Export limit exceeded: 29831 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29831 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-1777 | 1 Postnuke Software Foundation | 1 Postnuke | 2025-04-03 | N/A |
| SQL injection vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to execute arbitrary SQL commands via the start parameter. | ||||
| CVE-2005-1779 | 1 Maxwebportal | 1 Maxwebportal | 2025-04-03 | N/A |
| SQL injection vulnerability in password.asp in MaxWebPortal 1.35, 1.36, 2.0, and 20050418 Next allows remote attackers to execute arbitrary SQL commands via the memKey parameter. | ||||
| CVE-2005-1780 | 1 Dotnetindex | 1 Active News Manager | 2025-04-03 | N/A |
| SQL injection vulnerability in admin/login.asp in Active News Manager allows remote attackers to execute arbitrary SQL commands via the password. | ||||
| CVE-2005-1791 | 1 Microsoft | 1 Ie | 2025-04-03 | N/A |
| Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the user attempts to add a URI to the restricted zone, in which the full domain name of the URI begins with numeric sequences similar to an IP address. NOTE: if there is not an exploit scenario in which an attacker can trigger this behavior, then perhaps this issue should not be included in CVE. | ||||
| CVE-2005-1781 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Professional | 2025-04-03 | N/A |
| Unknown vulnerability in SMTP authentication for MailEnable allows remote attackers to cause a denial of service (crash). | ||||
| CVE-2006-4799 | 1 Xine | 1 Xine-lib | 2025-04-03 | N/A |
| Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow context-dependent attackers to execute arbitrary code via a crafted AVI file and "bad indexes", a different vulnerability than CVE-2005-4048 and CVE-2006-2802. | ||||
| CVE-2005-1785 | 1 Zongg | 1 Zongg | 2025-04-03 | N/A |
| SQL injection vulnerability in ad/login.asp in ZonGG 1.2 allows remote attackers to execute arbitrary SQL commands via the password parameter. | ||||
| CVE-2005-1786 | 1 Funkyasp | 1 Funkyasp Ad System | 2025-04-03 | N/A |
| SQL injection vulnerability in admin.asp in FunkyASP AD System 1.1 allows remote attackers to execute arbitrary SQL commands and gain privileges via the password parameter. | ||||
| CVE-2005-1789 | 1 India Software Solution | 1 Shopping Cart | 2025-04-03 | N/A |
| SQL injection vulnerability in SignIn.asp in India Software Solution shopping cart allows remote attackers to execute arbitrary SQL commands via the password. | ||||
| CVE-2005-1784 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-03 | N/A |
| Hosting Controller 6.1 HotFix 2.0 and earlier allows remote attackers to steal passwords and gain privileges via a modified emailaddress parameter in an updateprofile action for UserProfile.asp. | ||||
| CVE-2023-24021 | 3 Debian, Redhat, Trustwave | 3 Debian Linux, Jboss Core Services, Modsecurity | 2025-04-02 | 7.5 High |
| Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection. | ||||
| CVE-2023-24056 | 1 Pkgconf | 1 Pkgconf | 2025-04-02 | 5.5 Medium |
| In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. For example, a .pc file containing a few hundred bytes can expand to one billion bytes. | ||||
| CVE-2023-24038 | 2 Debian, Html-stripscripts Project | 2 Debian Linux, Html-stripscripts | 2025-04-02 | 7.5 High |
| The HTML-StripScripts module through 1.06 for Perl allows _hss_attval_style ReDoS because of catastrophic backtracking for HTML content with certain style attributes. | ||||
| CVE-2021-24881 | 1 Passster Project | 1 Passter | 2025-04-02 | 7.5 High |
| The Passster WordPress plugin before 3.5.5.9 does not properly check for password, as well as that the post to be viewed is public, allowing unauthenticated users to bypass the protection offered by the plugin, and access arbitrary posts (such as private) content, by sending a specifically crafted request. | ||||
| CVE-2023-0435 | 1 Pyload | 1 Pyload | 2025-04-02 | 9.8 Critical |
| Excessive Attack Surface in GitHub repository pyload/pyload prior to 0.5.0b3.dev41. | ||||
| CVE-2022-40036 | 1 Blog-ssm Project | 1 Blog-ssm | 2025-04-02 | 6.5 Medium |
| An issue was discovered in Rawchen blog-ssm v1.0 allows an attacker to obtain sensitive user information by bypassing permission checks via the /adminGetUserList component. | ||||
| CVE-2022-3820 | 1 Gitlab | 1 Gitlab | 2025-04-02 | 6.5 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a valid Deploy Token to misuse it from any location. | ||||
| CVE-2022-3740 | 1 Gitlab | 1 Gitlab | 2025-04-02 | 6.5 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using Deploy tokens or Deploy keys . | ||||
| CVE-2022-31704 | 1 Vmware | 1 Vrealize Log Insight | 2025-04-02 | 9.8 Critical |
| The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution. | ||||
| CVE-2024-13446 | 1 Amentotech | 1 Workreap | 2025-04-02 | 9.8 Critical |
| The Workreap plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.2.5. This is due to the plugin not properly validating a user's identity prior to (1) performing a social auto-login or (2) updating their profile details (e.g. password). This makes it possible for unauthenticated attackers to (1) login as an arbitrary user if their email address is known or (2) change an arbitrary user's password, including administrators, and leverage that to gain access to their account. NOTE: This vulnerability was partially fixed in version 3.2.5. | ||||