Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (1712 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2004-0653 1 Sun 1 Solaris 2025-04-03 N/A
Solaris 9, when configured as a Kerberos client with patch 112908-12 or 115168-03 and using pam_krb5 as an "auth" module with the debug feature enabled, records passwords in plaintext, which could allow local users to gain other user's passwords by reading log files.
CVE-2004-0651 1 Sun 2 Jre, Sdk 2025-04-03 N/A
Unknown vulnerability in Sun Java Runtime Environment (JRE) 1.4.2 through 1.4.2_03 allows remote attackers to cause a denial of service (virtual machine hang).
CVE-2004-0523 5 Mit, Redhat, Sgi and 2 more 8 Kerberos, Kerberos 5, Enterprise Linux and 5 more 2025-04-03 N/A
Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root.
CVE-2004-0496 5 Gentoo, Linux, Mandrakesoft and 2 more 13 Linux, Linux Kernel, Mandrake Linux and 10 more 2025-04-03 N/A
Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users to gain privileges or access kernel memory, a different set of vulnerabilities than those identified in CVE-2004-0495, as found by the Sparse source code checking tool.
CVE-2004-0481 1 Sun 2 Solaris, Sunos 2025-04-03 N/A
The logging feature in kcms_configure in the KCMS package on Solaris 8 and 9, and possibly other versions, allows local users to corrupt arbitrary files via a symlink attack on the KCS_ClogFile file.
CVE-2004-0360 1 Sun 2 Solaris, Sunos 2025-04-03 N/A
Unknown vulnerability in passwd(1) in Solaris 8.0 and 9.0 allows local users to gain privileges via unknown attack vectors.
CVE-2021-43360 1 Sun 1 Ehrd 2024-11-21 8.8 High
Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access privilege, to execute arbitrary code and control the system or interrupt services.
CVE-2021-43359 1 Sun 1 Ehrd 2024-11-21 8.8 High
Sunnet eHRD has broken access control vulnerability, which allows a remote attacker to access account management page after being authenticated as a general user, then perform privilege escalation to execute arbitrary code and control the system or interrupt services.
CVE-2021-43358 1 Sun 1 Ehrd 2024-11-21 7.5 High
Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authentication, access restricted paths and download system files.
CVE-2020-10510 1 Sun 1 Ehrd 2024-11-21 8.1 High
Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. After login, attackers can use a specific URL, access unauthorized functionality and data.
CVE-2020-10509 1 Sun 1 Ehrd 2024-11-21 6.1 Medium
Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting (XSS), attackers can inject arbitrary command into the system and launch XSS attack.
CVE-2020-10508 1 Sun 1 Ehrd 2024-11-21 7.5 High
Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information.