Lucene search
K
CvelistMost viewed

365213 matches found

Cvelist
Cvelist
•added 2019/01/16 7:0 p.m.•58 views

CVE-2019-2529

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols...

6.4AI score0.0461EPSS
Exploits0References9
Cvelist
Cvelist
•added 2018/10/17 1:0 a.m.•58 views

CVE-2018-3282

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Storage Engines. Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network acce...

6AI score0.03968EPSS
Exploits0References13
Cvelist
Cvelist
•added 2018/08/09 8:0 p.m.•58 views

CVE-2018-10931

It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon...

9.8CVSS9.6AI score0.6786EPSS
Exploits0References4
Cvelist
Cvelist
•added 2018/04/19 2:0 a.m.•58 views

CVE-2018-2761

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Client programs. Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocol...

6AI score0.0401EPSS
Exploits0References17
Cvelist
Cvelist
•added 2018/04/19 2:0 a.m.•58 views

CVE-2018-2817

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DDL. Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

6.7AI score0.03171EPSS
Exploits0References17
Cvelist
Cvelist
•added 2018/03/14 1:0 p.m.•58 views

CVE-2018-1000130

A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the proxy mode that allows a remote attacker to run arbitrary Java code on the server...

8.2AI score0.73566EPSS
Exploits1References2
Cvelist
Cvelist
•added 2018/01/18 2:0 a.m.•58 views

CVE-2018-2562

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server : Partition. Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocol...

6.8AI score0.03389EPSS
Exploits0References14
Cvelist
Cvelist
•added 2017/10/19 5:0 p.m.•58 views

CVE-2017-10378

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple...

6.4AI score0.03237EPSS
Exploits0References14
Cvelist
Cvelist
•added 2017/04/24 7:0 p.m.•58 views

CVE-2017-3600

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Client mysqldump. Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple...

6.2AI score0.0264EPSS
Exploits0References9
Cvelist
Cvelist
•added 2017/01/27 10:1 p.m.•58 views

CVE-2017-3265

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Packaging. Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure...

5.6AI score0.0136EPSS
Exploits0References11
Cvelist
Cvelist
•added 2016/10/25 2:0 p.m.•58 views

CVE-2016-5626

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS...

5.7AI score0.06045EPSS
Exploits0References13
Cvelist
Cvelist
•added 2016/10/25 2:0 p.m.•58 views

CVE-2016-5584

Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption...

4.8AI score0.01493EPSS
Exploits0References6
Cvelist
Cvelist
•added 2016/04/21 10:0 a.m.•58 views

CVE-2016-0651

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer...

4.9AI score0.01226EPSS
Exploits0References11
Cvelist
Cvelist
•added 2015/10/21 11:0 p.m.•58 views

CVE-2015-4879

Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML...

5.2AI score0.04172EPSS
Exploits0References13
Cvelist
Cvelist
•added 2015/10/21 11:0 p.m.•58 views

CVE-2015-4836

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP...

5.3AI score0.03974EPSS
Exploits0References18
Cvelist
Cvelist
•added 2015/10/21 11:0 p.m.•58 views

CVE-2015-4913

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858...

5.4AI score0.03548EPSS
Exploits0References18
Cvelist
Cvelist
•added 2015/10/21 9:0 p.m.•58 views

CVE-2015-4816

Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB...

4.9AI score0.07451EPSS
Exploits0References13
Cvelist
Cvelist
•added 2015/10/21 9:0 p.m.•58 views

CVE-2015-4792

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802...

5.4AI score0.03861EPSS
Exploits0References18
Cvelist
Cvelist
•added 2015/08/03 12:0 a.m.•58 views

CVE-2015-5352

The x11openhelper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time...

4.2AI score0.05445EPSS
Exploits0References15
Cvelist
Cvelist
•added 2015/07/16 10:0 a.m.•58 views

CVE-2015-2643

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer...

4.7AI score0.04328EPSS
Exploits0References15
Cvelist
Cvelist
•added 2015/05/18 3:0 p.m.•58 views

CVE-2015-3306

The modcopy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands...

