Export limit exceeded: 26242 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (26242 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-23506 1 Instawp 1 Instawp Connect 2026-04-23 7.7 High
Insertion of Sensitive Information Into Sent Data vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.9.
CVE-2024-1435 1 Tainacan 1 Tainacan 2026-04-23 5.3 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in tainacan Tainacan tainacan.This issue affects Tainacan: from n/a through <= 0.20.6.
CVE-2026-34269 1 Oracle 1 Peoplesoft Enterprise Peopletools 2026-04-23 6.1 Medium
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
CVE-2026-5752 1 Cohere 1 Cohere-terrarium 2026-04-23 9.3 Critical
Sandbox Escape Vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScript prototype chain traversal.
CVE-2023-5831 1 Gitlab 1 Gitlab 2026-04-23 3.7 Low
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, and all versions starting from 16.5.0 before 16.5.1 which have the `super_sidebar_logged_out` feature flag enabled. Affected versions with this default-disabled feature flag enabled may unintentionally disclose GitLab version metadata to unauthorized actors.
CVE-2007-1313 1 Netxautomation 1 Netxeib 2026-04-23 N/A
NETxAutomation NETxEIB OPC Server before 3.0.1300 does not properly validate OLE for Process Control (OPC) server handles, which allows attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors involving the (1) IOPCSyncIO::Read, (2) IOPCSyncIO::Write, (3) IOPCServer::AddGroup, (4) IOPCServer::RemoveGroup, (5) IOPCCommon::SetClientName, and (6) IOPCGroupStateMgt::CloneGroup functions, which allow access to arbitrary memory. NOTE: the vectors might be limited to attackers with physical access.
CVE-2007-4570 1 Redhat 2 Enterprise Linux, Mcstrans 2026-04-23 N/A
Algorithmic complexity vulnerability in the MCS translation daemon in mcstrans 0.2.3 allows local users to cause a denial of service (temporary daemon outage) via a large range of compartments in sensitivity labels.
CVE-2008-3790 2 Redhat, Ruby-lang 2 Enterprise Linux, Ruby 2026-04-23 N/A
The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9 allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML document with recursively nested entities, aka an "XML entity explosion."
CVE-2007-1167 1 Dzcp 1 Dev\!l\'z Clanportal 2026-04-23 N/A
inc/filebrowser/browser.php in deV!L`z Clanportal (DZCP) 1.4.5 and earlier allows remote attackers to obtain MySQL data via the inc/mysql.php value of the file parameter.
CVE-2009-1234 1 Opera 1 Opera Browser 2026-04-23 N/A
Opera 9.64 allows remote attackers to cause a denial of service (application crash) via an XML document containing a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 9.52 is also affected.
CVE-2008-6731 1 China-on-site 1 Flexphplink 2026-04-23 N/A
Unrestricted file upload vulnerability in submitlink.php in FlexPHPLink Pro 0.0.7 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the renamed file in linkphoto/.
CVE-2008-4404 1 Ibm 1 Zseries 2026-04-23 N/A
The IPv6 Neighbor Discovery Protocol (NDP) implementation on IBM zSeries servers does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB), a related issue to CVE-2008-2476.
CVE-2008-2476 6 Force10, Freebsd, Juniper and 3 more 6 Ftos, Freebsd, Jnos and 3 more 2026-04-23 N/A
The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB).
CVE-2008-3676 1 Hmailserver 1 Hmailserver 2026-04-23 N/A
Unspecified vulnerability in the IMAP server in hMailServer 4.4.1 allows remote authenticated users to cause a denial of service (resource exhaustion or daemon crash) via a long series of IMAP commands.
CVE-2007-1136 1 Webmplayer 1 Webmplayer 2026-04-23 N/A
index.php in WebMplayer before 0.6.1-Alpha allows remote attackers to execute arbitrary code via shell metacharacters in an exec function call. NOTE: some sources have referred to this as eval injection in the param parameter, but CVE source inspection suggests that this is erroneous.
CVE-2006-7235 1 5e5 1 Teamtek Universal Ftp Server 2026-04-23 N/A
Teamtek Universal FTP Server 1.0.50 allows remote attackers to cause a denial of service (daemon crash or hang) via (1) multiple STOR (aka PUT) commands, or an MKD command followed by (2) a '*' argument, (3) a '|' argument, (4) spaces, or (5) a long string. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-5793 2 Greg Roelofs, Redhat 2 Libpng, Enterprise Linux 2026-04-23 N/A
The sPLT chunk handling code (png_set_sPLT function in pngset.c) in libpng 1.0.6 through 1.2.12 uses a sizeof operator on the wrong data type, which allows context-dependent attackers to cause a denial of service (crash) via malformed sPLT chunks that trigger an out-of-bounds read.
CVE-2008-2170 1 Century Software 1 Router 2026-04-23 7.5 High
Unspecified vulnerability in Century routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372.
CVE-2008-2574 1 Flashblog 1 Flashblog 2026-04-23 N/A
Unrestricted file upload vulnerability in admin/Editor/imgupload.php in FlashBlog 0.31 beta allows remote attackers to execute arbitrary code by uploading a .php file, then accessing it via a direct request to the file in tus_imagenes/.
CVE-2007-1277 1 Wordpress 1 Wordpress 2026-04-23 N/A
WordPress 2.1.1, as downloaded from some official distribution sites during February and March 2007, contains an externally introduced backdoor that allows remote attackers to execute arbitrary commands via (1) an eval injection vulnerability in the ix parameter to wp-includes/feed.php, and (2) an untrusted passthru call in the iz parameter to wp-includes/theme.php.