Export limit exceeded: 18536 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 349400 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (349400 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-2907 | 1 Ssl-explorer | 1 Ssl-explorer | 2026-04-23 | N/A |
| Unspecified vulnerability in SSL-Explorer before 0.2.13 allows remote authenticated users to enter redirect URLs containing (1) JavaScript or (2) HTTP headers via an unspecified vector, possibly the forwardTo parameter to redirect.do. NOTE: the impact might be cross-site scripting (XSS) or HTTP request smuggling. | ||||
| CVE-2008-1001 | 2 Apple, Microsoft | 3 Safari, Windows Vista, Windows Xp | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1, when running on Windows XP or Vista, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is not properly handled in the error page. | ||||
| CVE-2008-4377 | 1 Creative Mind | 1 Creator Cms | 2026-04-23 | N/A |
| SQL injection vulnerability in index.asp in Creative Mind Creator CMS 5.0 allows remote attackers to execute arbitrary SQL commands via the sideid parameter. | ||||
| CVE-2008-6830 | 1 Citrix | 1 Web Interface | 2026-04-23 | N/A |
| The disconnection feature in Citrix Web Interface 5.0 and 5.0.1 for Java Application Servers does not properly terminate a user's web interface session, which allows attackers with access to the same browser instance to gain access to the user's Web Interface session. NOTE: the attacker must also have valid credentials to the Web Interface. | ||||
| CVE-2009-1029 | 1 Poppeeper | 1 Pop Peeper | 2026-04-23 | N/A |
| Stack-based buffer overflow in POP Peeper 3.4.0.0 and earlier allows remote POP3 servers to execute arbitrary code via a long Date header, related to Imap.dll. | ||||
| CVE-2007-2908 | 1 Jelsoft | 1 Vbulletin | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin before 3.6.6 allows remote attackers to inject arbitrary web script or HTML via the title field in a single add action. | ||||
| CVE-2007-2909 | 1 Jelsoft | 1 Vbulletin | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin 3.6.x before 3.6.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_calendar366_xss_fix_plugin.xml update. | ||||
| CVE-2008-1010 | 1 Apple | 1 Safari | 2026-04-23 | N/A |
| Buffer overflow in WebKit, as used in Apple Safari before 3.1, allows remote attackers to execute arbitrary code via crafted regular expressions in JavaScript. | ||||
| CVE-2008-4381 | 1 Microsoft | 1 Internet Explorer | 2026-04-23 | N/A |
| Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (application crash) via Javascript that calls the alert function with a URL-encoded string of a large number of invalid characters. | ||||
| CVE-2008-6831 | 1 Atlassian | 1 Jira | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA Enterprise Edition 3.13 allow remote attackers to inject arbitrary web script or HTML via the (1) fullname (Full Name) parameter in the ViewProfile page or (2) returnUrl parameter in a form, as demonstrated using secure/AddComment!default.jspa (aka "Add Comment"). | ||||
| CVE-2009-1030 | 1 Wordpress | 1 Wordpress Mu | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the choose_primary_blog function in wp-includes/wpmu-functions.php in WordPress MU (WPMU) before 2.7 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header. | ||||
| CVE-2009-1695 | 1 Apple | 1 Safari | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving access to frame contents after completion of a page transition. | ||||
| CVE-2007-2910 | 1 Jelsoft | 1 Vbulletin | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.6.7 PL1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_367_xss_fix_plugin.xml update, a related issue to CVE-2007-2909. | ||||
| CVE-2008-1019 | 1 Apple | 1 Quicktime | 2026-04-23 | N/A |
| Heap-based buffer overflow in quickTime.qts in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted PICT image file, related to an improperly terminated memory copy loop. | ||||
| CVE-2008-4383 | 2 Alcatel, Alcatel-lucent | 2 Aos, Omniswitch | 2026-04-23 | N/A |
| Stack-based buffer overflow in the Agranet-Emweb embedded management web server in Alcatel OmniSwitch OS7000, OS6600, OS6800, OS6850, and OS9000 Series devices with AoS 5.1 before 5.1.6.463.R02, 5.4 before 5.4.1.429.R01, 6.1.3 before 6.1.3.965.R01, 6.1.5 before 6.1.5.595.R01, and 6.3 before 6.3.1.966.R01 allows remote attackers to execute arbitrary code via a long Session cookie. | ||||
| CVE-2008-6832 | 1 Atlassian | 1 Jira | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Atlassian JIRA Enterprise Edition 3.13 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-1031 | 1 Solarwinds | 1 Serv-u File Server | 2026-04-23 | N/A |
| Directory traversal vulnerability in the FTP server in Rhino Software Serv-U File Server 7.0.0.1 through 7.4.0.1 allows remote attackers to create arbitrary directories via a \.. (backslash dot dot) in an MKD request. | ||||
| CVE-2007-2911 | 1 Jelsoft | 1 Vbulletin | 2026-04-23 | N/A |
| SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin before 3.6.6 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached After" field (GPC['search']['datelineafter'] variable), a related issue to CVE-2007-1573. | ||||
| CVE-2008-1024 | 2 Apple, Microsoft | 3 Safari, Windows Vista, Windows Xp | 2026-04-23 | N/A |
| Apple Safari before 3.1.1, when running on Windows XP or Vista, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file download with a crafted file name, which triggers memory corruption. | ||||
| CVE-2008-6834 | 1 Fuzzylime | 1 Fuzzylime \(cms\) | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in fuzzylime (cms) 3.01 and 3.01a allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the s parameter to code/commupdate.php in a count action or (2) the heads parameter to code/newsheads.php. NOTE: the blog.php vector is already covered by CVE-2008-3164. | ||||