9.4AI score0.96803EPSS
Exploits22References14
Cvelist
Cvelist
•added 2015/04/16 4:0 p.m.•58 views

CVE-2015-0441

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption...

4.9AI score0.04505EPSS
Exploits0References11
Cvelist
Cvelist
•added 2015/04/14 8:0 p.m.•58 views

CVE-2015-1659

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1662 and CVE-2015-1665...

7.4AI score0.15789EPSS
Exploits0References3
Cvelist
Cvelist
•added 2015/01/21 6:0 p.m.•58 views

CVE-2015-0374

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key...

6.1AI score0.03131EPSS
Exploits0References18
Cvelist
Cvelist
•added 2014/10/16 7:0 p.m.•58 views

CVE-2014-7181

Cross-site scripting XSS vulnerability in the Max Foundry MaxButtons plugin before 1.26.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter in a button action on the maxbuttons-controller page to wp-admin/admin.php, related to the button creation pa...

5.7AI score0.02053EPSS
Exploits3References4
Cvelist
Cvelist
•added 2014/10/15 10:3 p.m.•58 views

CVE-2014-6496

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6494...

6.6AI score0.04349EPSS
Exploits0References8
Cvelist
Cvelist
•added 2014/10/15 10:3 p.m.•58 views

CVE-2014-6495

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL...

6.5AI score0.03004EPSS
Exploits0References5
Cvelist
Cvelist
•added 2014/10/15 3:15 p.m.•58 views

CVE-2014-6464

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS...

5.7AI score0.04098EPSS
Exploits0References8
Cvelist
Cvelist
•added 2014/10/02 2:0 p.m.•58 views

CVE-2014-6242

Multiple SQL injection vulnerabilities in the All In One WP Security & Firewall plugin before 3.8.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the 1 orderby or 2 order parameter in the aiowpsec page to wp-admin/admin.php. NOTE: this can be leveraged using...

8.2AI score0.04155EPSS
Exploits6References7
Cvelist
Cvelist
•added 2014/04/16 2:5 a.m.•58 views

CVE-2014-2440

Unspecified vulnerability in the MySQL Client component in Oracle MySQL 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...

4.5AI score0.04578EPSS
Exploits0References8
Cvelist
Cvelist
•added 2014/04/16 2:5 a.m.•58 views

CVE-2014-2431

Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options...

4.3AI score0.04963EPSS
Exploits0References8
Cvelist
Cvelist
•added 2014/02/03 2:0 a.m.•58 views

CVE-2011-4327

ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descriptors, which allows local users to obtain sensitive key information via the ptrace system call...

6.2AI score0.00416EPSS
Exploits0References2
Cvelist
Cvelist
•added 2013/12/14 5:0 p.m.•58 views

CVE-2013-6391

The ec2tokens API in OpenStack Identity Keystone before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and using them in an ec2toke...

6.4AI score0.02239EPSS
Exploits2References8
Cvelist
Cvelist
•added 2013/10/17 11:0 p.m.•58 views

CVE-2013-4371

Use-after-free vulnerability in the libxllistcpupool function in the libxl toolstack library in Xen 4.2.x and 4.3.x, when running "under memory pressure," returns the original pointer when the realloc function fails, which allows local users to cause a denial of service heap corruption and crash...

7.1AI score0.00402EPSS
Exploits0References2
Cvelist
Cvelist
•added 2013/10/16 5:31 p.m.•58 views

CVE-2013-5807

Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 and 5.6.x through 5.6.12 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Replication...

4.8AI score0.02182EPSS
Exploits0References9
Cvelist
Cvelist
•added 2013/07/28 6:0 p.m.•58 views

CVE-2011-1483

wsf/common/DOMUtils.java in JBossWS Native in Red Hat JBoss Enterprise Application Platform 4.2.0.CP09, 4.3, and 5.1.1; JBoss Enterprise Portal Platform 4.3.CP06 and 5.1.1; JBoss Enterprise SOA Platform 4.2.CP05, 4.3.CP05, and 5.1.0; JBoss Communications Platform 1.2.11 and 5.1.1; JBoss Enterpris...

