. | ||||
| CVE-2009-0654 | 1 Tor | 1 Tor | 2026-04-23 | N/A |
| Tor 0.2.0.28, and probably 0.2.0.34 and earlier, allows remote attackers, with control of an entry router and an exit router, to confirm that a sender and receiver are communicating via vectors involving (1) replaying, (2) modifying, (3) inserting, or (4) deleting a single cell, and then observing cell recognition errors at the exit router. NOTE: the vendor disputes the significance of this issue, noting that the product's design "accepted end-to-end correlation as an attack that is too expensive to solve." | ||||
| CVE-2007-3945 | 2 Linux, Rsbac | 2 Linux Kernel, Rule Set Based Access Control | 2026-04-23 | N/A |
| Rule Set Based Access Control (RSBAC) before 1.3.5 does not properly use the Linux Kernel Crypto API for the Linux kernel 2.6.x, which allows context-dependent attackers to bypass authentication controls via unspecified vectors, possibly involving User Management password hashing and unchecked function return codes. | ||||
| CVE-2008-3792 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Mrg | 2026-04-23 | N/A |
| net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4 does not verify that the SCTP-AUTH extension is enabled before proceeding with SCTP-AUTH API functions, which allows attackers to cause a denial of service (NULL pointer dereference and panic) via vectors that result in calls to (1) sctp_setsockopt_auth_chunk, (2) sctp_setsockopt_hmac_ident, (3) sctp_setsockopt_auth_key, (4) sctp_setsockopt_active_key, (5) sctp_setsockopt_del_key, (6) sctp_getsockopt_maxburst, (7) sctp_getsockopt_active_key, (8) sctp_getsockopt_peer_auth_chunks, or (9) sctp_getsockopt_local_auth_chunks. | ||||