CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

OSV•added 2026/05/25 8:16 p.m.•7 views

UBUNTU-CVE-2026-48845

In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to local/private destinations, which may lead to information disclosure or privilege escalation via a text/html email message...

6.5CVSS5.8AI score0.00284EPSS

Exploits0References7

Positive Technologies•added 2026/05/25 12:0 a.m.•9 views

PT-2026-43111

Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions 1.6.x through 1.6.15 Roundcube Webmail versions 1.7.x prior to 1.7 Description Insufficient HTML sanitization allows for Cascading Style Sheets CSS injection. This occurs when an SVG document contains an animate...

7.2CVSS5.8AI score0.00339EPSS

Exploits0References16

NVD•added 2018/04/18 4:29 p.m.•15 views

CVE-2016-8220

Pivotal Gemfire for PCF, versions 1.6.x prior to 1.6.5.0 and 1.7.x prior to 1.7.1.0, contain an information disclosure vulnerability. The application inadvertently exposed WAN replication credentials at a public route...

7.5CVSS7.3AI score0.0113EPSS

Exploits0References1

OSV•added 2015/04/07 12:0 a.m.•1 views

UBUNTU-CVE-2015-1317

Use-after-free vulnerability in Oxide before 1.5.6 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code by deleting all WebContents while a RenderProcessHost instance still exists...

7.5CVSS6.2AI score0.02981EPSS

Exploits0References3

OSV•added 2015/01/13 12:0 a.m.•1 views

UBUNTU-CVE-2015-0222

ModelMultipleChoiceField in Django 1.6.x before 1.6.10 and 1.7.x before 1.7.3, when showhiddeninitial is set to True, allows remote attackers to cause a denial of service by submitting duplicate values, which triggers a large number of SQL queries...

5CVSS5.9AI score0.0269EPSS

Exploits0References4

Debian CVE•added 2013/02/03 1:0 a.m.•17 views

CVE-2013-1580

The dissectcmstatustlv function in plugins/docsis/packet-cmstatus.c in the DOCSIS CM-STATUS dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 uses an incorrect data type for a position variable, which allows remote attackers to cause a denial of service infinite loop via a malform...

2.9CVSS4.7AI score0.00728EPSS

Exploits0

OpenVAS•added 2012/04/23 12:0 a.m.•27 views

Wireshark Multiple Denial of Service Vulnerabilities (Apr 2012) - Windows

Wireshark is prone to multiple denial of service vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5CVSS5.4AI score0.1129EPSS

Exploits0References8

OSV•added 2012/04/11 10:39 a.m.•1 views

DEBIAN-CVE-2012-0041

The dissectpacket function in epan/packet.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service application crash via a long packet in a capture file, as demonstrated by an airopeek file...

4.3CVSS6.8AI score0.0203EPSS

Exploits1References1

Prion•added 2010/10/28 12:0 a.m.•15 views

Cross site scripting

Cross-site scripting XSS vulnerability in Joomla! 1.5.x before 1.5.21 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving "multiple encoded entities," as demonstrated by the query string to index.php in the comweblinks or comcontent componen...

4.3CVSS6.1AI score0.01528EPSS

Exploits0References9Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by