7.1AI score0.02664EPSS
Exploits0References3
Cvelist
Cvelist
•added 2013/07/17 10:0 a.m.•58 views

CVE-2013-3801

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options...

5AI score0.03788EPSS
Exploits0References8
Cvelist
Cvelist
•added 2013/04/17 2:0 p.m.•58 views

CVE-2013-2378

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema...

4.4AI score0.02224EPSS
Exploits0References5
Cvelist
Cvelist
•added 2013/04/17 2:0 p.m.•58 views

CVE-2013-2376

Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure...

4.4AI score0.02214EPSS
Exploits0References5
Cvelist
Cvelist
•added 2013/04/17 12:10 p.m.•58 views

CVE-2013-1552

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors...

4.6AI score0.02224EPSS
Exploits0References5
Cvelist
Cvelist
•added 2013/03/28 5:0 p.m.•58 views

CVE-2013-1808

Cross-site scripting XSS vulnerability in ZeroClipboard.swf and ZeroClipboard10.swf in ZeroClipboard before 1.0.8, as used in em-shorty, RepRapCalculator, Fulcrum, Django, aCMS, and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this is...

5.4AI score0.06316EPSS
Exploits4References16
Cvelist
Cvelist
•added 2013/02/26 4:0 p.m.•58 views

CVE-2012-3499

Multiple cross-site scripting XSS vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the 1 modimagemap, 2 modinfo, 3 modldap, 4 modproxyftp, and 5...

5.5AI score0.22913EPSS
Exploits2References39
Cvelist
Cvelist
•added 2013/01/17 1:30 a.m.•58 views

CVE-2012-5096

Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users with Server Privileges to affect availability via unknown vectors...

4.6AI score0.02123EPSS
Exploits0References6
Cvelist
Cvelist
•added 2011/09/06 3:0 p.m.•58 views

CVE-2011-0258

Apple QuickTime before 7.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted image description associated with an mp4v tag in a movie file...

7.6AI score0.04783EPSS
Exploits0References6
Cvelist
Cvelist
•added 2011/07/13 11:0 p.m.•58 views

CVE-2011-1870

Integer overflow in the Client/Server Run-time Subsystem aka CSRSS in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, allows local users to gain privileges or cause a denial of service memory corruption via a crafted application that triggers an incorrect...

6.6AI score0.02244EPSS
Exploits1References5
Cvelist
Cvelist
•added 2010/12/30 8:0 p.m.•58 views

CVE-2010-3862

The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.3 through 4.3.0.CP09, and 5.1.0; and JBoss Enterpris...

6.2AI score0.02611EPSS
Exploits0References12
Cvelist
Cvelist
•added 2010/07/28 7:32 p.m.•58 views

CVE-2010-1452

The 1 modcache and 2 moddav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service process crash via a request that lacks a path...

5.3AI score0.2187EPSS
Exploits2References42
Cvelist
Cvelist
•added 2010/01/13 1:0 a.m.•58 views

CVE-2010-0079

Multiple vulnerabilities in the JRockit component in BEA Product Suite R27.6.5 using JRE/JDK 1.4.2, 5, and 6 allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this CVE identifier overlaps CVE-2009-3867, CVE-2009-3868, CVE-2009-3869,...

6.8AI score0.03088EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/06/24 8:55 p.m.•57 views

CVE-2026-45687 Rocket.Chat: Authenticated Arbitrary Data Export Theft via Mass Assignment in sendFileMessage

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's sendFileMessage DDP method passes the entire attacker-supplied file object into Uploads.updateFileComplete, which merges it...

8.5CVSS0.00205EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/24 5:33 a.m.•57 views

CVE-2026-9643 WP Meta SEO <= 4.5.18 - Unauthenticated Stored Cross-Site Scripting via REQUEST_URI in 404 Logging

The WP Meta SEO plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting via the REQUESTURI server variable in all versions up to, and including, 4.5.18. When the plugin's wpmsTemplateRedirect hook detects a 404, it concatenates $SERVER'HTTPHOST' with the raw...

7.2CVSS0.00241EPSS
Exploits0References6
Total number of security vulnerabilities5000