Total
11002 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-2322 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2026-04-16 | 5.0 MEDIUM | N/A |
| Ultimate PHP Board (UPB) 1.0b stores the users.dat data file under the web root with insufficient access control, which allows remote attackers to obtain usernames and passwords. | |||||
| CVE-2002-2236 | 1 Apt-www-proxy | 1 Apt-www-proxy | 2026-04-16 | 10.0 HIGH | N/A |
| Format string vulnerability in the awp_log function in apt-www-proxy 0.1 allows remote attackers to execute arbitrary code. | |||||
| CVE-2004-0840 | 1 Microsoft | 3 Exchange Server, Windows Server 2003, Windows Xp | 2026-04-16 | 10.0 HIGH | N/A |
| The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated. | |||||
| CVE-2001-0509 | 1 Microsoft | 4 Exchange Server, Sql Server, Windows 2000 and 1 more | 2026-04-16 | 5.0 MEDIUM | N/A |
| Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs. | |||||
| CVE-1999-0867 | 1 Microsoft | 3 Commercial Internet System, Internet Information Server, Site Server | 2026-04-16 | 5.0 MEDIUM | N/A |
| Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers. | |||||
| CVE-2005-1795 | 1 Clam Anti-virus | 1 Clamav | 2026-04-16 | 7.5 HIGH | N/A |
| The filecopy function in misc.c in Clam AntiVirus (ClamAV) before 0.85, on Mac OS, allows remote attackers to execute arbitrary code via a virus in a filename that contains shell metacharacters, which are not properly handled when HFS permissions prevent the file from being deleted and ditto is invoked. | |||||
| CVE-2003-1488 | 1 Truelogik | 1 Truegalerie | 2026-04-16 | 6.4 MEDIUM | N/A |
| The (1) verif_admin.php and (2) check_admin.php scripts in Truegalerie 1.0 allow remote attackers to gain administrator access via a request to admin.php without the connect parameter and with the loggedin parameter set to any value, such as 1. | |||||
| CVE-2002-1358 | 7 Cisco, Fissh, Intersoft and 4 more | 7 Ios, Ssh Client, Securenetterm and 4 more | 2026-04-16 | 10.0 HIGH | N/A |
| Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite. | |||||
| CVE-2006-0744 | 1 Linux | 1 Linux Kernel | 2026-04-16 | 4.9 MEDIUM | N/A |
| Linux kernel before 2.6.16.5 does not properly handle uncanonical return addresses on Intel EM64T CPUs, which reports an exception in the SYSRET instead of the next instruction, which causes the kernel exception handler to run on the user stack with the wrong GS. | |||||
| CVE-1999-0999 | 1 Microsoft | 1 Sql Server | 2026-04-16 | 4.3 MEDIUM | N/A |
| Microsoft SQL 7.0 server allows a remote attacker to cause a denial of service via a malformed TDS packet. | |||||
| CVE-2018-20225 | 1 Pypa | 1 Pip | 2026-04-15 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely | |||||
| CVE-2026-40162 | 1 Bugsink | 1 Bugsink | 2026-04-15 | N/A | 7.1 HIGH |
| Bugsink is a self-hosted error tracking tool. In 2.1.0, an authenticated file write vulnerability was identified in Bugsink 2.1.0 in the artifact bundle assembly flow. A user with a valid authentication token could cause the application to write attacker-controlled content to a filesystem location writable by the Bugsink process. This vulnerability is fixed in 2.1.1. | |||||
| CVE-2026-27299 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2026-04-15 | N/A | 6.3 MEDIUM |
| Adobe Framemaker versions 2022.8 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to access sensitive files or data on the system. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2026-33250 | 2026-04-15 | N/A | 7.5 HIGH | ||
| Freeciv21 is a free open source, turn-based, empire-building strategy game. Versions prior to 3.1.1 crash with a stack overflow when receiving specially-crafted packets. A remote attacker can use this to take down any public server. A malicious server can use this to crash the game on the player's machine. Authentication is not needed and, by default, logs do not contain any useful information. All users should upgrade to Freeciv21 version 3.1.1. Running the server behind a firewall can help mitigate the issue for non-public servers. For local games, Freeciv21 restricts connections to the current user and is therefore not affected. | |||||
| CVE-2026-34445 | 1 Linuxfoundation | 1 Onnx | 2026-04-15 | N/A | 8.6 HIGH |
| Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, the ExternalDataInfo class in ONNX was using Python’s setattr() function to load metadata (like file paths or data lengths) directly from an ONNX model file. It didn’t check if the "keys" in the file were valid. Due to this, an attacker could craft a malicious model that overwrites internal object properties. This issue has been patched in version 1.21.0. | |||||
| CVE-2021-3910 | 2 Cloudflare, Debian | 2 Octorpki, Debian Linux | 2026-04-15 | 5.0 MEDIUM | 4.4 MEDIUM |
| OctoRPKI crashes when encountering a repository that returns an invalid ROA (just an encoded NUL (\0) character). | |||||
| CVE-2024-32048 | 2026-04-15 | N/A | 6.5 MEDIUM | ||
| Improper input validation in the Intel(R) Distribution of OpenVINO(TM) Model Server software before version 2024.0 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | |||||
| CVE-2021-34752 | 2026-04-15 | N/A | 6.7 MEDIUM | ||
| A vulnerability in the CLI of Cisco FTD Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands with root privileges on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user-supplied command arguments. An attacker could exploit this vulnerability by submitting crafted input to the affected commands. A successful exploit could allow the attacker to execute commands with root privileges on the underlying operating system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | |||||
| CVE-2023-22662 | 2026-04-15 | N/A | 5.8 MEDIUM | ||
| Improper input validation of EpsdSrMgmtConfig in UEFI firmware for some Intel(R) Server Board S2600BP products may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2024-24582 | 2026-04-15 | N/A | 7.5 HIGH | ||
| Improper input validation in XmlCli feature for UEFI firmware for some Intel(R) processors may allow privileged user to potentially enable escalation of privilege via local access. | |||||