Total
348669 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-6482 | 1 3s-software | 1 Codesys Runtime System | 2026-05-06 | 5.0 MEDIUM | N/A |
| Runtime Toolkit before 2.4.7.48 in 3S-Smart CODESYS before 2.3.9.48 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted request. | |||||
| CVE-2016-5817 | 1 Navis | 1 Webaccess | 2026-05-06 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in news pages in Cargotec Navis WebAccess before 2016-08-10 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2012-4886 | 1 Kingsoft | 1 Office 2012 | 2026-05-06 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in wpsio.dll in Kingsoft WPS Office 2012 possibly 8.1.0.3238 allows remote attackers to execute arbitrary code via a long BSTR string. | |||||
| CVE-2015-5078 | 1 Limesurvey | 1 Limesurvey | 2026-05-06 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the insert function in application/controllers/admin/dataentry.php in LimeSurvey 2.06+ allows remote authenticated users to execute arbitrary SQL commands via the closedate parameter. | |||||
| CVE-2014-6088 | 1 Ibm | 2 Security Access Manager For Mobile, Security Access Manager For Web | 2026-05-06 | 5.0 MEDIUM | N/A |
| IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to obtain sensitive information by sniffing the network during use of the null SSL cipher. | |||||
| CVE-2014-0298 | 1 Microsoft | 1 Internet Explorer | 2026-05-06 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | |||||
| CVE-2016-2522 | 1 Wireshark | 1 Wireshark | 2026-05-06 | 4.3 MEDIUM | 5.9 MEDIUM |
| The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 2.0.x before 2.0.2 does not verify that a certain length is nonzero, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. | |||||
| CVE-2014-8350 | 1 Smarty | 1 Smarty | 2026-05-06 | 7.5 HIGH | N/A |
| Smarty before 3.1.21 allows remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "{literal}<{/literal}script language=php>" in a template. | |||||
| CVE-2015-4065 | 1 Landing Pages Project | 1 Landing Pages | 2026-05-06 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in shared/shortcodes/inbound-shortcodes.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the post parameter to wp-admin/post-new.php. | |||||
| CVE-2016-4078 | 1 Wireshark | 1 Wireshark | 2026-05-06 | 4.3 MEDIUM | 5.9 MEDIUM |
| The IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not properly restrict element lists, which allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted packet, related to epan/dissectors/packet-capwap.c and epan/dissectors/packet-ieee80211.c. | |||||
| CVE-2016-2870 | 1 Ibm | 2 Websphere Datapower Xc10 Appliance, Websphere Datapower Xc10 Appliance Firmware | 2026-05-06 | 5.0 MEDIUM | 2.7 LOW |
| Buffer overflow in the CLI on IBM WebSphere DataPower XC10 appliances 2.1 and 2.5 allows remote authenticated users to cause a denial of service via unspecified vectors. | |||||
| CVE-2013-6744 | 2 Ibm, Microsoft | 2 Db2, Windows | 2026-05-06 | 8.5 HIGH | N/A |
| The Stored Procedure infrastructure in IBM DB2 9.5, 9.7 before FP9a, 10.1 before FP3a, and 10.5 before FP3a on Windows allows remote authenticated users to gain privileges by leveraging the CONNECT privilege and the CREATE_EXTERNAL_ROUTINE authority. | |||||
| CVE-2015-4337 | 1 Xcloner | 1 Xcloner | 2026-05-06 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the excl_manual parameter in the xcloner_show page to wpadmin/plugins.php. | |||||
| CVE-2015-4756 | 2 Oracle, Redhat | 2 Mysql, Enterprise Linux | 2026-05-06 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-0439. | |||||
| CVE-2014-5773 | 1 Registeredassistant Project | 1 Registeredassistant | 2026-05-06 | 5.4 MEDIUM | N/A |
| The RegisteredAssistant (aka Icr.RegisteredAssistant) application 0.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2015-7558 | 2 Debian, Gnome | 2 Debian Linux, Librsvg | 2026-05-06 | 5.0 MEDIUM | 7.5 HIGH |
| librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service (infinite loop, stack consumption, and application crash) via cyclic references in an SVG document. | |||||
| CVE-2015-0896 | 1 Extplorer | 1 Extplorer | 2026-05-06 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-2089 | 1 Jasper Project | 1 Jasper | 2026-05-06 | 4.3 MEDIUM | 6.5 MEDIUM |
| The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted JPEG 2000 image. | |||||
| CVE-2015-2336 | 2 Microsoft, Vmware | 6 Windows, Fusion, Horizon Client and 3 more | 2026-05-06 | 5.8 MEDIUM | N/A |
| TPView.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate memory, which allows guest OS users to execute arbitrary code on the host OS via unspecified vectors, a different vulnerability than CVE-2012-0897. | |||||
| CVE-2016-5723 | 1 Huawei | 1 Fusioninsight Hd | 2026-05-06 | 7.2 HIGH | 7.8 HIGH |
| Huawei FusionInsight HD before V100R002C60SPC200 allows local users to gain root privileges via unspecified vectors. | |||||