Total
29527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6025 | 1 Qualcomm | 1 Eudora Worldmail | 2025-04-03 | 5.0 MEDIUM | N/A |
| QUALCOMM Eudora WorldMail 4.0 allows remote attackers to cause a denial of service, as demonstrated by a certain module in VulnDisco Pack. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. As of 20061118, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2006-5603 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pop_mail.asp in Snitz Forums 2000 3.4.06 allows remote attackers to execute arbitrary SQL commands via the RC parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-5632 | 1 Ig Shop | 1 Ig Shop | 2025-04-03 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in change_pass.php in iG Shop 1.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vulnerability than CVE-2006-5631. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-5649 | 1 Ubuntu | 1 Ubuntu Linux | 2025-04-03 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in the "alignment check exception handling" in Ubuntu 5.10, 6.06 LTS, and 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (kernel panic) via unspecified vectors. | |||||
| CVE-2006-5738 | 1 Punbb | 1 Punbb | 2025-04-03 | 2.1 LOW | N/A |
| Multiple SQL injection vulnerabilities in PunBB before 1.2.14 allow remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2006-6016 | 1 Wordpress | 1 Wordpress | 2025-04-03 | 4.0 MEDIUM | N/A |
| wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authenticated users to read the metadata of an arbitrary user via a modified user_id parameter. | |||||
| CVE-2023-24028 | 1 Misp-project | 1 Misp | 2025-04-03 | N/A | 9.8 CRITICAL |
| In MISP 2.4.167, app/Controller/Component/ACLComponent.php has incorrect access control for the decaying import function. | |||||
| CVE-2022-41505 | 1 Tp-link | 2 Tapo C200 V1, Tapo C200 V1 Firmware | 2025-04-03 | N/A | 6.4 MEDIUM |
| An access control issue on TP-LInk Tapo C200 V1 devices allows physically proximate attackers to obtain root access by connecting to the UART pins, interrupting the boot process, and setting an init=/bin/sh value. | |||||
| CVE-2025-1934 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-03 | N/A | N/A |
| It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage collection when the engine was not expecting it. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8. | |||||
| CVE-2023-24021 | 2 Debian, Trustwave | 2 Debian Linux, Modsecurity | 2025-04-02 | N/A | 7.5 HIGH |
| Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection. | |||||
| CVE-2021-24881 | 1 Passster Project | 1 Passter | 2025-04-02 | N/A | 7.5 HIGH |
| The Passster WordPress plugin before 3.5.5.9 does not properly check for password, as well as that the post to be viewed is public, allowing unauthenticated users to bypass the protection offered by the plugin, and access arbitrary posts (such as private) content, by sending a specifically crafted request. | |||||
| CVE-2023-24056 | 1 Pkgconf | 1 Pkgconf | 2025-04-02 | N/A | 5.5 MEDIUM |
| In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. For example, a .pc file containing a few hundred bytes can expand to one billion bytes. | |||||
| CVE-2023-24038 | 2 Debian, Html-stripscripts Project | 2 Debian Linux, Html-stripscripts | 2025-04-02 | N/A | 7.5 HIGH |
| The HTML-StripScripts module through 1.06 for Perl allows _hss_attval_style ReDoS because of catastrophic backtracking for HTML content with certain style attributes. | |||||
| CVE-2022-3740 | 1 Gitlab | 1 Gitlab | 2025-04-02 | N/A | 4.9 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using Deploy tokens or Deploy keys . | |||||
| CVE-2022-40036 | 1 Blog-ssm Project | 1 Blog-ssm | 2025-04-02 | N/A | 6.5 MEDIUM |
| An issue was discovered in Rawchen blog-ssm v1.0 allows an attacker to obtain sensitive user information by bypassing permission checks via the /adminGetUserList component. | |||||
| CVE-2022-3820 | 1 Gitlab | 1 Gitlab | 2025-04-02 | N/A | 6.5 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a valid Deploy Token to misuse it from any location. | |||||
| CVE-2021-47467 | 1 Linux | 1 Linux Kernel | 2025-04-02 | N/A | N/A |
| In the Linux kernel, the following vulnerability has been resolved: kunit: fix reference count leak in kfree_at_end The reference counting issue happens in the normal path of kfree_at_end(). When kunit_alloc_and_get_resource() is invoked, the function forgets to handle the returned resource object, whose refcount increased inside, causing a refcount leak. Fix this issue by calling kunit_alloc_resource() instead of kunit_alloc_and_get_resource(). Fixed the following when applying: Shuah Khan <skhan@linuxfoundation.org> CHECK: Alignment should match open parenthesis + kunit_alloc_resource(test, NULL, kfree_res_free, GFP_KERNEL, (void *)to_free); | |||||
| CVE-2022-31704 | 1 Vmware | 1 Vrealize Log Insight | 2025-04-02 | N/A | 9.8 CRITICAL |
| The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution. | |||||
| CVE-2014-9650 | 1 Broadcom | 1 Rabbitmq Server | 2025-04-02 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions. | |||||
| CVE-2024-13446 | 1 Amentotech | 1 Workreap | 2025-04-02 | N/A | 9.8 CRITICAL |
| The Workreap plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.2.5. This is due to the plugin not properly validating a user's identity prior to (1) performing a social auto-login or (2) updating their profile details (e.g. password). This makes it possible for unauthenticated attackers to (1) login as an arbitrary user if their email address is known or (2) change an arbitrary user's password, including administrators, and leverage that to gain access to their account. NOTE: This vulnerability was partially fixed in version 3.2.5. | |||||