Total
5476 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2003-1026 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | N/A |
| Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability." | ||||
| CVE-2003-1358 | 1 Hp | 1 Hp-ux | 2025-04-03 | N/A |
| rs.F300 for HP-UX 10.0 through 11.22 uses the PATH environment variable to find and execute programs such as rm while operating at raised privileges, which allows local users to gain privileges by modifying the path to point to a malicious rm program. | ||||
| CVE-2003-1346 | 1 D-link | 1 Dwl-900ap\+ | 2025-04-03 | N/A |
| D-Link wireless access point DWL-900AP+ 2.2, 2.3 and possibly 2.5 allows remote attackers to set factory default settings by upgrading the firmware using AirPlus Access Point Manager. | ||||
| CVE-2002-2324 | 1 Microsoft | 1 Windows Xp | 2025-04-03 | N/A |
| The "System Restore" directory and subdirectories, and possibly other subdirectories in the "System Volume Information" directory on Windows XP Professional, have insecure access control list (ACL) permissions, which allows local users to access restricted files and modify registry settings. | ||||
| CVE-2005-4089 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | N/A |
| Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka "CSSXSS" and "CSS Cross-Domain Information Disclosure Vulnerability." | ||||
| CVE-2002-0012 | 2 Redhat, Snmp | 3 Linux, Powertools, Snmp | 2025-04-03 | N/A |
| Vulnerabilities in a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via SNMPv1 trap handling, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available. | ||||
| CVE-2000-0844 | 13 Caldera, Conectiva, Debian and 10 more | 16 Openlinux, Openlinux Ebuilder, Openlinux Eserver and 13 more | 2025-04-03 | N/A |
| Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen. | ||||
| CVE-2005-4852 | 1 Ez | 1 Ez Publish | 2025-04-03 | N/A |
| The siteaccess URIMatching implementation in eZ publish 3.5 through 3.8 before 20050812 converts all non-alphanumeric characters in a URI to '_' (underscore), which allows remote attackers to bypass access restrictions by inserting certain characters in a URI, as demonstrated by a request for /admin:de, which matches a rule allowing only /admin_de to access /admin. | ||||
| CVE-2004-1193 | 1 Prevx | 1 Prevx Home | 2025-04-03 | N/A |
| Prevx Home 1.0 allows local users with administrator privileges to bypass the intrusion prevention features by directly writing to \device\physicalmemory, which restores the running kernel's original SDT ServiceTable. | ||||
| CVE-2006-4640 | 2 Adobe, Redhat | 2 Flash Player, Rhel Extras | 2025-04-03 | N/A |
| Unspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows user-assisted remote attackers to bypass the allowScriptAccess protection via unspecified vectors. | ||||
| CVE-2004-2743 | 1 Raditha Dissanayake | 1 Mega Upload Progress Bar | 2025-04-03 | N/A |
| upload.cgi in Mega Upload Progress Bar before 1.45 allows remote attackers to copy or overwrite arbitrary files via unspecified parameters related to names of uploaded files. | ||||
| CVE-2006-1079 | 1 Acme Labs | 1 Thttpd | 2025-04-03 | N/A |
| htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included. | ||||
| CVE-2021-36879 | 1 Stylemixthemes | 1 Ulisting | 2025-03-28 | 9.8 Critical |
| Unauthenticated Privilege Escalation vulnerability in WordPress uListing plugin (versions <= 2.0.5). Possible if WordPress configuration allows user registration. | ||||
| CVE-2023-24573 | 1 Dell | 1 Command \| Monitor | 2025-03-24 | 4.7 Medium |
| Dell Command | Monitor versions prior to 10.9 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion. | ||||
| CVE-2024-43064 | 1 Qualcomm | 60 Qam8255p, Qam8255p Firmware, Qam8295p and 57 more | 2025-02-28 | 7.5 High |
| Uncontrolled resource consumption when a driver, an application or a SMMU client tries to access the global registers through SMMU. | ||||
| CVE-2022-29444 | 1 Cloudways | 1 Breeze | 2025-02-20 | 6.5 Medium |
| Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerability in Cloudways Breeze plugin <= 2.0.2 on WordPress allows users with a subscriber or higher user role to execute any of the wp_ajax_* actions in the class Breeze_Configuration which includes the ability to change any of the plugin's settings including CDN setting which could be further used for XSS attack. | ||||
| CVE-2022-29423 | 1 Edmonsoft | 1 Countdown Builder | 2025-02-20 | 3.8 Low |
| Pro Features Lock Bypass vulnerability in Countdown & Clock plugin <= 2.3.2 at WordPress. | ||||
| CVE-2022-33198 | 1 Oxilab | 1 Accordions | 2025-02-20 | 9.8 Critical |
| Unauthenticated WordPress Options Change vulnerability in Biplob Adhikari's Accordions plugin <= 2.0.2 at WordPress. | ||||
| CVE-2022-34487 | 1 Oxilab | 1 Shortcode Addons | 2025-02-20 | 9.8 Critical |
| Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin <= 3.0.2 at WordPress. | ||||
| CVE-2022-27235 | 1 Supsystic | 1 Social Share Buttons | 2025-02-20 | 6.3 Medium |
| Multiple Broken Access Control vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress. | ||||