Export limit exceeded: 363576 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3406 | 1 Microsoft | 2 Internet Explorer, Windows Xp | 2026-04-23 | N/A |
| Multiple absolute path traversal vulnerabilities in Microsoft Internet Explorer 6 on Windows XP SP2 allow remote attackers to access arbitrary local files via the file: URI in the (1) src attribute of a (a) bgsound, (b) input, (c) EMBED, (d) img, or (e) script tag; (2) data attribute of an object tag; (3) value attribute of a param tag; (4) background attribute of a body tag; or (5) the background:url attribute declared in the BODY parameter of a STYLE tag. | ||||
| CVE-2007-6351 | 2 Libexif Project, Redhat | 2 Libexif, Enterprise Linux | 2026-04-23 | N/A |
| libexif 0.6.16 and earlier allows context-dependent attackers to cause a denial of service (infinite recursion) via an image file with crafted EXIF tags, possibly involving the exif_loader_write function in exif_loader.c. | ||||
| CVE-2007-3384 | 1 Apache | 1 Tomcat | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages. | ||||
| CVE-2007-5500 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-23 | N/A |
| The wait_task_stopped function in the Linux kernel before 2.6.23.8 checks a TASK_TRACED bit instead of an exit_state value, which allows local users to cause a denial of service (machine crash) via unspecified vectors. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-2979 | 2 Adobe, Redhat | 3 Acrobat, Acrobat Reader, Rhel Extras | 2026-04-23 | N/A |
| Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 do not properly perform XMP-XML entity expansion, which allows remote attackers to cause a denial of service via a crafted document. | ||||
| CVE-2007-1181 | 1 Web-app.org | 1 Webapp | 2026-04-23 | N/A |
| WebAPP before 0.9.9.5 passes (1) Unused Informations and (2) the username through Edit Profile forms, which has unknown impact and attack vectors. | ||||
| CVE-2007-3330 | 1 Stphp | 1 Easynews | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in STphp EasyNews PRO 4.0 allows remote attackers to inject arbitrary web script or HTML via a news post, which is stored in news/ without sanitization. | ||||
| CVE-2007-1182 | 1 Web-app.org | 1 Webapp | 2026-04-23 | N/A |
| WebAPP before 0.9.9.5 allows remote Guest users to edit a Guest profile, which has unknown impact. | ||||
| CVE-2007-2958 | 2 Sylpheed, Sylpheed-claws | 2 Sylpheed, Sylpheed-claws | 2026-04-23 | N/A |
| Format string vulnerability in the inc_put_error function in src/inc.c in Sylpheed 2.4.4, and Sylpheed-Claws (Claws Mail) 1.9.100 and 2.10.0, allows remote POP3 servers to execute arbitrary code via format string specifiers in crafted replies. | ||||
| CVE-2006-6606 | 1 Clarens | 1 Jclarens | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Clarens jclarens before 0.6.2 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2006-5587 | 1 Mdweb | 1 Mdweb | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in MDweb 1.3 and earlier (Mdweb132-postgres) allow remote attackers to execute arbitrary PHP code via a URL in the chemin_appli parameter in (1) admin/inc/organisations/form_org.inc.php and (2) admin/inc/organisations/country_insert.php. | ||||
| CVE-2007-0999 | 2 Gnome, Redhat | 2 Ekiga, Enterprise Linux | 2026-04-23 | N/A |
| Format string vulnerability in Ekiga 2.0.3, and probably other versions, allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2007-1006. | ||||
| CVE-2007-3328 | 1 Interact | 1 Interact | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Interact 2.4 beta 1 allow remote attackers to inject arbitrary web script or HTML via the (1) module_key parameter to (a) kb/kb.php, (b) quiz/runquiz.php, (c) quiz/quiz.php, (d) forum/forum.php, (e) forum/byname.php, and (f) journal/journalview.php in modules/, and unspecified other scripts; the (2) tag_key parameter to modules/journal/journalview.php; the (3) user_group_key parameter to (g) users/secureaccounts.php; and (4) the request_uri parameter to (h) login.php. | ||||
| CVE-2006-5588 | 1 Cms Faethon | 1 Cms Faethon | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in CMS Faethon 2.0 Ultimate and earlier, when register_globals and magic_quotes_gpc are enabled, allow remote attackers to execute arbitrary PHP code via a URL in the mainpath parameter to (1) includes/rss-reader.php or (2) admin/config.php, different vectors than CVE-2006-3185. | ||||
| CVE-2007-1000 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-23 | N/A |
| The ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c in the Linux kernel before 2.6.20.2 allows local users to read arbitrary kernel memory via certain getsockopt calls that trigger a NULL dereference. | ||||
| CVE-2006-5594 | 1 University Of British Columbia | 1 Ipeer | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in University of British Columbia iPeer 2.0, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: it is possible that this issue is related to CakePHP. | ||||
| CVE-2007-3322 | 1 Avaya | 1 4602sw Ip Phone | 2026-04-23 | N/A |
| The Avaya 4602 SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware uses a constant media port number for calls, which allows remote attackers to cause a denial of service (audio quality loss) via a flood of packets to the RTP port. | ||||
| CVE-2006-5599 | 1 Oracle | 1 Apex | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Oracle Application Express (formerly HTML DB) before 2.2.1 allows remote attackers to inject arbitrary HTML or web script via the WWV_FLOW_ITEM_HELP package. NOTE: it is likely that this issue overlaps one of the Oracle VulnIDs covered by CVE-2006-5351. Oracle has not publicly disputed claims by a reliable researcher that this has been fixed by the October 2006 CPU. | ||||
| CVE-2006-5602 | 1 Xsupplicant | 1 Xsupplicant | 2026-04-23 | N/A |
| Multiple memory leaks in xsupplicant before 1.2.6, and possibly other versions, allow attackers to cause a denial of service (memory consumption) via unspecified vectors. | ||||
| CVE-2007-3321 | 1 Avaya | 1 4602sw Ip Phone | 2026-04-23 | N/A |
| The Avaya 4602 SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware allows remote attackers to cause a denial of service (device reboot) via a flood of packets to the BOOTP port (68/udp). | ||||