Total
347113 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-1558 | 1 Ibm | 1 Webi | 2026-04-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the IBM Web Interface for Content Management (aka WEBi) 1.0.4 before FP3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-1242. | |||||
| CVE-2012-5125 | 1 Google | 1 Chrome | 2026-04-29 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of extension tabs. | |||||
| CVE-2011-0775 | 1 Pivotx | 1 Pivotx | 2026-04-29 | 5.0 MEDIUM | N/A |
| pivotx/modules/module_image.php in PivotX 2.2.2 allows remote attackers to obtain sensitive information via a non-existent file in the image parameter, which reveals the installation path in an error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2004-0694 | 1 Tsugio Okamoto | 1 Lha | 2026-04-29 | 6.8 MEDIUM | N/A |
| Buffer overflow in LHA 1.14 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to "command line processing," a different vulnerability than CVE-2004-0771. NOTE: this issue may be REJECTED if there are not any cases in which LHA is setuid or is otherwise used across security boundaries. | |||||
| CVE-2011-0427 | 1 Tor | 1 Tor | 2026-04-29 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. | |||||
| CVE-2011-4109 | 1 Openssl | 1 Openssl | 2026-04-29 | 9.3 HIGH | N/A |
| Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check. | |||||
| CVE-2010-2647 | 2 Canonical, Google | 2 Ubuntu Linux, Chrome | 2026-04-29 | 9.3 HIGH | N/A |
| Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an invalid SVG document. | |||||
| CVE-2011-2488 | 1 Joomla | 1 Joomla\! | 2026-04-29 | 5.0 MEDIUM | N/A |
| Joomla! before 1.5.23 does not properly check for errors, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2012-2426 | 1 Xarrow | 1 Xarrow | 2026-04-29 | 7.8 HIGH | N/A |
| The server in xArrow before 3.4.1 does not properly allocate memory, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via unspecified vectors. | |||||
| CVE-2011-1130 | 1 Simplemachines | 1 Smf | 2026-04-29 | 7.5 HIGH | N/A |
| Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly validate the start parameter, which might allow remote attackers to conduct SQL injection attacks, obtain sensitive information, or cause a denial of service via a crafted value, related to the cleanRequest function in QueryString.php and the constructPageIndex function in Subs.php. | |||||
| CVE-2012-2763 | 1 Gimp | 1 Gimp | 2026-04-29 | 7.5 HIGH | N/A |
| Buffer overflow in the readstr_upto function in plug-ins/script-fu/tinyscheme/scheme.c in GIMP 2.6.12 and earlier, and possibly 2.6.13, allows remote attackers to execute arbitrary code via a long string in a command to the script-fu server. | |||||
| CVE-2011-4858 | 1 Apache | 1 Tomcat | 2026-04-29 | 5.0 MEDIUM | N/A |
| Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. | |||||
| CVE-2013-0007 | 1 Microsoft | 15 Expression Web, Groove Server, Office and 12 more | 2026-04-29 | 9.3 HIGH | N/A |
| Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML XSLT Vulnerability." | |||||
| CVE-2012-2640 | 2 Google, Yomecolle | 2 Android, Nec Biglobe Yome Collection | 2026-04-29 | 5.0 MEDIUM | N/A |
| The NEC BIGLOBE Yome Collection application 1.8.3 and earlier for Android allows remote attackers to read the IMEI value from an SD card via a crafted application that lacks the READ_PHONE_STATE permission. | |||||
| CVE-2011-0435 | 1 Gplhost | 1 Domain Technologie Control | 2026-04-29 | 5.0 MEDIUM | N/A |
| Domain Technologie Control (DTC) before 0.32.9 does not require authentication for (1) admin/bw_per_month.php and (2) client/bw_per_month.php, which allows remote attackers to obtain potentially sensitive bandwidth information via a direct request. | |||||
| CVE-2011-0269 | 1 Hp | 1 Openview Network Node Manager | 2026-04-29 | 10.0 HIGH | N/A |
| Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long schd_select1 parameter. | |||||
| CVE-2010-3775 | 1 Mozilla | 2 Firefox, Seamonkey | 2026-04-29 | 9.3 HIGH | N/A |
| Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle certain redirections involving data: URLs and Java LiveConnect scripts, which allows remote attackers to start processes, read arbitrary local files, and establish network connections via vectors involving a refresh value in the http-equiv attribute of a META element, which causes the wrong security principal to be used. | |||||
| CVE-2013-2707 | 2 Netweblogic, Wordpress | 2 Login With Ajax, Wordpress | 2026-04-29 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Login With Ajax plugin before 3.1 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that modify this plugin's settings. | |||||
| CVE-2012-0819 | 1 Joomla | 1 Joomla\! | 2026-04-29 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2012-0821. | |||||
| CVE-2010-3784 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-29 | 5.0 MEDIUM | N/A |
| The PMPageFormatCreateWithDataRepresentation API in Printing in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly handle XML data, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified API calls. | |||||