Search Results (347 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-0848 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
The "Open 'safe' files after downloading" option in Safari on Apple Mac OS X allows remote user-assisted attackers to execute arbitrary commands by tricking a user into downloading a __MACOSX folder that contains metadata (resource fork) that invokes the Terminal, which automatically interprets the script using bash, as demonstrated using a ZIP file that contains a script with a safe file extension.
CVE-2002-2263 1 Hp 2 Hp-ux, Visualize Conference Ftp 2026-04-16 N/A
The installation program for HP-UX Visualize Conference B.11.00.11 running on HP-UX 11.00 and 11.11 installs /etc/dt and its subdirecties with insecure permissions, which allows local users to read or write arbitrary files.
CVE-2002-2247 1 Mambo 1 Mambo Site Server 2026-04-16 N/A
The administrator/phpinfo.php script in Mambo Site Server 4.0.11 allows remote attackers to obtain sensitive information such as the full web root path via phpinfo.php, which calls the phpinfo function.
CVE-1999-0886 1 Microsoft 1 Windows Nt 2026-04-16 N/A
The security descriptor for RASMAN allows users to point to an alternate location via the Windows NT Service Control Manager.
CVE-2004-0605 2 Ircd-hybrid, Ircd-ratbox 2 Ircd-hybrid, Ircd-ratbox 2026-04-16 N/A
Non-registered IRC users using (1) ircd-hybrid 7.0.1 and earlier, (2) ircd-ratbox 1.5.1 and earlier, or (3) ircd-ratbox 2.0rc6 and earlier do not have a rate-limit imposed, which could allow remote attackers to cause a denial of service by repeatedly making requests, which are slowly dequeued.
CVE-2004-2760 1 Openbsd 1 Openssh 2026-04-16 N/A
sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after a root login attempt with the correct password, but leaves the connection open after an attempt with an incorrect password, which makes it easier for remote attackers to guess the password by observing the connection state, a different vulnerability than CVE-2003-0190. NOTE: it could be argued that in most environments, this does not cross privilege boundaries without requiring leverage of a separate vulnerability.
CVE-2006-2363 1 Limbo Cms 1 Limbo Cms 2026-04-16 N/A
SQL injection vulnerability in the weblinks option (weblinks.html.php) in Limbo CMS allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-1999-0875 2 Microsoft, Sun 5 Windows 2000, Windows 95, Windows 98se and 2 more 2026-04-16 N/A
DHCP clients with ICMP Router Discovery Protocol (IRDP) enabled allow remote attackers to modify their default routes.
CVE-2006-3677 2 Mozilla, Redhat 3 Firefox, Seamonkey, Enterprise Linux 2026-04-16 N/A
Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code by changing certain properties of the window navigator object (window.navigator) that are accessed when Java starts up, which causes a crash that leads to code execution.
CVE-2026-21218 3 Apple, Linux, Microsoft 4 Macos, Linux Kernel, .net and 1 more 2026-04-15 7.5 High
Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-31410 1 Linux 1 Linux Kernel 2026-04-13 N/A
In the Linux kernel, the following vulnerability has been resolved: ksmbd: use volume UUID in FS_OBJECT_ID_INFORMATION Use sb->s_uuid for a proper volume identifier as the primary choice. For filesystems that do not provide a UUID, fall back to stfs.f_fsid obtained from vfs_statfs().
CVE-2026-35414 1 Openbsd 1 Openssh 2026-04-10 4.2 Medium
OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.
CVE-2026-4433 1 Tenable 1 Tenable Operation Technology 2026-03-25 N/A
An SSH misconfigurations exists in Tenable OT that led to the potential exfiltration of socket, port, and service information via the ostunnel user and GatewayPorts. This could be used to potentially glean information about the underlying system and give an attacker information that could be used to attempt to compromise the host.
CVE-2019-25620 1 Pixarra 1 Tree Studio 2026-03-25 6.2 Medium
Tree Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Attackers can trigger the vulnerability by entering arbitrary characters during application runtime, causing the application to become unresponsive or terminate abnormally.
CVE-2025-25006 1 Microsoft 4 Exchange Server, Exchange Server 2016, Exchange Server 2019 and 1 more 2026-02-13 5.3 Medium
Improper handling of additional special element in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
CVE-2024-38091 1 Microsoft 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more 2026-02-10 7.5 High
Microsoft WS-Discovery Denial of Service Vulnerability
CVE-2025-14550 1 Djangoproject 1 Django 2026-02-04 7.5 High
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. `ASGIRequest` allows a remote attacker to cause a potential denial-of-service via a crafted request with multiple duplicate headers. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Jiyong Yang for reporting this issue.
CVE-2025-30656 1 Juniper 28 Junos, Mx10004, Mx10008 and 25 more 2026-01-23 7.5 High
An Improper Handling of Additional Special Element vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series with MS-MPC, MS-MIC and SPC3, and SRX Series, allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If the SIP ALG processes specifically formatted SIP invites, a memory corruption will occur which will lead to a crash of the FPC processing these packets. Although the system will automatically recover with the restart of the FPC, subsequent SIP invites will cause the crash again and lead to a sustained DoS. This issue affects Junos OS on MX Series and SRX Series:  * all versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S10, * 22.2 versions before 22.2R3-S6, * 22.4 versions before 22.4R3-S5, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S3, * 24.2 versions before 24.2R1-S2, 24.2R2.
CVE-2025-12221 3 Azure-access, Azure Access Technology, Busybox 7 Blu-ic2, Blu-ic2 Firmware, Blu-ic4 and 4 more 2025-11-07 8.8 High
Busybox 1.31.1 - Multiple Known Vulnerabilities.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVE-2025-20151 1 Cisco 4 Cisco Ios, Ios, Ios Xe and 1 more 2025-08-05 4.3 Medium
A vulnerability in the implementation of the Simple Network Management Protocol Version 3 (SNMPv3) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to poll an affected device using SNMP, even if the device is configured to deny SNMP traffic from an unauthorized source or the SNMPv3 username is removed from the configuration. This vulnerability exists because of the way that the SNMPv3 configuration is stored in the Cisco IOS Software and Cisco IOS XE Software startup configuration. An attacker could exploit this vulnerability by polling an affected device from a source address that should have been denied. A successful exploit could allow the attacker to perform SNMP operations from a source that should be denied. Note: The attacker has no control of the SNMPv3 configuration. To exploit this vulnerability, the attacker must have valid SNMPv3 user credentials. For more information, see the section of this advisory.