Export limit exceeded: 13738 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29908 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-0446 | 1 Black Tie Project | 1 Black Tie Project | 2026-04-16 | N/A |
| categorie.php3 in Black Tie Project (BTP) 0.4b through 0.5b allows remote attackers to determine the absolute path of the web server via an invalid category ID (cid) parameter, which leaks the pathname in an error message. | ||||
| CVE-2005-3663 | 1 Kaspersky Lab | 1 Kaspersky Anti-virus | 2026-04-16 | N/A |
| Unquoted Windows search path vulnerability in Kaspersky Anti-Virus 5.0 might allow local users to gain privileges via a malicious "program.exe" file in the C: folder. | ||||
| CVE-2002-0447 | 1 Xerver | 1 Xerver | 2026-04-16 | N/A |
| Directory traversal vulnerability in Xerver Free Web Server 2.10 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in an HTTP GET request. | ||||
| CVE-2002-0448 | 1 Xerver | 1 Xerver | 2026-04-16 | N/A |
| Xerver Free Web Server 2.10 and earlier allows remote attackers to cause a denial of service (crash) via an HTTP request that contains many "C:/" sequences. | ||||
| CVE-2002-0449 | 1 Talentsoft | 1 Web\+ Server | 2026-04-16 | N/A |
| Buffer overflow in webpsvc.exe for Talentsoft Web+ 5.0 and earlier allows remote attackers to execute arbitrary code via a long argument to webplus.exe program, which triggers the overflow in webpsvc.exe. | ||||
| CVE-2002-0450 | 1 Talentsoft | 1 Web\+ Server | 2026-04-16 | N/A |
| Buffer overflow in Talentsoft Web+ 5.0 and earlier allows remote attackers to execute arbitrary code via a long Web Markup Language (wml) file name to (1) webplus.dll or (2) webplus.exe. | ||||
| CVE-2005-0380 | 1 Zeroboard | 1 Zeroboard | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in (1) print_category.php, (2) login.php, (3) setup.php, (4) ask_password.php, or (5) error.php in ZeroBoard 4.1pl5 and earlier allow remote attackers to execute arbitrary PHP code by modifying the dir parameter to reference a URL on a remote web server that contains the code. | ||||
| CVE-2002-0500 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Internet Explorer 5.0 through 6.0 allows remote attackers to determine the existence of files on the client via an IMG tag with a dynsrc property that references the target file, which sets certain elements of the image object such as file size. | ||||
| CVE-2005-0437 | 1 Awstats | 1 Awstats | 2026-04-16 | N/A |
| Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to include arbitrary Perl modules via .. (dot dot) sequences in the loadplugin parameter. | ||||
| CVE-2002-0510 | 1 Linux | 1 Linux Kernel | 2026-04-16 | N/A |
| The UDP implementation in Linux 2.4.x kernels keeps the IP Identification field at 0 for all non-fragmented packets, which could allow remote attackers to determine that a target system is running Linux. | ||||
| CVE-2026-0391 | 1 Microsoft | 1 Edge Chromium | 2026-04-15 | 6.5 Medium |
| User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2026-23651 | 1 Microsoft | 2 Aci Confidential Containers, Microsoft Aci Confidential Containers | 2026-04-15 | 6.7 Medium |
| Permissive regular expression in Azure Compute Gallery allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-33010 | 1 Doobidoo | 1 Mcp-memory-service | 2026-04-15 | 8.1 High |
| mcp-memory-service is an open-source memory backend for multi-agent systems. Prior to version 10.25.1, when the HTTP server is enabled (MCP_HTTP_ENABLED=true), the application configures FastAPI's CORSMiddleware with allow_origins=['*'], allow_credentials=True, allow_methods=["*"], and allow_headers=["*"]. The wildcard Access-Control-Allow-Origin: * header permits any website to read API responses cross-origin. When combined with anonymous access (MCP_ALLOW_ANONYMOUS_ACCESS=true) - the simplest way to get the HTTP dashboard working without OAuth - no credentials are needed, so any malicious website can silently read, modify, and delete all stored memories. This issue has been patched in version 10.25.1. | ||||
| CVE-2026-26117 | 1 Microsoft | 1 Arc Enabled Servers Azure Connected Machine Agent | 2026-04-14 | 7.8 High |
| Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-26113 | 1 Microsoft | 14 365 Apps, Microsoft 365 Apps For Enterprise, Office and 11 more | 2026-04-14 | 8.4 High |
| Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-26112 | 1 Microsoft | 11 365 Apps, Excel, Excel 2016 and 8 more | 2026-04-14 | 7.8 High |
| Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2020-26147 | 5 Arista, Debian, Linux and 2 more | 15 C-65, C-65 Firmware, C-75 and 12 more | 2026-04-14 | 5.4 Medium |
| An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. | ||||
| CVE-2022-36325 | 1 Siemens | 180 Scalance M-800, Scalance M-800 Firmware, Scalance S615 and 177 more | 2026-04-14 | 6.8 Medium |
| Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS. | ||||
| CVE-2022-36323 | 1 Siemens | 180 Scalance M-800, Scalance M-800 Firmware, Scalance S615 and 177 more | 2026-04-14 | 9.1 Critical |
| Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. | ||||
| CVE-2026-20993 | 1 Samsung | 2 Assistant, Samsung Assistant | 2026-04-09 | 5.5 Medium |
| Improper export of android application components in Samsung Assistant prior to version 9.3.10.7 allows local attacker to access saved information. | ||||