Export limit exceeded: 347828 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347828 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-5502 | 1 Openssl | 1 Fips Object Module | 2026-04-23 | N/A |
| The PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does not perform auto-seeding during the FIPS self-test, which generates random data that is more predictable than expected and makes it easier for attackers to bypass protection mechanisms that rely on the randomness. | ||||
| CVE-2007-6522 | 1 Opera | 1 Opera Browser | 2026-04-23 | N/A |
| The rich text editing functionality in Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks by using designMode to modify contents of pages in other domains. | ||||
| CVE-2007-6521 | 1 Opera | 1 Opera Browser | 2026-04-23 | N/A |
| Unspecified vulnerability in Opera before 9.25 allows remote attackers to execute arbitrary code via crafted TLS certificates. | ||||
| CVE-2007-5501 | 1 Linux | 1 Linux Kernel | 2026-04-23 | N/A |
| The tcp_sacktag_write_queue function in net/ipv4/tcp_input.c in Linux kernel 2.6.21 through 2.6.23.7, and 2.6.24-rc through 2.6.24-rc2, allows remote attackers to cause a denial of service (crash) via crafted ACK responses that trigger a NULL pointer dereference. | ||||
| CVE-2007-6520 | 1 Opera | 1 Opera Browser | 2026-04-23 | N/A |
| Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks via unknown vectors related to plug-ins. | ||||
| CVE-2007-5500 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-23 | N/A |
| The wait_task_stopped function in the Linux kernel before 2.6.23.8 checks a TASK_TRACED bit instead of an exit_state value, which allows local users to cause a denial of service (machine crash) via unspecified vectors. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-1446 | 1 Elkagroup | 1 Image Gallery | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in upload.php in Elkagroup Image Gallery 1.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in gallery/pictures/. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-4109 | 2 Debian, Openbsd | 2 Linux, Openssh | 2026-04-23 | N/A |
| A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts. NOTE: this issue exists because of an incorrect fix for CVE-2006-5051. | ||||
| CVE-2008-2414 | 1 Aguestbook | 1 An Guestbook | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in send_email.php in AN Guestbook (ANG) 0.4 allows remote attackers to inject arbitrary web script or HTML via the postid parameter. | ||||
| CVE-2008-2349 | 1 Zomp | 1 Zomplog | 2026-04-23 | N/A |
| Zomplog 3.8.2 and earlier allows remote attackers to gain administrative access by creating an admin account via a direct request to install/newuser.php with the admin parameter set to 1. | ||||
| CVE-2007-6482 | 2 Linux, Sun | 4 Linux Kernel, Ray Server Software, Solaris and 1 more | 2026-04-23 | N/A |
| Unspecified vulnerability in the Device Manager daemon (utdevmgrd) in Sun Ray Server Software 2.0, 3.0, 3.1, and 3.1.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors. | ||||
| CVE-2007-5080 | 1 Realnetworks | 3 Realone Player, Realplayer, Realplayer Enterprise | 2026-04-23 | N/A |
| Integer overflow in RealNetworks RealPlayer 10 and 10.5, RealOne Player 1, and RealPlayer Enterprise for Windows allows remote attackers to execute arbitrary code via a crafted Lyrics3 2.00 tag in an MP3 file, resulting in a heap-based buffer overflow. | ||||
| CVE-2007-4762 | 1 E-smart Cart | 1 E-smart Cart | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in embadmin/login.asp in E-SMARTCART 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) pass fields, different vectors than CVE-2007-0092. | ||||
| CVE-2007-3823 | 1 Ipswitch | 1 Ws Ftp | 2026-04-23 | N/A |
| The Logging Server (Logsrv.exe) in IPSwitch WS_FTP 7.5.29.0 allows remote attackers to cause a denial of service (daemon crash) by sending a crafted packet containing a long string to port 5151/udp. | ||||
| CVE-2007-1848 | 1 Drake Team | 1 Drake Cms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/classes/ui.dta.php in Drake CMS allows remote attackers to inject arbitrary web script or HTML via the desc[][title] field. NOTE: Drake CMS has only a beta version available, and the vendor has previously stated "We do not consider security reports valid until the first official release of Drake CMS." | ||||
| CVE-2007-1847 | 1 Xoops | 1 Repository Module | 2026-04-23 | N/A |
| SQL injection vulnerability in viewcat.php in the Repository module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. | ||||
| CVE-2006-7187 | 1 Web-app.net | 1 Webapp | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the show_recent_searches function in cgi-lib/user-lib/search.pl in web-app.net WebAPP before 20060909 allows remote attackers to inject arbitrary web script or HTML via the srch variable. | ||||
| CVE-2006-6599 | 1 Torrentflux | 1 Torrentflux | 2026-04-23 | N/A |
| maketorrent.php in TorrentFlux 2.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters (";" semicolon) in the announce parameter. | ||||
| CVE-2006-6598 | 1 Torrentflux | 2 Torrentflux, Torrentflux-b4rt | 2026-04-23 | N/A |
| Directory traversal vulnerability in viewnfo.php in (1) TorrentFlux before 2.2 and (2) torrentflux-b4rt before 2.1-b4rt-972 allows remote authenticated users to read arbitrary files via .. (dot dot) sequences in the path parameter, a different vector than CVE-2006-6328. | ||||
| CVE-2006-6590 | 1 Php | 1 Ar Memberscript | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in usercp_menu.php in AR Memberscript allows remote attackers to execute arbitrary PHP code via a URL in the script_folder parameter. | ||||