Total
29787 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2001-0272 | 1 W3.org | 1 Sendtemp.pl | 2025-04-03 | N/A |
| Directory traversal vulnerability in sendtemp.pl in W3.org Anaya Web development server allows remote attackers to read arbitrary files via a .. (dot dot) attack in the templ parameter. | ||||
| CVE-2005-0781 | 1 Php Arena | 1 Pafiledb | 2025-04-03 | N/A |
| SQL injection vulnerability in (1) viewall.php and (2) category.php in paFileDB 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter to pafiledb.php. | ||||
| CVE-2005-2831 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | N/A |
| Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of the "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2127. | ||||
| CVE-2006-4429 | 1 Phlymail | 1 Phlymail Lite | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in handlers/email/mod.output.php in PHlyMail Lite 3.4.4 and earlier (Build 3.04.04) allows remote attackers to execute arbitrary PHP code via a URL in the _PM_[path][handler] parameter, a different vector than CVE-2006-4291. NOTE: This issue has been disputed by a third party, who states that the _IN_PHM_ declaration prevents this file from being called directly | ||||
| CVE-2006-3280 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | N/A |
| Cross-domain vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, aka "Redirect Cross-Domain Information Disclosure Vulnerability." | ||||
| CVE-2005-3734 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in the "add content" page in phpMyFAQ 1.5.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) thema, (2) username, and (3) usermail parameters. | ||||
| CVE-2005-3738 | 1 Mambo | 1 Mambo Site Server | 2025-04-03 | N/A |
| globals.php in Mambo Site Server 4.0.14 and earlier, when register_globals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfig_absolute_path parameter to content.html.php for remote PHP file inclusion. | ||||
| CVE-2023-24021 | 3 Debian, Redhat, Trustwave | 3 Debian Linux, Jboss Core Services, Modsecurity | 2025-04-02 | 7.5 High |
| Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection. | ||||
| CVE-2023-24056 | 1 Pkgconf | 1 Pkgconf | 2025-04-02 | 5.5 Medium |
| In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. For example, a .pc file containing a few hundred bytes can expand to one billion bytes. | ||||
| CVE-2023-24038 | 2 Debian, Html-stripscripts Project | 2 Debian Linux, Html-stripscripts | 2025-04-02 | 7.5 High |
| The HTML-StripScripts module through 1.06 for Perl allows _hss_attval_style ReDoS because of catastrophic backtracking for HTML content with certain style attributes. | ||||
| CVE-2021-24881 | 1 Passster Project | 1 Passter | 2025-04-02 | 7.5 High |
| The Passster WordPress plugin before 3.5.5.9 does not properly check for password, as well as that the post to be viewed is public, allowing unauthenticated users to bypass the protection offered by the plugin, and access arbitrary posts (such as private) content, by sending a specifically crafted request. | ||||
| CVE-2023-0435 | 1 Pyload | 1 Pyload | 2025-04-02 | 9.8 Critical |
| Excessive Attack Surface in GitHub repository pyload/pyload prior to 0.5.0b3.dev41. | ||||
| CVE-2022-40036 | 1 Blog-ssm Project | 1 Blog-ssm | 2025-04-02 | 6.5 Medium |
| An issue was discovered in Rawchen blog-ssm v1.0 allows an attacker to obtain sensitive user information by bypassing permission checks via the /adminGetUserList component. | ||||
| CVE-2022-3820 | 1 Gitlab | 1 Gitlab | 2025-04-02 | 6.5 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a valid Deploy Token to misuse it from any location. | ||||
| CVE-2022-3740 | 1 Gitlab | 1 Gitlab | 2025-04-02 | 6.5 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using Deploy tokens or Deploy keys . | ||||
| CVE-2022-31704 | 1 Vmware | 1 Vrealize Log Insight | 2025-04-02 | 9.8 Critical |
| The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution. | ||||
| CVE-2024-13446 | 1 Amentotech | 1 Workreap | 2025-04-02 | 9.8 Critical |
| The Workreap plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.2.5. This is due to the plugin not properly validating a user's identity prior to (1) performing a social auto-login or (2) updating their profile details (e.g. password). This makes it possible for unauthenticated attackers to (1) login as an arbitrary user if their email address is known or (2) change an arbitrary user's password, including administrators, and leverage that to gain access to their account. NOTE: This vulnerability was partially fixed in version 3.2.5. | ||||
| CVE-2024-2611 | 3 Debian, Mozilla, Redhat | 8 Debian Linux, Firefox, Thunderbird and 5 more | 2025-04-01 | 5.5 Medium |
| A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. | ||||
| CVE-2022-43997 | 1 Aternity | 1 Aternity | 2025-04-01 | 7.8 High |
| Incorrect access control in Aternity agent in Riverbed Aternity before 12.1.4.27 allows for local privilege escalation. There is an insufficiently protected handle to the A180AG.exe SYSTEM process with PROCESS_ALL_ACCESS rights. | ||||
| CVE-2022-25908 | 1 Create-choo-electron Project | 1 Create-choo-electron | 2025-04-01 | 7.4 High |
| All versions of the package create-choo-electron are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization. | ||||