Lucene search
K
CvelistMost viewed

364854 matches found

Cvelist
Cvelist
added 2015/07/16 10:0 a.m.57 views

CVE-2015-4752

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : IS...

4.7AI score0.04079EPSS
Exploits0References15
Cvelist
Cvelist
added 2015/07/16 10:0 a.m.57 views

CVE-2015-2643

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer...

4.7AI score0.04328EPSS
Exploits0References15
Cvelist
Cvelist
added 2015/06/09 6:0 p.m.57 views

CVE-2015-4026

The pcntlexec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument...

8.2AI score0.1968EPSS
Exploits1References18
Cvelist
Cvelist
added 2015/05/18 3:0 p.m.57 views

CVE-2015-3306

The modcopy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands...

9.4AI score0.96803EPSS
Exploits22References14
Cvelist
Cvelist
added 2015/04/16 4:0 p.m.57 views

CVE-2015-0441

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption...

4.9AI score0.04505EPSS
Exploits0References11
Cvelist
Cvelist
added 2015/04/10 2:0 p.m.57 views

CVE-2015-1842

The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors...

7.7AI score0.05216EPSS
Exploits0References7
Cvelist
Cvelist
added 2015/01/21 6:0 p.m.57 views

CVE-2015-0374

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key...

6.1AI score0.03131EPSS
Exploits0References18
Cvelist
Cvelist
added 2014/10/15 10:3 p.m.57 views

CVE-2014-6496

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6494...

6.6AI score0.04349EPSS
Exploits0References8
Cvelist
Cvelist
added 2014/10/15 10:3 p.m.57 views

CVE-2014-6559

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING...

5.8AI score0.04634EPSS
Exploits0References9
Cvelist
Cvelist
added 2014/10/15 10:3 p.m.57 views

CVE-2014-6494

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6496...

6.6AI score0.04847EPSS
Exploits0References9
Cvelist
Cvelist
added 2014/10/15 10:3 p.m.57 views

CVE-2014-6495

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL...

6.5AI score0.03004EPSS
Exploits0References5
Cvelist
Cvelist
added 2014/10/15 3:15 p.m.57 views

CVE-2014-6469

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER...

5.7AI score0.04408EPSS
Exploits0References8
Cvelist
Cvelist
added 2014/10/15 3:15 p.m.57 views

CVE-2014-6464

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS...

5.7AI score0.04098EPSS
Exploits0References8
Cvelist
Cvelist
added 2014/10/08 7:0 p.m.57 views

CVE-2014-7230

The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log...

6AI score0.00469EPSS
Exploits0References6
Cvelist
Cvelist
added 2014/04/16 2:5 a.m.57 views

CVE-2014-2436

Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RBR...

4.1AI score0.03667EPSS
Exploits0References8
Cvelist
Cvelist
added 2014/04/16 2:5 a.m.57 views

CVE-2014-2438

Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication...

4AI score0.03175EPSS
Exploits0References7
Cvelist
Cvelist
added 2014/04/16 2:5 a.m.57 views

CVE-2014-2431

Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options...

4.3AI score0.04963EPSS
Exploits0References8
Cvelist
Cvelist
added 2014/04/16 2:5 a.m.57 views

CVE-2014-2440

Unspecified vulnerability in the MySQL Client component in Oracle MySQL 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...

4.5AI score0.04578EPSS
Exploits0References8
Cvelist
Cvelist
added 2014/02/03 2:0 a.m.57 views

CVE-2011-4327

ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descriptors, which allows local users to obtain sensitive key information via the ptrace system call...

6.2AI score0.00416EPSS
Exploits0References2
Cvelist
Cvelist
added 2013/11/12 1:0 a.m.57 views

CVE-2013-3918

The InformationCardSigninHelper Class ActiveX control in icardie.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remo...

7.4AI score0.73872EPSS
Exploits3References7
Cvelist
Cvelist
added 2013/10/16 5:31 p.m.57 views

CVE-2013-5807

Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 and 5.6.x through 5.6.12 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Replication...

