Total
6061 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-0191 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2026-04-29 | 9.3 HIGH | N/A |
| Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified vectors, related to a "prefix protocol handler vulnerability." | |||||
| CVE-2010-3331 | 1 Microsoft | 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more | 2026-04-29 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory in certain circumstances involving use of Microsoft Word to read Word documents, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." | |||||
| CVE-2012-2273 | 2 Comodo, Microsoft | 2 Comodo Internet Security, Windows 7 | 2026-04-29 | 4.9 MEDIUM | N/A |
| Comodo Internet Security before 5.10.228257.2253 on Windows 7 x64 allows local users to cause a denial of service (system crash) via a crafted 32-bit Portable Executable (PE) file with a kernel ImageBase value. | |||||
| CVE-2012-5690 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2026-04-29 | 9.3 HIGH | N/A |
| RealNetworks RealPlayer before 16.0.0.282 and RealPlayer SP 1.0 through 1.1.5 allow remote attackers to execute arbitrary code via a RealAudio file that triggers access to an invalid pointer. | |||||
| CVE-2010-3329 | 1 Microsoft | 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more | 2026-04-29 | 9.3 HIGH | N/A |
| mshtmled.dll in Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code via a crafted Microsoft Office document that causes the HtmlDlgHelper class destructor to access uninitialized memory, aka "Uninitialized Memory Corruption Vulnerability." | |||||
| CVE-2011-0035 | 1 Microsoft | 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more | 2026-04-29 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2010-2556 and CVE-2011-0036. | |||||
| CVE-2010-0248 | 1 Microsoft | 7 Internet Explorer, Windows 2000, Windows 7 and 4 more | 2026-04-29 | 9.3 HIGH | 8.1 HIGH |
| Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability." | |||||
| CVE-2010-3973 | 1 Microsoft | 1 Wmi Administrative Tools | 2026-04-29 | 9.3 HIGH | N/A |
| The WMITools ActiveX control in WBEMSingleView.ocx 1.50.1131.0 in Microsoft WMI Administrative Tools 1.1 and earlier in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted argument to the AddContextRef method, possibly an untrusted pointer dereference, aka "Microsoft WMITools ActiveX Control Vulnerability." | |||||
| CVE-2009-5095 | 1 Ea-style | 1 Gbook | 2026-04-29 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in index_inc.php in ea gBook 0.1 and 0.1.4 allows remote attackers to execute arbitrary PHP code via a URL in the inc_ordner parameter. | |||||
| CVE-2010-3219 | 1 Microsoft | 1 Word | 2026-04-29 | 9.3 HIGH | N/A |
| Array index vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Parsing Vulnerability." | |||||
| CVE-2010-1868 | 1 Php | 1 Php | 2026-04-29 | 7.5 HIGH | N/A |
| The (1) sqlite_single_query and (2) sqlite_array_query functions in ext/sqlite/sqlite.c in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to execute arbitrary code by calling these functions with an empty SQL query, which triggers access of uninitialized memory. | |||||
| CVE-2013-0108 | 1 Honeywell | 3 Comfortpoint Open Manager Station, Enterprise Buildings Integrator, Symmetre | 2026-04-29 | 6.8 MEDIUM | N/A |
| An ActiveX control in HscRemoteDeploy.dll in Honeywell Enterprise Buildings Integrator (EBI) R310, R400.2, R410.1, and R410.2; SymmetrE R310, R410.1, and R410.2; ComfortPoint Open Manager (aka CPO-M) Station R100; and HMIWeb Browser client packages allows remote attackers to execute arbitrary code via a crafted HTML document. | |||||
| CVE-2010-0821 | 1 Microsoft | 5 Excel, Office, Office Compatibility Pack and 2 more | 2026-04-29 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; allows remote attackers to execute arbitrary code via an Excel file with a crafted SxView record, related to improper validation of unspecified structures, aka "Excel Record Parsing Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0824 and CVE-2010-1245. | |||||
| CVE-2011-2984 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2026-04-29 | 10.0 HIGH | N/A |
| Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering for drop events. | |||||
| CVE-2013-4830 | 1 Hp | 1 Service Manager | 2026-04-29 | 7.5 HIGH | N/A |
| HP Service Manager 9.30 through 9.32 allows remote attackers to execute arbitrary code via an unspecified "injection" approach. | |||||
| CVE-2010-2314 | 2 Edmondhui.homeip, Nucleus Group | 2 Np Twitter, Nucleus Cms | 2026-04-29 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in nucleus/plugins/NP_Twitter.php in the NP_Twitter Plugin 0.8 and 0.9 for Nucleus, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the DIR_PLUGINS parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-5777 | 1 Phome | 1 Empirecms | 2026-04-29 | 6.8 MEDIUM | N/A |
| Eval injection vulnerability in the ReplaceListVars function in the template parser in e/class/connect.php in EmpireCMS 6.6 allows user-assisted remote attackers to execute arbitrary PHP code via a crafted template. | |||||
| CVE-2010-1114 | 1 Comscripts | 1 Web Server Creator Web Portal | 2026-04-29 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Web Server Creator - Web Portal 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) pg parameter to index.php and the (2) path parameter to news/form.php. | |||||
| CVE-2013-4203 | 1 Richard Cook | 1 Rgpg | 2026-04-29 | 7.5 HIGH | N/A |
| The self.run_gpg function in lib/rgpg/gpg_helper.rb in the rgpg gem before 0.2.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors. | |||||
| CVE-2010-0240 | 1 Microsoft | 2 Windows Server 2008, Windows Vista | 2026-04-29 | 10.0 HIGH | N/A |
| The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when a custom network driver is used, does not properly handle local fragmentation of Encapsulating Security Payload (ESP) over UDP packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "Header MDL Fragmentation Vulnerability." | |||||