Lucene search
K
CvelistMost viewed

365131 matches found

Cvelist
Cvelist
added 2017/08/08 3:0 p.m.54 views

CVE-2017-3636

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Client programs. Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server execut...

5AI score0.00434EPSS
Exploits0References11
Cvelist
Cvelist
added 2017/07/11 9:0 p.m.54 views

CVE-2017-8467

Graphics in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka "Win32k...

7AI score0.00975EPSS
Exploits0References3
Cvelist
Cvelist
added 2017/01/27 10:1 p.m.54 views

CVE-2017-3318

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Error Handling. Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the...

4.2AI score0.00448EPSS
Exploits0References12
Cvelist
Cvelist
added 2016/10/25 2:0 p.m.54 views

CVE-2016-5624

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML...

5.5AI score0.04625EPSS
Exploits0References11
Cvelist
Cvelist
added 2016/09/07 7:0 p.m.54 views

CVE-2016-6317

Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing...

7.6AI score0.03903EPSS
Exploits0References5
Cvelist
Cvelist
added 2016/01/21 2:0 a.m.54 views

CVE-2016-0610

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and MariaDB before 10.0.22 and 10.1.x before 10.1.9 allows remote authenticated users to affect availability via unknown vectors related to InnoDB...

5.6AI score0.02639EPSS
Exploits0References10
Cvelist
Cvelist
added 2016/01/14 12:0 a.m.54 views

CVE-2016-0777

The resendbytes function in roamingcommon.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key...

6.5AI score0.63468EPSS
Exploits2References34
Cvelist
Cvelist
added 2015/10/21 9:0 p.m.54 views

CVE-2015-4826

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types...

5.1AI score0.02982EPSS
Exploits0References17
Cvelist
Cvelist
added 2014/12/19 3:0 p.m.54 views

CVE-2014-8793

Cross-site scripting XSS vulnerability in lib/max/Admin/UI/Field/PublisherIdField.php in Revive Adserver before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via the refreshpage parameter to www/admin/report-generate.php...

5.6AI score0.02309EPSS
Exploits3References8
Cvelist
Cvelist
added 2014/08/03 6:0 p.m.54 views

CVE-2013-5758

cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running unauthorized services, changing directory permissions, and modifying files...

7AI score0.11892EPSS
Exploits10References5
Cvelist
Cvelist
added 2014/07/20 10:0 a.m.54 views

CVE-2014-3523

Memory leak in the winntaccept function in server/mpm/winnt/child.c in the WinNT MPM in the Apache HTTP Server 2.4.x before 2.4.10 on Windows, when the default AcceptFilter is enabled, allows remote attackers to cause a denial of service memory consumption via crafted requests...

6.3AI score0.16372EPSS
Exploits0References21
Cvelist
Cvelist
added 2014/07/07 2:0 p.m.55 views

CVE-2014-0035

The SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7.10, when EncryptBeforeSigning is enabled and the UsernameToken policy is set to an EncryptedSupportingToken, transmits the UsernameToken in cleartext, which allows remote attackers to obtain sensitive information by sniffing th...

6AI score0.07053EPSS
Exploits0References14
Cvelist
Cvelist
added 2014/05/09 1:0 a.m.54 views

CVE-2014-3214

The prefetch implementation in named in ISC BIND 9.10.0, when a recursive nameserver is enabled, allows remote attackers to cause a denial of service REQUIRE assertion failure and daemon exit via a DNS query that triggers a response with unspecified attributes...

6.3AI score0.17259EPSS
Exploits0References3
Cvelist
Cvelist
added 2013/07/17 10:0 a.m.54 views

CVE-2013-3808

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options...

4.3AI score0.02827EPSS
Exploits0References9
Cvelist
Cvelist
added 2013/07/17 10:0 a.m.54 views

CVE-2013-3805

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Prepared Statements...

5AI score0.02291EPSS
Exploits0References7
Cvelist
Cvelist
added 2013/04/17 12:10 p.m.55 views

CVE-2013-1526

Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication...

4.4AI score0.02214EPSS
Exploits0References4
Cvelist
Cvelist
added 2013/03/07 8:0 p.m.54 views

CVE-2010-5107

The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service connection-slot exhaustion by periodically making many new TCP connections...

5.2AI score0.1651EPSS
Exploits1References12
Cvelist
Cvelist
added 2012/05/03 10:0 p.m.54 views

CVE-2012-1688

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability, related to Server DML...