4.8AI score0.02182EPSS
Exploits0References9
Cvelist
Cvelist
added 2013/10/04 5:0 p.m.57 views

CVE-2013-2222

Multiple stack-based buffer overflows in GNU ZRTPCPP before 3.2.0 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted ZRTP Hello packet to the 1 ZRtp::findBestSASType, 2 ZRtp::findBestAuthLen, 3 ZRtp::findBestCipher, 4 ZRtp::findBestHash, or...

7.5AI score0.04744EPSS
Exploits1References8
Cvelist
Cvelist
added 2013/09/26 3:0 p.m.57 views

CVE-2013-4626

Cross-site scripting XSS vulnerability in the BackWPup plugin before 3.0.13 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab parameter to wp-admin/admin.php...

5.7AI score0.02058EPSS
Exploits3References5
Cvelist
Cvelist
added 2013/09/23 8:0 p.m.57 views

CVE-2013-4294

The 1 mamcache and 2 KVS token backends in OpenStack Identity Keystone Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token...

6.3AI score0.02342EPSS
Exploits0References6
Cvelist
Cvelist
added 2013/07/17 10:0 a.m.57 views

CVE-2013-3801

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options...

5AI score0.03788EPSS
Exploits0References8
Cvelist
Cvelist
added 2013/04/17 2:0 p.m.57 views

CVE-2013-2378

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema...

4.4AI score0.02224EPSS
Exploits0References5
Cvelist
Cvelist
added 2013/04/17 2:0 p.m.57 views

CVE-2013-2376

Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure...

4.4AI score0.02214EPSS
Exploits0References5
Cvelist
Cvelist
added 2013/04/17 12:10 p.m.57 views

CVE-2013-1552

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors...

4.6AI score0.02224EPSS
Exploits0References5
Cvelist
Cvelist
added 2013/02/26 4:0 p.m.57 views

CVE-2012-3499

Multiple cross-site scripting XSS vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the 1 modimagemap, 2 modinfo, 3 modldap, 4 modproxyftp, and 5...

5.5AI score0.22913EPSS
Exploits2References39
Cvelist
Cvelist
added 2013/01/17 1:30 a.m.57 views

CVE-2012-1705

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer...

4.4AI score0.02628EPSS
Exploits0References7
Cvelist
Cvelist
added 2013/01/17 1:30 a.m.57 views

CVE-2012-5096

Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users with Server Privileges to affect availability via unknown vectors...

4.6AI score0.02123EPSS
Exploits0References6
Cvelist
Cvelist
added 2012/10/22 11:0 p.m.57 views

CVE-2012-4406

OpenStack Object Storage swift before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object...

9.5AI score0.06518EPSS
Exploits0References11
Cvelist
Cvelist
added 2010/07/28 7:32 p.m.57 views

CVE-2010-1452

The 1 modcache and 2 moddav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service process crash via a request that lacks a path...

5.3AI score0.2187EPSS
Exploits2References42
Cvelist
Cvelist
added 2010/05/11 11:0 p.m.57 views

CVE-2010-1481

Cross-site scripting XSS vulnerability in the table feature in PmWiki 2.2.15 allows remote authenticated users to inject arbitrary web script or HTML via the width attribute...

5.2AI score0.00869EPSS
Exploits3References4
Cvelist
Cvelist
added 2010/03/30 6:0 p.m.57 views

CVE-2010-0055

xar in Apple Mac OS X 10.5.8 does not properly validate package signatures, which allows attackers to have an unspecified impact via a modified package...

8.7AI score0.01981EPSS
Exploits0References3
Cvelist
Cvelist
added 2009/10/29 2:0 p.m.57 views

CVE-2009-3383

Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via unknown vectors...

10AI score0.04338EPSS
Exploits1References6
Cvelist
Cvelist
added 2009/08/18 10:0 a.m.57 views

CVE-2008-6997

Google Chrome 0.2.149.27 allows user-assisted remote attackers to cause a denial of service browser crash via an IMG tag with a long src attribute, which triggers the crash when the victim performs an "Inspect Element" action...

6.3AI score0.03676EPSS
Exploits1References5
Cvelist
Cvelist
added 2009/02/25 4:0 p.m.57 views

CVE-2009-0238

Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a...

