Total
5477 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-2320 | 1 Mysimplenews | 1 Mysimplenews | 2025-04-03 | N/A |
| MySimpleNews 1.0 allows remote attackers to delete arbitrary email messages via a direct request to vider.php3. | ||||
| CVE-2002-2353 | 1 Tftpd32 | 1 Tftpd32 | 2025-04-03 | N/A |
| tftpd32 2.50 and 2.50.2 allows remote attackers to read or write arbitrary files via a full pathname in GET and PUT requests. | ||||
| CVE-2006-2784 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2025-04-03 | N/A |
| The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows remote user-assisted attackers to execute privileged code by tricking a user into installing missing plugins and selecting the "Manual Install" button, then using nested javascript: URLs. NOTE: the manual install button is used for downloading software from a remote web site, so this issue would not cross privilege boundaries if the user progresses to the point of installing malicious software from the attacker-controlled site. | ||||
| CVE-2001-1247 | 2 Php, Redhat | 2 Php, Linux | 2025-04-03 | N/A |
| PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses the error_log function to access the files. | ||||
| CVE-2004-0867 | 4 Kde, Microsoft, Mozilla and 1 more | 5 Konqueror, Ie, Internet Explorer and 2 more | 2025-04-03 | N/A |
| Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is also affected. | ||||
| CVE-2003-1346 | 1 D-link | 1 Dwl-900ap\+ | 2025-04-03 | N/A |
| D-Link wireless access point DWL-900AP+ 2.2, 2.3 and possibly 2.5 allows remote attackers to set factory default settings by upgrading the firmware using AirPlus Access Point Manager. | ||||
| CVE-2006-1119 | 2 Cpanel, Netenberg | 2 Cpanel, Fantastico De Luxe | 2025-04-03 | N/A |
| fantastico in Cpanel does not properly handle when it has insufficient permissions to perform certain file operations, which allows remote authenticated users to obtain the full pathname, which is leaked in a PHP error message. | ||||
| CVE-2002-2425 | 1 Sun | 1 Solaris Answerbook2 | 2025-04-03 | N/A |
| Sun AnswerBook2 1.2 through 1.4.2 allows remote attackers to execute administrative scripts such as (1) AdminViewError and (2) AdminAddadmin via a direct request. | ||||
| CVE-2006-2560 | 1 Sitecom | 2 Wl-153, Wl-153 Router Firmware | 2025-04-03 | N/A |
| Sitecom WL-153 router firmware before 1.38 allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic. | ||||
| CVE-2001-1371 | 1 Oracle | 1 Application Server | 2025-04-03 | N/A |
| The default configuration of Oracle Application Server 9iAS 1.0.2.2 enables SOAP and allows anonymous users to deploy applications by default via urn:soap-service-manager and urn:soap-provider-manager. | ||||
| CVE-1999-0728 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | N/A |
| A Windows NT user can disable the keyboard or mouse by directly calling the IOCTLs which control them. | ||||
| CVE-2006-2769 | 1 Sourcefire | 1 Snort | 2025-04-03 | N/A |
| The HTTP Inspect preprocessor (http_inspect) in Snort 2.4.0 through 2.4.4 allows remote attackers to bypass "uricontent" rules via a carriage return (\r) after the URL and before the HTTP declaration. | ||||
| CVE-2005-4852 | 1 Ez | 1 Ez Publish | 2025-04-03 | N/A |
| The siteaccess URIMatching implementation in eZ publish 3.5 through 3.8 before 20050812 converts all non-alphanumeric characters in a URI to '_' (underscore), which allows remote attackers to bypass access restrictions by inserting certain characters in a URI, as demonstrated by a request for /admin:de, which matches a rule allowing only /admin_de to access /admin. | ||||
| CVE-2021-36879 | 1 Stylemixthemes | 1 Ulisting | 2025-03-28 | 9.8 Critical |
| Unauthenticated Privilege Escalation vulnerability in WordPress uListing plugin (versions <= 2.0.5). Possible if WordPress configuration allows user registration. | ||||
| CVE-2023-24573 | 1 Dell | 1 Command \| Monitor | 2025-03-24 | 4.7 Medium |
| Dell Command | Monitor versions prior to 10.9 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion. | ||||
| CVE-2024-43064 | 1 Qualcomm | 60 Qam8255p, Qam8255p Firmware, Qam8295p and 57 more | 2025-02-28 | 7.5 High |
| Uncontrolled resource consumption when a driver, an application or a SMMU client tries to access the global registers through SMMU. | ||||
| CVE-2022-29444 | 1 Cloudways | 1 Breeze | 2025-02-20 | 6.5 Medium |
| Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerability in Cloudways Breeze plugin <= 2.0.2 on WordPress allows users with a subscriber or higher user role to execute any of the wp_ajax_* actions in the class Breeze_Configuration which includes the ability to change any of the plugin's settings including CDN setting which could be further used for XSS attack. | ||||
| CVE-2022-29423 | 1 Edmonsoft | 1 Countdown Builder | 2025-02-20 | 3.8 Low |
| Pro Features Lock Bypass vulnerability in Countdown & Clock plugin <= 2.3.2 at WordPress. | ||||
| CVE-2022-33198 | 1 Oxilab | 1 Accordions | 2025-02-20 | 9.8 Critical |
| Unauthenticated WordPress Options Change vulnerability in Biplob Adhikari's Accordions plugin <= 2.0.2 at WordPress. | ||||
| CVE-2022-34487 | 1 Oxilab | 1 Shortcode Addons | 2025-02-20 | 9.8 Critical |
| Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin <= 3.0.2 at WordPress. | ||||