Total
5467 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-4850 | 1 Ez | 1 Ez Publish | 2025-04-03 | N/A |
| eZ publish 3.5 through 3.7 before 20050608 requires both edit and create permissions in order to submit data, which allows remote attackers to edit data submitted by arbitrary anonymous users. | ||||
| CVE-2004-2689 | 1 Newsphp | 1 Newsphp | 2025-04-03 | N/A |
| NewsPHP allows remote attackers to gain unauthorized administrative access by setting a cookie to the "autorized=admin; root=admin" value. | ||||
| CVE-2006-2095 | 1 Phex | 1 Phex | 2025-04-03 | N/A |
| Phex before 2.8.6 allows remote attackers to cause a denial of service (application hang) by initiating multiple chat requests to a single user and then logging off. | ||||
| CVE-2003-0497 | 1 Intersystems | 1 Cache Database | 2025-04-03 | N/A |
| Caché Database 5.x installs /cachesys/bin/cache with world-writable permissions, which allows local users to gain privileges by modifying cache and executing it via cuxs. | ||||
| CVE-2003-1386 | 1 Axis | 2 2400 Video Server, 2401 Video Server | 2025-04-03 | N/A |
| AXIS 2400 Video Server 2.00 through 2.33 allows remote attackers to obtain sensitive information via an HTTP request to /support/messages, which displays the server's /var/log/messages file. | ||||
| CVE-2006-0527 | 1 Isc | 1 Bind | 2025-04-03 | N/A |
| BIND 4 (BIND4) and BIND 8 (BIND8), if used as a target forwarder, allows remote attackers to gain privileged access via a "Kashpureff-style DNS cache corruption" attack. | ||||
| CVE-2006-0697 | 1 Zen-cart | 1 Zen Cart | 2025-04-03 | N/A |
| Zen Cart before 1.2.7 does not protect the admin/includes directory, which allows remote attackers to cause unknown impact via unspecified vectors, probably direct requests. | ||||
| CVE-2002-2360 | 1 Webmin | 1 Webmin | 2025-04-03 | N/A |
| The RPC module in Webmin 0.21 through 0.99, when installed without root or admin privileges, allows remote attackers to read and write to arbitrary files and execute arbitrary commands via remote_foreign_require and remote_foreign_call requests. | ||||
| CVE-2005-4852 | 1 Ez | 1 Ez Publish | 2025-04-03 | N/A |
| The siteaccess URIMatching implementation in eZ publish 3.5 through 3.8 before 20050812 converts all non-alphanumeric characters in a URI to '_' (underscore), which allows remote attackers to bypass access restrictions by inserting certain characters in a URI, as demonstrated by a request for /admin:de, which matches a rule allowing only /admin_de to access /admin. | ||||
| CVE-2003-1378 | 1 Microsoft | 2 Outlook, Outlook Express | 2025-04-03 | N/A |
| Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077. | ||||
| CVE-2003-0230 | 1 Microsoft | 2 Data Engine, Sql Server | 2025-04-03 | N/A |
| Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability. | ||||
| CVE-2006-1726 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-03 | N/A |
| Unspecified vulnerability in Firefox and Thunderbird 1.5 before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to bypass the js_ValueToFunctionObject check and execute arbitrary code via unknown vectors involving setTimeout and Firefox' ForEach method. | ||||
| CVE-2002-2324 | 1 Microsoft | 1 Windows Xp | 2025-04-03 | N/A |
| The "System Restore" directory and subdirectories, and possibly other subdirectories in the "System Volume Information" directory on Windows XP Professional, have insecure access control list (ACL) permissions, which allows local users to access restricted files and modify registry settings. | ||||
| CVE-1999-0839 | 1 Microsoft | 1 Ie | 2025-04-03 | N/A |
| Windows NT Task Scheduler installed with Internet Explorer 5 allows a user to gain privileges by modifying the job after it has been scheduled. | ||||
| CVE-2021-36879 | 1 Stylemixthemes | 1 Ulisting | 2025-03-28 | 9.8 Critical |
| Unauthenticated Privilege Escalation vulnerability in WordPress uListing plugin (versions <= 2.0.5). Possible if WordPress configuration allows user registration. | ||||
| CVE-2023-24573 | 1 Dell | 1 Command \| Monitor | 2025-03-24 | 4.7 Medium |
| Dell Command | Monitor versions prior to 10.9 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion. | ||||
| CVE-2025-20145 | 2025-03-21 | 5.8 Medium | ||
| A vulnerability in the access control list (ACL) processing in the egress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability exists because certain packets are handled incorrectly when they are received on an ingress interface on one line card and destined out of an egress interface on another line card where the egress ACL is configured. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an egress ACL on the affected device. For more information about this vulnerability, see the section of this advisory. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | ||||
| CVE-2025-27521 | 2025-03-04 | 6.8 Medium | ||
| Vulnerability of improper access permission in the process management module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-43064 | 1 Qualcomm | 60 Qam8255p, Qam8255p Firmware, Qam8295p and 57 more | 2025-02-28 | 7.5 High |
| Uncontrolled resource consumption when a driver, an application or a SMMU client tries to access the global registers through SMMU. | ||||
| CVE-2022-29444 | 1 Cloudways | 1 Breeze | 2025-02-20 | 6.5 Medium |
| Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerability in Cloudways Breeze plugin <= 2.0.2 on WordPress allows users with a subscriber or higher user role to execute any of the wp_ajax_* actions in the class Breeze_Configuration which includes the ability to change any of the plugin's settings including CDN setting which could be further used for XSS attack. | ||||