4.5AI score0.03518EPSS
Exploits0References10
Cvelist
Cvelist
added 2012/05/03 10:0 p.m.54 views

CVE-2012-1697

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition...

4.3AI score0.02957EPSS
Exploits0References8
Cvelist
Cvelist
added 2011/12/25 1:0 a.m.54 views

CVE-2011-4862

Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications aka krb5-appl 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as...

7.3AI score0.95104EPSS
Exploits19References42
Cvelist
Cvelist
added 2011/11/09 11:0 a.m.54 views

CVE-2011-3650

Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service memory corruption and application crash or possibly have...

9.9AI score0.0233EPSS
Exploits0References5
Cvelist
Cvelist
added 2011/05/16 5:0 p.m.54 views

CVE-2011-0419

Stack consumption vulnerability in the fnmatch implementation in aprfnmatch.c in the Apache Portable Runtime APR library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows...

8AI score0.30406EPSS
Exploits5References58
Cvelist
Cvelist
added 2011/01/13 6:35 p.m.54 views

CVE-2010-4052

Stack consumption vulnerability in the regcomp implementation in the GNU C Library aka glibc or libc6 through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service resource exhaustion via a regular expression containing adjacent repetition operators, a...

7.2AI score0.51298EPSS
Exploits12References11
Cvelist
Cvelist
added 2010/09/15 6:0 p.m.54 views

CVE-2010-2730

Buffer overflow in Microsoft Internet Information Services IIS 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability."...

7.6AI score0.32826EPSS
Exploits1References2
Cvelist
Cvelist
added 2010/04/01 4:0 p.m.54 views

CVE-2010-0842

Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March...

7.5AI score0.77721EPSS
Exploits9References33
Cvelist
Cvelist
added 2010/01/22 9:20 p.m.54 views

CVE-2010-0244

Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that 1 was not properly initialized or 2 is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption...

8.8AI score0.20759EPSS
Exploits2References3
Cvelist
Cvelist
added 2009/12/04 9:0 p.m.54 views

CVE-2009-3560

The big2toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service application crash via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlo...

7AI score0.24313EPSS
Exploits2References58
Cvelist
Cvelist
added 2009/09/21 7:0 p.m.54 views

CVE-2009-3200

The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 create an undocumented recovery key and store it in the ENCK variable in flash memory, which allows local users to bypass the passphrase requirement and decrypt the hard drive by reading this variable,...

6.2AI score0.00404EPSS
Exploits2References8
Cvelist
Cvelist
added 2009/07/01 12:26 p.m.54 views

CVE-2009-2288

statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 ping or 2 Traceroute parameters...

7.8AI score0.83453EPSS
Exploits14References12
Cvelist
Cvelist
added 2009/06/10 6:0 p.m.54 views

CVE-2009-1123

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop...

6.1AI score0.04918EPSS
Exploits1References7
Cvelist
Cvelist
added 2009/06/10 5:37 p.m.54 views

CVE-2009-0229

The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability."...

6AI score0.03931EPSS
Exploits2References9
Cvelist
Cvelist
added 2009/06/02 6:0 p.m.54 views

CVE-2009-0950

Stack-based buffer overflow in Apple iTunes before 8.2 allows remote attackers to execute arbitrary code or cause a denial of service application crash via an itms: URL with a long URL component after a colon...

7.8AI score0.28815EPSS
Exploits21References14
Cvelist
Cvelist
added 2007/05/21 8:0 p.m.54 views

CVE-2007-2768

OpenSSH, when using OPIE One-Time Passwords in Everything for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords OTP, a similar issue to CVE-2007-2243...

9.4AI score0.08654EPSS
Exploits0References3
Cvelist
Cvelist
added 2007/04/13 5:0 p.m.54 views

CVE-2007-1742

suexec in Apache HTTP Server httpd 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "htmlbackup" and "htmleditor" under an "html...

6AI score0.00687EPSS
Exploits0References5
Cvelist
Cvelist
added 2007/01/10 12:0 a.m.54 views

CVE-2006-6144

The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1.5 through 1.5.1, as used in Kerberos administration daemon kadmind and other products that use this library, allows remote attackers to cause a denial of service crash via unspecified vectors that cause mechglue to free...

9.1AI score0.05216EPSS
Exploits0References22
Cvelist
Cvelist
added 2006/10/12 12:0 a.m.54 views

CVE-2006-4842

The Netscape Portable Runtime NSPR API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files...

