Export limit exceeded: 346610 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346610 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6644 | 1 Dnnsoftware | 1 Dotnetnuke | 2026-04-24 | N/A |
| Cross-site scripting (XSS) vulnerability in Default.aspx in DotNetNuke 4.8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | ||||
| CVE-2008-6732 | 1 Dnnsoftware | 1 Dotnetnuke | 2026-04-24 | N/A |
| Cross-site scripting (XSS) vulnerability in the Language skin object in DotNetNuke before 4.8.4 allows remote attackers to inject arbitrary web script or HTML via "newly generated paths." | ||||
| CVE-2008-6733 | 1 Dnnsoftware | 1 Dotnetnuke | 2026-04-24 | N/A |
| Cross-site scripting (XSS) vulnerability in the error handling page in DotNetNuke 4.6.2 through 4.8.3 allows remote attackers to inject arbitrary web script or HTML via the querystring parameter. | ||||
| CVE-2008-7100 | 1 Dnnsoftware | 1 Dotnetnuke | 2026-04-24 | N/A |
| Unspecified vulnerability in DotNetNuke 4.4.1 through 4.8.4 allows remote authenticated users to bypass authentication and gain privileges via unknown vectors related to a "unique id" for user actions and improper validation of a "user identity." | ||||
| CVE-2008-7101 | 1 Dnnsoftware | 1 Dotnetnuke | 2026-04-24 | N/A |
| Unspecified vulnerability in DotNetNuke 4.0 through 4.8.4 and 5.0 allows remote attackers to obtain sensitive information (portal number) by accessing the install wizard page via unknown vectors. | ||||
| CVE-2009-1366 | 1 Dnnsoftware | 1 Dotnetnuke | 2026-04-24 | N/A |
| Cross-site scripting (XSS) vulnerability in Website\admin\Sales\paypalipn.aspx in DotNetNuke (DNN) before 4.9.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "name/value pairs" and "paypal IPN functionality." | ||||
| CVE-2009-4109 | 1 Dnnsoftware | 1 Dotnetnuke | 2026-04-24 | N/A |
| The install wizard in DotNetNuke 4.0 through 5.1.4 does not prevent anonymous users from accessing functionality related to determination of the need for an upgrade, which allows remote attackers to access version information and possibly other sensitive information. | ||||
| CVE-2009-4110 | 1 Dnnsoftware | 1 Dotnetnuke | 2026-04-24 | N/A |
| Cross-site scripting (XSS) vulnerability in the search functionality in DotNetNuke 4.8 through 5.1.4 allows remote attackers to inject arbitrary web script or HTML via search terms that are not properly filtered before display in a custom results page. | ||||
| CVE-2012-1036 | 2 Dnnsoftware, Dotnetnuke | 2 Dotnetnuke, Dotnetnuke | 2026-04-24 | N/A |
| Cross-site scripting (XSS) vulnerability in the telerik HTML editor in DotNetNuke before 5.6.4 and 6.x before 6.1.0 allows remote attackers to inject arbitrary web script or HTML via a message. | ||||
| CVE-2013-4649 | 1 Dnnsoftware | 1 Dotnetnuke | 2026-04-24 | N/A |
| Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote attackers to inject arbitrary web script or HTML via the __dnnVariable parameter to the default URI. | ||||
| CVE-2026-26169 | 1 Microsoft | 25 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 22 more | 2026-04-24 | 6.1 Medium |
| Buffer over-read in Windows Kernel Memory allows an authorized attacker to disclose information locally. | ||||
| CVE-2026-26170 | 1 Microsoft | 25 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 22 more | 2026-04-24 | 7.8 High |
| Improper input validation in Microsoft PowerShell allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-26172 | 1 Microsoft | 19 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 16 more | 2026-04-24 | 7.8 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-41681 | 2026-04-24 | N/A | ||
| rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.39 to before 0.10.78, EVP_DigestFinal() always writes EVP_MD_CTX_size(ctx) to the out buffer. If out is smaller than that, MdCtxRef::digest_final() writes past its end, usually corrupting the stack. This is reachable from safe Rust. This vulnerability is fixed in 0.10.78. | ||||
| CVE-2026-41898 | 2026-04-24 | N/A | ||
| rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::set_psk_client_callback, set_psk_server_callback, set_cookie_generate_cb, and set_stateless_cookie_generate_cb forwarded the user closure's returned usize directly to OpenSSL without checking it against the &mut [u8] that was handed to the closure. This can lead to buffer overflows and other unintended consequences. This vulnerability is fixed in 0.10.78. | ||||
| CVE-2026-26173 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-04-24 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-41677 | 2026-04-24 | N/A | ||
| rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.0 to before 0.10.78, the *_from_pem_callback APIs did not validate the length returned by the user's callback. A password callback that returns a value larger than the buffer it was given can cause some versions of OpenSSL to over-read this buffer. OpenSSL 3.x is not affected by this. This vulnerability is fixed in 0.10.78. | ||||
| CVE-2026-6912 | 1 Aws | 1 Aws Ops Wheel | 2026-04-24 | 8.8 High |
| Improperly controlled modification of dynamically-determined object attributes in the Cognito User Pool configuration in AWS Ops Wheel before PR #165 allows remote authenticated users to escalate to deployment admin privileges and manage Cognito user accounts via a crafted UpdateUserAttributes API call that sets the custom:deployment_admin attribute. To remediate this issue, users should redeploy from the updated repository and ensure any forked or derivative code is patched to incorporate the new fixes. | ||||
| CVE-2026-6911 | 1 Aws | 1 Aws Ops Wheel | 2026-04-24 | 9.8 Critical |
| Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the application, including the ability to read, modify, and delete all application data across tenants and manage Cognito user accounts within the deployment's User Pool, via a crafted JWT sent to the API Gateway endpoint. To remediate this issue, users should redeploy from the updated repository and ensure any forked or derivative code is patched to incorporate the new fixes. | ||||
| CVE-2026-41411 | 2026-04-24 | 6.6 Medium | ||
| Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file is passed through wildcard expansion to resolve environment variables and wildcards. If the filename field contains backtick syntax (e.g., `command`), Vim executes the embedded command via the system shell with the full privileges of the running user. | ||||