Total
4728 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-3212 | 1 Vtiger | 1 Vtiger Crm | 2026-06-16 | 6.8 MEDIUM | 8.1 HIGH |
| vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilities in 'customerportal.php' which allows remote attackers to view files and execute local script code. | |||||
| CVE-2013-2678 | 1 Cisco | 2 Linksys E4200, Linksys E4200 Firmware | 2026-06-16 | 6.8 MEDIUM | 8.1 HIGH |
| Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers to obtain sensitive information or execute arbitrary code by sending a crafted URL request to the apply.cgi script using the submit_type parameter. | |||||
| CVE-2013-2251 | 5 Apache, Fujitsu, Microsoft and 2 more | 9 Archiva, Struts, Interstage Business Process Manager Analytics and 6 more | 2026-06-16 | 9.3 HIGH | 9.8 CRITICAL |
| Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix. | |||||
| CVE-2013-2095 | 1 Openshift-origin-controller Project | 1 Openshift-origin-controller | 2026-06-16 | 7.5 HIGH | 9.8 CRITICAL |
| rubygem-openshift-origin-controller: API can be used to create applications via cartridge_cache.rb URI.prase() to perform command injection | |||||
| CVE-2013-2010 | 2 Automattic, Boldgrid | 2 Wp Super Cache, W3 Total Cache | 2026-06-16 | 7.5 HIGH | 9.8 CRITICAL |
| WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability | |||||
| CVE-2013-1437 | 2 Fedoraproject, Module-metadata Project | 2 Fedora, Module-metadata | 2026-06-16 | 7.5 HIGH | 9.8 CRITICAL |
| Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value. | |||||
| CVE-2012-4196 | 5 Canonical, Mozilla, Opensuse and 2 more | 13 Ubuntu Linux, Firefox, Seamonkey and 10 more | 2026-06-16 | 6.4 MEDIUM | N/A |
| Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 allow remote attackers to bypass the Same Origin Policy and read the Location object via a prototype property-injection attack that defeats certain protection mechanisms for this object. | |||||
| CVE-2012-2931 | 1 Tinywebgallery | 1 Tinywebgallery | 2026-06-16 | 6.5 MEDIUM | 7.2 HIGH |
| PHP code injection in TinyWebGallery before 1.8.8 allows remote authenticated users with admin privileges to inject arbitrary code into the .htusers.php file. | |||||
| CVE-2012-1496 | 1 Webcalendar Project | 1 Webcalendar | 2026-06-16 | 6.5 MEDIUM | 8.8 HIGH |
| Local file inclusion in WebCalendar before 1.2.5. | |||||
| CVE-2012-1495 | 1 Webcalendar Project | 1 Webcalendar | 2026-06-16 | 7.5 HIGH | 9.8 CRITICAL |
| install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter. | |||||
| CVE-2012-0070 | 1 Spamdyke | 1 Spamdyke | 2026-06-16 | 5.0 MEDIUM | 7.5 HIGH |
| spamdyke prior to 4.2.1: STARTTLS reveals plaintext | |||||
| CVE-2011-4558 | 1 Tiki | 1 Tiki | 2026-06-16 | 6.0 MEDIUM | 7.2 HIGH |
| Tiki 8.2 and earlier allows remote administrators to execute arbitrary PHP code via crafted input to the regexres and regex parameters. | |||||
| CVE-2011-3624 | 1 Ruby-lang | 1 Ruby | 2026-06-16 | 5.0 MEDIUM | 5.3 MEDIUM |
| Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and earlier do not validate the X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server headers in requests, which might allow remote attackers to inject arbitrary text into log files or bypass intended address parsing via a crafted header. | |||||
| CVE-2011-2855 | 2 Apple, Google | 4 Iphone Os, Itunes, Safari and 1 more | 2026-06-16 | 6.8 MEDIUM | N/A |
| Google Chrome before 14.0.835.163 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node." | |||||
| CVE-2011-2805 | 2 Apple, Google | 3 Iphone Os, Safari, Chrome | 2026-06-16 | 6.8 MEDIUM | N/A |
| Google Chrome before 13.0.782.107 allows remote attackers to bypass the Same Origin Policy and conduct script injection attacks via unspecified vectors. | |||||
| CVE-2011-2717 | 2 Linux, Redhat | 2 Dhcp6c, Enterprise Linux | 2026-06-16 | 10.0 HIGH | 9.8 CRITICAL |
| The DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011-07-25 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message. | |||||
| CVE-2011-2538 | 1 Cisco | 1 Telepresence Video Communication Server | 2026-06-16 | 9.0 HIGH | 7.2 HIGH |
| Cisco Video Communications Server (VCS) before X7.0.3 contains a command injection vulnerability which allows remote, authenticated attackers to execute arbitrary commands. | |||||
| CVE-2010-4658 | 1 Status | 1 Statusnet | 2026-06-16 | 5.0 MEDIUM | 5.3 MEDIUM |
| statusnet through 2010 allows attackers to spoof syslog messages via newline injection attacks. | |||||
| CVE-2010-4654 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2026-06-16 | 9.3 HIGH | 7.8 HIGH |
| poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack. | |||||
| CVE-2010-3668 | 1 Typo3 | 1 Typo3 | 2026-06-16 | 5.0 MEDIUM | 7.5 HIGH |
| TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Header Injection in the secure download feature jumpurl. | |||||