Export limit exceeded: 345573 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 345573 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345573 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-0767 | 7 Adobe, Apple, Google and 4 more | 7 Flash Player, Mac Os X, Android and 4 more | 2026-04-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)," as exploited in the wild in February 2012. | ||||
| CVE-2012-1535 | 7 Adobe, Apple, Linux and 4 more | 10 Flash Player, Mac Os X, Linux Kernel and 7 more | 2026-04-21 | 7.8 High |
| Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content, as exploited in the wild in August 2012 with SWF content in a Word document. | ||||
| CVE-2012-1710 | 1 Oracle | 1 Fusion Middleware | 2026-04-21 | 9.8 Critical |
| Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Designer, a different vulnerability than CVE-2012-1709. | ||||
| CVE-2007-0671 | 1 Microsoft | 14 Access, Excel, Excel Viewer and 11 more | 2026-04-21 | 8.8 High |
| Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks. | ||||
| CVE-2007-3010 | 1 Al-enterprise | 1 Omnipcx Enterprise Communication Server | 2026-04-21 | 9.8 Critical |
| masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action. | ||||
| CVE-2007-5659 | 2 Adobe, Redhat | 3 Acrobat, Acrobat Reader, Rhel Extras | 2026-04-21 | 7.8 High |
| Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to execute arbitrary code via a PDF file with long arguments to unspecified JavaScript methods. NOTE: this issue might be subsumed by CVE-2008-0655. | ||||
| CVE-2008-2992 | 3 Adobe, Oracle, Redhat | 4 Acrobat, Acrobat Reader, Solaris and 1 more | 2026-04-21 | 7.8 High |
| Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104. | ||||
| CVE-2008-3431 | 1 Oracle | 1 Virtualbox | 2026-04-21 | 8.8 High |
| The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to gain privileges by opening the \\.\VBoxDrv device and calling DeviceIoControl to send a crafted kernel address. | ||||
| CVE-2009-0557 | 1 Microsoft | 5 Office, Office Compatibility Pack, Office Excel Viewer and 2 more | 2026-04-21 | 7.8 High |
| Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Object Record Corruption Vulnerability." | ||||
| CVE-2014-3931 | 1 Multi-router Looking Glass Project | 1 Multi-router Looking Glass | 2026-04-21 | 9.8 Critical |
| fastping.c in MRLG (aka Multi-Router Looking Glass) before 5.5.0 allows remote attackers to cause an arbitrary memory write and memory corruption. | ||||
| CVE-2015-1187 | 2 Dlink, Trendnet | 30 Dir-626l, Dir-626l Firmware, Dir-636l and 27 more | 2026-04-21 | 9.8 Critical |
| The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp. | ||||
| CVE-2015-1641 | 1 Microsoft | 6 Office, Office Compatibility Pack, Office Web Apps and 3 more | 2026-04-21 | 7.8 High |
| Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted RTF document, aka "Microsoft Office Memory Corruption Vulnerability." | ||||
| CVE-2015-1671 | 1 Microsoft | 11 .net Framework, Live Meeting, Lync and 8 more | 2026-04-21 | 7.8 High |
| The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; Lync Basic 2013 SP1; Silverlight 5 before 5.1.40416.00; and Silverlight 5 Developer Runtime before 5.1.40416.00, allows remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability." | ||||
| CVE-2015-1701 | 1 Microsoft | 4 Windows 2003 Server, Windows 7, Windows Server 2008 and 1 more | 2026-04-21 | 7.8 High |
| Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in April 2015, aka "Win32k Elevation of Privilege Vulnerability." | ||||
| CVE-2015-1769 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2026-04-21 | 6.6 Medium |
| Mount Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 mishandles symlinks, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Mount Manager Elevation of Privilege Vulnerability." | ||||
| CVE-2015-2291 | 2 Intel, Microsoft | 3 Ethernet Diagnostics Driver Iqvw32.sys, Ethernet Diagnostics Driver Iqvw64.sys, Windows | 2026-04-21 | 7.8 High |
| (1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the Intel Ethernet diagnostics driver for Windows allows local users to cause a denial of service or possibly execute arbitrary code with kernel privileges via a crafted (a) 0x80862013, (b) 0x8086200B, (c) 0x8086200F, or (d) 0x80862007 IOCTL call. | ||||
| CVE-2015-2360 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2026-04-21 | 8.8 High |
| win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." | ||||
| CVE-2015-2387 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2026-04-21 | 7.8 High |
| ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "ATMFD.DLL Memory Corruption Vulnerability." | ||||
| CVE-2015-2419 | 1 Microsoft | 8 Internet Explorer, Windows 7, Windows 8 and 5 more | 2026-04-21 | 8.8 High |
| JScript 9 in Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "JScript9 Memory Corruption Vulnerability." | ||||
| CVE-2015-2424 | 1 Microsoft | 6 Excel Viewer, Office, Office Compatibility Pack and 3 more | 2026-04-21 | 8.8 High |
| Microsoft PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP1, Word 2013 SP1, and PowerPoint 2013 RT SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." | ||||