Total
4689 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-3668 | 1 Typo3 | 1 Typo3 | 2026-06-16 | 5.0 MEDIUM | 7.5 HIGH |
| TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Header Injection in the secure download feature jumpurl. | |||||
| CVE-2009-1781 | 1 Frax | 1 Php Recommend | 2026-06-16 | 7.5 HIGH | N/A |
| Static code injection vulnerability in admin.php in Frax.dk Php Recommend 1.3 and earlier allows remote attackers to inject arbitrary PHP code into phpre_config.php via the form_aula parameter. | |||||
| CVE-2008-0456 | 2 Apache, Redhat | 4 Http Server, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2026-06-16 | 2.6 LOW | N/A |
| CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file. | |||||
| CVE-2007-4190 | 1 Joomla | 1 Joomla\! | 2026-06-16 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to inject arbitrary HTTP headers and probably conduct HTTP response splitting attacks via CRLF sequences in the url parameter. NOTE: this can be leveraged for cross-site scripting (XSS) attacks. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2005-3750 | 1 Opera | 1 Opera Browser | 2026-06-16 | 7.5 HIGH | N/A |
| Opera before 8.51 on Linux and Unix systems allows remote attackers to execute arbitrary code via shell metacharacters (backticks) in a URL that another product provides in a command line argument when launching Opera. | |||||
| CVE-2005-3056 | 1 Twiki | 1 Twiki | 2026-06-16 | 7.5 HIGH | 9.8 CRITICAL |
| TWiki allows arbitrary shell command execution via the Include function | |||||
| CVE-2005-3007 | 1 Opera | 1 Opera Browser | 2026-06-16 | 2.6 LOW | N/A |
| Opera before 8.50 allows remote attackers to spoof the content type of files via a filename with a trailing "." (dot), which might allow remote attackers to trick users into processing dangerous content. | |||||
| CVE-2004-2570 | 1 Opera | 1 Opera Browser | 2026-06-16 | 5.0 MEDIUM | N/A |
| Opera before 7.54 allows remote attackers to modify properties and methods of the location object and execute Javascript to read arbitrary files from the client's local filesystem or display a false URL to the user. | |||||
| CVE-2004-1157 | 1 Opera | 1 Opera Browser | 2026-06-16 | 7.5 HIGH | N/A |
| Opera 7.x up to 7.54, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. | |||||