Total
345982 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2880 | 1 Phpcommunitycalendar | 1 Phpcommunitycalendar | 2026-04-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3, and possibly earlier versions, allow remote attackers to execute arbitrary SQL commands via the (1) login field in login.php or (2) LocationID parameter to week.php. | |||||
| CVE-2000-0480 | 1 Shadow Op Software | 1 Dragon Server | 2026-04-16 | 5.0 MEDIUM | N/A |
| Dragon telnet server allows remote attackers to cause a denial of service via a long username. | |||||
| CVE-2001-0137 | 1 Microsoft | 1 Windows Media Player | 2026-04-16 | 5.1 MEDIUM | N/A |
| Windows Media Player 7 allows remote attackers to execute malicious Java applets in Internet Explorer clients by enclosing the applet in a skin file named skin.wmz, then referencing that skin in the codebase parameter to an applet tag, aka the Windows Media Player Skins File Download" vulnerability. | |||||
| CVE-2004-2006 | 1 Trend Micro | 1 Officescan | 2026-04-16 | 4.6 MEDIUM | N/A |
| Trend Micro OfficeScan 3.0 - 6.0 has default permissions of "Everyone Full Control" on the installation directory and registry keys, which allows local users to disable virus protection. | |||||
| CVE-2005-0920 | 1 Bugtracker.net | 1 Bugtracker.net | 2026-04-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Bugtracker.NET 2.0.1 allow remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2006-4470 | 1 Joomla | 1 Joomla\! | 2026-04-16 | 7.5 HIGH | N/A |
| Joomla! before 1.0.11 omits some checks for whether _VALID_MOS is defined, which allows attackers to have an unknown impact, possibly resulting in PHP remote file inclusion. | |||||
| CVE-1999-0261 | 2026-04-16 | 5.0 MEDIUM | N/A | ||
| Netmanager Chameleon SMTPd has several buffer overflows that cause a crash. | |||||
| CVE-1999-0871 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | 2.6 LOW | N/A |
| Internet Explorer 4.0 and 4.01 allow a remote attacker to read files via IE's cross frame security, aka the "Cross Frame Navigate" vulnerability. | |||||
| CVE-2002-2113 | 1 Agh | 1 Htmlsearch | 2026-04-16 | 7.5 HIGH | N/A |
| search.cgi in AGH HTMLsearch 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the template parameter. | |||||
| CVE-2000-1187 | 1 Netscape | 2 Communicator, Navigator | 2026-04-16 | 7.5 HIGH | N/A |
| Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows remote attackers to execute arbitrary commands via a long password value in a form field. | |||||
| CVE-2004-0814 | 2 Linux, Ubuntu | 2 Linux Kernel, Ubuntu Linux | 2026-04-16 | 1.2 LOW | N/A |
| Multiple race conditions in the terminal layer in Linux 2.4.x, and 2.6.x before 2.6.9, allow (1) local users to obtain portions of kernel data via a TIOCSETD ioctl call to a terminal interface that is being accessed by another thread, or (2) remote attackers to cause a denial of service (panic) by switching from console to PPP line discipline, then quickly sending data that is received during the switch. | |||||
| CVE-2005-3971 | 1 Citrix | 2 Metaframe Secure Access Manager, Nfuse | 2026-04-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the login form in Citrix MetaFrame Secure Access Manager 2.0 through 2.2 and NFuse Elite 1.0 allows remote attackers to inject arbitrary web script or HTML via the username field. | |||||
| CVE-2006-2351 | 1 Ipswitch | 1 Whatsup Professional | 2026-04-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via the (1) sDeviceView or (2) nDeviceID parameter to (a) NmConsole/Navigation.asp or (3) sHostname parameter to (b) NmConsole/ToolResults.asp. | |||||
| CVE-2000-0789 | 1 Bardon Data Systems | 1 Winu | 2026-04-16 | 4.6 MEDIUM | N/A |
| WinU 5.x and earlier uses weak encryption to store its configuration password, which allows local users to decrypt the password and gain privileges. | |||||
| CVE-2002-1464 | 1 Cafelog | 1 B2 | 2026-04-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in CafeLog b2 Weblog Tool allows remote attackers to insert arbitrary HTML or script via the GPC variable. | |||||
| CVE-2005-3785 | 1 Gentoo | 1 Linux Eix | 2026-04-16 | 5.0 MEDIUM | N/A |
| Second-order symlink vulnerability in eix-sync.in in Ebuild IndeX (eix) before 0.5.0_pre2 allows local users to overwrite arbitrary files via a symlink attack on the exi.X.sync temporary file, which is processed by the diff-eix program. | |||||
| CVE-1999-0804 | 4 Debian, Linux, Redhat and 1 more | 4 Debian Linux, Linux Kernel, Linux and 1 more | 2026-04-16 | 5.0 MEDIUM | N/A |
| Denial of service in Linux 2.2.x kernels via malformed ICMP packets containing unusual types, codes, and IP header lengths. | |||||
| CVE-2002-1530 | 1 Surfcontrol | 1 Superscout Email Filter | 2026-04-16 | 5.0 MEDIUM | N/A |
| The administrative web interface (STEMWADM) for SurfControl SuperScout Email Filter allows users to obtain usernames and plaintext passwords via a request to the userlist.asp program, which includes the passwords in a user editing form. | |||||
| CVE-2005-4476 | 1 Openedit Inc | 1 Openedit | 2026-04-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in store/search/results.html in OpenEdit 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) oe-action and (2) page parameters. | |||||
| CVE-2006-3164 | 1 Tpl Design | 1 Tplshop | 2026-04-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in category.php in TPL Design tplShop 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the first_row parameter. | |||||