7.3AI score0.076EPSS
Exploits27References10
Cvelist
Cvelist
added 2004/09/01 4:0 a.m.54 views

CVE-2002-1157

Cross-site scripting vulnerability in the modssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a...

8.9AI score0.09701EPSS
Exploits0References15
Cvelist
Cvelist
added 2003/03/21 5:0 a.m.54 views

CVE-2003-0138

Version 4 of the Kerberos protocol krb4, as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack...

9.2AI score0.04284EPSS
Exploits0References12
Cvelist
Cvelist
added 2002/06/25 4:0 a.m.54 views

CVE-2001-1083

Icecast 1.3.7, and other versions before 1.3.11 with HTTP server file streaming support enabled allows remote attackers to cause a denial of service crash via a URL that ends in . dot, / forward slash, or \ backward slash...

6.3AI score0.09628EPSS
Exploits2References9
Cvelist
Cvelist
added 2026/07/03 3:47 p.m.53 views

CVE-2026-14615 Keycloak-services: keycloak: fgap v2 parent group children endpoint bypasses per-child view permission filter

A flaw was found in the Fine-Grained Admin Permissions FGAP v2 implementation within Keycloak's administrative services. When FGAP v2 is enabled, the system fails to properly filter child groups based on the caller's specific permissions when requested through a parent group. This allows a...

4.3CVSS0.00172EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/01 11:58 a.m.53 views

CVE-2026-53903 Insecure Direct Object Reference in MCO

MCO is vulnerable to an Insecure Direct Object Reference IDOR vulnerability in the /customer/servlet/mco/webapi/trading-document/fetchPdfStatement endpoint. The application does not properly validate whether an authenticated user is authorized to access a requested document, allowing direct...

5.3CVSS0.00244EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/29 10:15 a.m.53 views

CVE-2026-41991 Predictable Temporary File in GNU gzip

GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a temporary file path based solely on the process ID PID. This predictable filename is created without...

2CVSS0.00105EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/29 4:45 a.m.53 views

CVE-2026-13536 GotoHTTP reg.12x cross site scripting

A vulnerability has been found in GotoHTTP up to 10.2. This issue affects some unknown processing of the file /reg.12x. The manipulation of the argument sn leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor...

5.3CVSS0.00284EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/23 3:40 p.m.53 views

CVE-2026-54310 n8n: SQL Injection in Postgres v1/TimesclaeDB Nodes

n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows could supply a crafted parameters to the TimescaleDB and/or legacy Postgres v1 node's allowing arbitrary SQL to be injected and executed against the...

6.5CVSS0.00394EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 2:43 p.m.53 views

CVE-2026-10845 IBM WebSphere Application Server is affected by an authentication bypass vulnerability

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to bypass authentication and gain unauthorized access to JAX-WS applications...

0.00337EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 6:26 a.m.53 views

CVE-2026-46331 net/sched: fix pedit partial COW leading to page cache corruption

In the Linux kernel, the following vulnerability has been resolved: net/sched: fix pedit partial COW leading to page cache corruption tcfpeditact computes the COW range for skbensurewritable once before the key loop using tcfpoffmaxhint, but the hint does not account for the runtime header offset...

7.8CVSS0.00321EPSS
Exploits11References8
Cvelist
Cvelist
added 2026/06/15 3:0 p.m.53 views

CVE-2026-9595 webpack-dev-server vulnerable to HMR WebSocket interception via permissive user proxies

Impact: When a user-configured proxy on webpack-dev-server has a broad context e.g. / and ws: true, it also intercepts the dev server's own HMR WebSocket and forwards it to the proxy target. This leaks the browser's cookies and Origin header to the backend, bypasses the dev server's Host/Origin...

5.3CVSS0.00163EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/10 12:34 a.m.53 views

CVE-2026-45542 ESF-IDF: Heap buffer overflow in protocomm Security2 over Bluetooth

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a heap buffer overflow exists in the Security Scheme 2 SRP6a session-setup path of the protocomm component. The first-phase handler handlesessioncommand0 in...

7.1CVSS0.00325EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/09 10:30 p.m.53 views

CVE-2026-9753 Server crash via malformed binary diff passed to $_internalApplyOplogUpdate.

The $internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed binary diff to return memory out-of-bounds or crash the server. $internalApplyOplogUpdate can be executed by any authenticated user with access to the aggregate command...

8.1CVSS0.00298EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/08 11:28 p.m.53 views

CVE-2026-11699

Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

0.00203EPSS
Exploits0References2
Total number of security vulnerabilities5000