Total
29856 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0152 | 1 Phpchamber | 1 Phpchamber | 2026-04-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) in search_result.php in phpChamber 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the needle parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2005-1594 | 1 Codethat | 1 Shoppingcart | 2026-04-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in catalog.php for CodeThat ShoppingCart 1.3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2005-2566 | 1 Openbb | 1 Openbb | 2026-04-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) allow remote attackers to execute arbitrary SQL commands via the (1) FID parameter to board.php or (2) UID parameter to member.php. | |||||
| CVE-2001-1469 | 1 Ssh | 1 Ssh | 2026-04-16 | 5.0 MEDIUM | N/A |
| The RC4 stream cipher as used by SSH1 allows remote attackers to modify messages without detection by XORing the original message's cyclic redundancy check (CRC) with the CRC of a mask consisting of all the bits of the original message that were modified. | |||||
| CVE-2006-1135 | 1 Sblog | 1 Sblog | 2026-04-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in sBlog 0.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword parameter to search.php or (2) username parameter to comments_do.php. | |||||
| CVE-2002-1714 | 1 Microsoft | 2 Ie, Internet Explorer | 2026-04-16 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to cause a denial of service (crash) via an object of type "text/html" with the DATA field that identifies the HTML document that contains the object, which may cause infinite recursion. | |||||
| CVE-2005-4369 | 1 The Collective | 1 Acuity Cms | 2026-04-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Acuity CMS 2.6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly strSearchKeywords to browse.asp. | |||||
| CVE-2002-0767 | 1 Richard Gooch | 1 Simpleinit | 2026-04-16 | 7.2 HIGH | N/A |
| simpleinit on Linux systems does not close a read/write FIFO file descriptor before creating a child process, which allows the child process to cause simpleinit to execute arbitrary programs with root privileges. | |||||
| CVE-2003-0752 | 1 Attila-php.net | 1 Attilaphp | 2026-04-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in global.php3 of AttilaPHP 3.0, and possibly earlier versions, allows remote attackers to bypass authentication via a modified cook_id parameter. | |||||
| CVE-2005-3121 | 1 Eduard Bloch | 1 Module-assistant | 2026-04-16 | 2.1 LOW | N/A |
| A rule file in module-assistant before 0.9.10 causes a temporary file to be created insecurely, which allows local users to conduct unauthorized operations. | |||||
| CVE-2002-1096 | 1 Cisco | 2 Vpn 3000 Concentrator Series Software, Vpn 3002 Hardware Client | 2026-04-16 | 7.5 HIGH | N/A |
| Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.1, allows restricted administrators to obtain user passwords that are stored in plaintext in HTML source code. | |||||
| CVE-2000-0694 | 1 Tech-source | 1 Raptor Gfx Pgx32 | 2026-04-16 | 7.2 HIGH | N/A |
| pgxconfig in the Raptor GFX configuration tool allows local users to gain privileges via a symlink attack. | |||||
| CVE-2006-0631 | 1 Erik C. Thauvin | 1 Mailback | 2026-04-16 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in mailback.pl in Erik C. Thauvin mailback allows remote attackers to use mailback as a "spam proxy" by modifying mail headers, including recipient e-mail addresses, via newline characters in the Subject field. | |||||
| CVE-2005-1408 | 1 Apple | 1 Keynote | 2026-04-16 | 5.0 MEDIUM | N/A |
| Apple Keynote 2.0 and 2.0.1 allows remote attackers to read arbitrary files via the keynote: URI handler in a crafted Keynote presentation. | |||||
| CVE-2005-0482 | 1 Trackercam | 1 Trackercam | 2026-04-16 | 5.0 MEDIUM | N/A |
| TrackerCam 5.12 and earlier allows remote attackers to cause a denial of service (crash) via (1) a large number of connections with a negative Content-Length header, possibly triggering an integer signedness error, or (2) a large amount of data. | |||||
| CVE-2006-4623 | 1 Linux | 1 Linux Kernel | 2026-04-16 | 7.8 HIGH | N/A |
| The Unidirectional Lightweight Encapsulation (ULE) decapsulation component in dvb-core/dvb_net.c in the dvb driver in the Linux kernel 2.6.17.8 allows remote attackers to cause a denial of service (crash) via an SNDU length of 0 in a ULE packet. | |||||
| CVE-1999-1065 | 1 Palm Pilot | 1 Hotsync Manager | 2026-04-16 | 7.5 HIGH | N/A |
| Palm Pilot HotSync Manager 3.0.4 in Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to port 14238 while the manager is in network mode. | |||||
| CVE-2006-2855 | 1 Xuebook | 1 Xuebook | 2026-04-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in xueBook 1.0 allows remote attackers to execute arbitrary SQL commands via the start parameter. | |||||
| CVE-2002-0499 | 1 Linux | 1 Linux Kernel | 2026-04-16 | 2.1 LOW | N/A |
| The d_path function in Linux kernel 2.2.20 and earlier, and 2.4.18 and earlier, truncates long pathnames without generating an error, which could allow local users to force programs to perform inappropriate operations on the wrong directories. | |||||
| CVE-2004-2118 | 1 Tinyserver | 1 Tinyserver | 2026-04-16 | 5.0 MEDIUM | N/A |
| Tiny Server 1.1 allows remote attackers to cause a denial of service (crash) via a GET request with a long filename, possibly due to a buffer overflow. | |||||