7.3AI score0.43063EPSS
Exploits4References11
Cvelist
Cvelist
added 2000/02/04 5:0 a.m.57 views

CVE-1999-0512

A mail server is explicitly configured to allow SMTP mail relay, which allows abuse by spammers...

4.5AI score0.12035EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 6:35 p.m.56 views

CVE-2026-13743 Improper verification of cryptographic signature in CubeSpace CW0057 Reaction Wheel

CubeSpace CW0057 Reaction Wheel firmware versions prior to 5.0.20 are vulnerable to an Improper Verification of Cryptographic Signature vulnerability. This could allow an attacker with physical access to the product to upload arbitrary malicious firmware to the device without authentication...

5.2CVSS0.00116EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 10:48 p.m.56 views

CVE-2026-33560 Daktronics Controller Firmware Unrestricted Upload of File with Dangerous Type

The DMP-5000 file service exposes authenticated arbitrary file upload functionality. There are exposed endpoints which allows authenticated users to upload files of any type without validation. No file extension filtering or content inspection is enforced which allows executable binaries and...

8.4CVSS0.00459EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/10 1:37 a.m.56 views

CVE-2025-66276 QTS

QuTS hero is not affected. We have already fixed the vulnerability in the following version: QTS 5.2.7.3256 build 20250913 and later...

9.2CVSS0.0029EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 5:4 p.m.56 views

CVE-2026-47288 Windows Kerberos Key Distribution Center (KDC) Remote Code Execution

...

7.1CVSS0.00499EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 3:0 a.m.56 views

CVE-2026-11621 Dcat-Admin User Setting upload editorMDUpload unrestricted upload

A weakness has been identified in Dcat-Admin up to 2.2.3-beta. This impacts the function editorMDUpload of the file /admin/dcat-api/editor-md/upload of the component User Setting Page. This manipulation of the argument editormd-image-file causes unrestricted upload. The attack can be initiated...

5.8CVSS0.00218EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/08 3:46 p.m.56 views

CVE-2026-46305 staging: rtl8723bs: os_dep: avoid NULL pointer dereference in rtw_cbuf_alloc

In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: osdep: avoid NULL pointer dereference in rtwcbufalloc The return value of kzallocflex is used without ensuring that the allocation succeeded, and the pointer is dereferenced unconditionally. Guard the access t...

0.001EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/08 5:45 a.m.56 views

CVE-2026-11493 Tenda AC15 Samba smb.conf weak password

A weakness has been identified in Tenda AC15 15.03.05.19. The impacted element is an unknown function of the file /etcro/smb.conf of the component Samba. Executing a manipulation can lead to weak password requirements. The attack is only possible within the local network. A high complexity level ...

5CVSS0.00224EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/01 9:14 p.m.56 views

CVE-2025-48595

In multiple locations, there is a possible way to achieve code execution due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

0.01714EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/01 7:52 a.m.56 views

CVE-2026-41017 Apache Airflow: JWT cookie missing Secure flag in JWTRefreshMiddleware behind HTTPS-terminating proxy

Apache Airflow's JWTRefreshMiddleware set the JWT auth cookie without the Secure flag, so deployments running the Airflow API server behind an HTTPS-terminating reverse proxy e.g. nginx / Envoy / a managed load balancer that terminates TLS and forwards plaintext to the API server, the default...

0.00265EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/01 7:19 a.m.56 views

CVE-2026-49270 Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: Durable Subscription Disclosure via Crafted BrokerInfo (OpenWire)

Exposure of Sensitive Information Through Metadata vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Brokers that are configured with a network connector with syncDurableSubs set to true, are vulnerable to an unauthenticated attacker who can receive a list of all...

0.00328EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/29 7:46 a.m.56 views

CVE-2026-6075 Media Library Assistant <= 3.35 - Cross-Site Request Forgery via Bulk Action Form

The Media Library Assistant plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.35 This is due to missing nonce verification on the bulk action handlers in the settings tab handlers. This makes it possible for unauthenticated attackers to trick an...

8.1CVSS0.00203EPSS
Exploits0References11
Total number of security vulnerabilities5000