Export limit exceeded: 10600 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 20096 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 361824 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361824 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-3297 | 1 Uebimiau | 1 Uebimiau | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in error.php in UebiMiau Webmail 2.7.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the icq parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2005-3272 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-16 | N/A |
| Linux kernel before 2.6.12 allows remote attackers to poison the bridge forwarding table using frames that have already been dropped by filtering, which can cause the bridge to forward spoofed packets. | ||||
| CVE-2005-3273 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-16 | N/A |
| The rose_rt_ioctl function in rose_route.c for Radionet Open Source Environment (ROSE) in Linux 2.6 kernels before 2.6.12, and 2.4 before 2.4.29, does not properly verify the ndigis argument for a new route, which allows attackers to trigger array out-of-bounds errors with a large number of digipeats. | ||||
| CVE-2006-3298 | 1 Yahoo | 1 Messenger | 2026-04-16 | N/A |
| Yahoo! Messenger 7.5.0.814 and 7.0.438 allows remote attackers to cause a denial of service (crash) via messages that contain non-ASCII characters, which triggers the crash in jscript.dll. | ||||
| CVE-2005-3274 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2026-04-16 | 4.7 Medium |
| Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4 before 2.4.32-pre2, when running on SMP systems, allows local users to cause a denial of service (null dereference) by causing a connection timer to expire while the connection table is being flushed before the appropriate lock is acquired. | ||||
| CVE-2005-3275 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-16 | N/A |
| The NAT code (1) ip_nat_proto_tcp.c and (2) ip_nat_proto_udp.c in Linux kernel 2.6 before 2.6.13 and 2.4 before 2.4.32-rc1 incorrectly declares a variable to be static, which allows remote attackers to cause a denial of service (memory corruption) by causing two packets for the same protocol to be NATed at the same time, which leads to memory corruption. | ||||
| CVE-2005-3276 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-16 | N/A |
| The sys_get_thread_area function in process.c in Linux 2.6 before 2.6.12.4 and 2.6.13 does not clear a data structure before copying it to userspace, which might allow a user process to obtain sensitive information. | ||||
| CVE-2006-3299 | 1 Metalheadws | 1 Usenet | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Usenet Script 0.5 allows remote attackers to inject arbitrary web script or HTML via the group parameter. | ||||
| CVE-2005-3279 | 1 Jan Kybic | 1 Bitmap Viewer | 2026-04-16 | N/A |
| Stack-based buffer overflow in the vgasco_printf function in Jan Kybic BitMap Viewer (BMV) 1.2, when compiled with the M_UNIX flag and running setuid, allows local users to gain privileges via a long filename in the -b command line option. | ||||
| CVE-2005-4844 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| The CLSID_ApprenticeICW control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer. | ||||
| CVE-2005-3050 | 1 Phpmyfaq | 1 Phpmyfaq | 2026-04-16 | N/A |
| PhpMyFaq 1.5.1 allows remote attackers to obtain sensitive information via a LANGCODE parameter that does not exist, which reveals the path in an error message. | ||||
| CVE-2006-3211 | 1 Cjguestbook Project | 1 Cjguestbook | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in sign.php in cjGuestbook 1.3 and earlier allows remote attackers to inject Javascript code via a javascript URI in an img bbcode tag in the comments parameter. | ||||
| CVE-2005-3130 | 1 Lucidcms | 1 Lucidcms | 2026-04-16 | N/A |
| SQL injection vulnerability in lucidCMS 1.0.11 allows remote attackers to execute arbitrary SQL commands via the login field. | ||||
| CVE-2005-3049 | 1 Phpmyfaq | 1 Phpmyfaq | 2026-04-16 | N/A |
| PhpMyFaq 1.5.1 stores data files under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain sensitive information via a direct request to the data/tracking[DATE] file. | ||||
| CVE-2006-3208 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2026-04-16 | N/A |
| Direct static code injection vulnerability in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote authenticated administrators to execute arbitrary PHP code via multiple unspecified "configuration fields" in (1) admin_chatconfig.php, (2) admin_configcss.php, (3) admin_config.php, or (4) admin_config2.php, which are stored as configuration settings. NOTE: this issue can be exploited by remote attackers by leveraging other vulnerabilities in UPB. | ||||
| CVE-2005-3127 | 1 Lucidcms | 1 Lucidcms | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in lucidCMS 1.0.11 allows remote attackers to inject arbitrary web script or HTML via the query string. | ||||
| CVE-2005-3048 | 1 Phpmyfaq | 1 Phpmyfaq | 2026-04-16 | N/A |
| Directory traversal vulnerability in index.php in PhpMyFaq 1.5.1 allows remote attackers to read arbitrary files or include arbitrary PHP files via a .. (dot dot) in the LANGCODE parameter, which also allows direct code injection via the User Agent field in a request packet, which can be activated by using LANGCODE to reference the user tracking data file. | ||||
| CVE-2005-2741 | 2 Apple, Perry Kiehtreiber | 3 Mac Os X, Mac Os X Server, Securityd | 2026-04-16 | N/A |
| Authorization Services in securityd for Apple Mac OS X 10.3.9 allows local users to gain privileges by granting themselves certain rights that should be restricted to administrators. | ||||
| CVE-2005-3411 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in post.asp in Snitz Forums 2000 3.4.05 allows remote attackers to inject arbitrary web script or HTML via the type parameter in a Topic method. | ||||
| CVE-2005-2742 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-16 | N/A |
| SecurityAgent in Apple Mac OS X 10.4.2, under certain circumstances, can cause the "Switch User..." button to appear even though the "Enable fast user switching" setting is disabled, which can allow attackers with physical access to gain access to the desktop and bypass the "Require password to wake this computer from sleep or screen saver" setting. | ||||