Total
347113 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-1820 | 1 Quagga | 1 Quagga | 2026-04-29 | 2.9 LOW | N/A |
| The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering (ORF) capability TLV in an OPEN message. | |||||
| CVE-2009-4810 | 1 Samhain Labs | 1 Samhain | 2026-04-29 | 7.5 HIGH | N/A |
| The Secure Remote Password (SRP) implementation in Samhain before 2.5.4 does not check for a certain zero value where required by the protocol, which allows remote attackers to bypass authentication via crafted input. | |||||
| CVE-2011-4770 | 2 Android, Qiwi | 2 Android, Wallet | 2026-04-29 | 5.8 MEDIUM | N/A |
| The QIWI Wallet (ru.mw) application before 1.14.2 for Android does not properly protect data, which allows remote attackers to read or modify financial information via a crafted application. | |||||
| CVE-2010-2722 | 1 Rightinpoint | 1 Lyrics Engine | 2026-04-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in RightInPoint Lyrics Script 3.0 allows remote attackers to inject arbitrary web script or HTML via the artist_id parameter, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2011-0406 | 1 Wellintech | 1 Kingview | 2026-04-29 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in HistorySvr.exe in WellinTech KingView 6.53 allows remote attackers to execute arbitrary code via a long request to TCP port 777. | |||||
| CVE-2012-0256 | 1 Apache | 1 Traffic Server | 2026-04-29 | 5.0 MEDIUM | N/A |
| Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header. | |||||
| CVE-2010-3433 | 1 Postgresql | 1 Postgresql | 2026-04-29 | 6.0 MEDIUM | N/A |
| The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447. | |||||
| CVE-2012-4998 | 1 Starcms | 1 Starcms | 2026-04-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in starCMS allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
| CVE-2013-0419 | 2 Oracle, Sun | 4 Jdk, Jre, Jdk and 1 more | 2026-04-29 | 7.6 HIGH | N/A |
| Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. | |||||
| CVE-2011-4282 | 1 Moodle | 1 Moodle | 2026-04-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the course-tags functionality in tag/coursetags_more.php in Moodle 2.0.x before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) sort or (2) show parameter. | |||||
| CVE-2012-5517 | 1 Linux | 1 Linux Kernel | 2026-04-29 | 4.0 MEDIUM | N/A |
| The online_pages function in mm/memory_hotplug.c in the Linux kernel before 3.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact in opportunistic circumstances by using memory that was hot-added by an administrator. | |||||
| CVE-2011-2140 | 6 Adobe, Apple, Google and 3 more | 7 Adobe Air, Flash Player, Mac Os X and 4 more | 2026-04-29 | 10.0 HIGH | N/A |
| Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2417, and CVE-2011-2425. | |||||
| CVE-2012-1658 | 2 Drupal, Fourkitchens | 2 Drupal, Ed Readmore | 2026-04-29 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Read More Link module 6.x-3.x before 6.x-3.1 for Drupal allows remote authenticated users with the access administration pages permission to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-2338 | 1 Hp | 2 Integrated Lights-out 3 Firmware, Integrated Lights-out 4 Firmware | 2026-04-29 | 10.0 HIGH | N/A |
| Unspecified vulnerability on HP Integrated Lights-Out 3 (aka iLO3) cards with firmware before 1.57 and 4 (aka iLO4) cards with firmware before 1.22, when Single-Sign-On (SSO) is used, allows remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2011-0523 | 1 Iain | 1 Gypsy | 2026-04-29 | 1.9 LOW | N/A |
| gypsy 0.8 does not properly restrict the files that can be read while running with root privileges, which allows local users to read otherwise restricted files via unspecified vectors. | |||||
| CVE-2011-3748 | 1 Kamads Classifieds | 1 2 B3 | 2026-04-29 | 5.0 MEDIUM | N/A |
| Kamads Classifieds 2_B3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by V2A_XHTML/style/view.php and certain other files. | |||||
| CVE-2010-0713 | 1 Zenoss | 1 Zenoss | 2026-04-29 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss 2.3.3, and other versions before 2.5, allow remote attackers to hijack the authentication of an administrator for (1) requests that reset user passwords via zport/dmd/ZenUsers/admin, and (2) requests that change user commands, which allows for remote execution of system commands via zport/dmd/userCommands/. | |||||
| CVE-2012-4943 | 1 Agilefleet | 2 Fleetcommander, Fleetcommander Kiosk | 2026-04-29 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to hijack the authentication of arbitrary users for requests that modify (1) passwords, (2) accounts, or (3) permissions. | |||||
| CVE-2010-0494 | 1 Microsoft | 8 Internet Explorer, Windows 2000, Windows 2003 Server and 5 more | 2026-04-29 | 4.3 MEDIUM | N/A |
| Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted HTML document in a situation where the client user drags one browser window across another browser window, aka "HTML Element Cross-Domain Vulnerability." | |||||
| CVE-2012-1956 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2026-04-29 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 do not prevent use of the Object.defineProperty method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin. | |||||