Export limit exceeded: 25145 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25145 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-4656 | 1 Backup Manager | 1 Backup Manager | 2026-04-23 | N/A |
| backup-manager-upload in Backup Manager before 0.6.3 provides the FTP server hostname, username, and password as plaintext command line arguments during FTP uploads, which allows local users to obtain sensitive information by listing the process and its arguments, a different vulnerability than CVE-2007-2766. | ||||
| CVE-2008-1062 | 1 Intervideo | 1 Windvd Media Center | 2026-04-23 | N/A |
| InterVideo IMC Server (aka IMCSvr.exe) and InterVideo Home Theater (aka IHT.exe) in InterVideo WinDVD Media Center 2.11.15.0 allow remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted packet with two CRLF sequences. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-7205 | 1 Virtuemart | 1 Virtuemart | 2026-04-23 | N/A |
| Unspecified vulnerability in the product view functionality in VirtueMart 1.0.13a and earlier allows remote attackers to read arbitrary files via vectors related to a template file. | ||||
| CVE-2008-5543 | 2 Microsoft, Symantec | 2 Internet Explorer, Antivirus | 2026-04-23 | N/A |
| Symantec AntiVirus (SAV) 10, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | ||||
| CVE-2006-5265 | 1 Microsoft | 1 Dynamics Gp | 2026-04-23 | N/A |
| Unspecified vulnerability in Microsoft Dynamics GP (formerly Great Plains) 9.0 and earlier allows remote attackers to cause a denial of service (crash) via an invalid magic number in a Distributed Process Server (DPS) message. | ||||
| CVE-2008-1111 | 1 Lighttpd | 1 Lighttpd | 2026-04-23 | N/A |
| mod_cgi in lighttpd 1.4.18 sends the source code of CGI scripts instead of a 500 error when a fork failure occurs, which might allow remote attackers to obtain sensitive information. | ||||
| CVE-2007-4969 | 1 Sysinternals | 1 Process Monitor | 2026-04-23 | N/A |
| Process Monitor 1.22 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via unspecified kernel SSDT hooks for Windows Native API functions including (1) NtCreateKey, (2) NtDeleteValueKey, (3) NtLoadKey, (4) NtOpenKey, (5) NtQueryValueKey, (6) NtSetValueKey, and (7) NtUnloadKey. | ||||
| CVE-2007-4761 | 1 Matteo | 1 Barbo91 | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in upload.php in Barbo91 1.1 allows remote attackers to upload and execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-1296 | 1 Ubuntu | 2 73-oubuntu, Ubuntu | 2026-04-23 | N/A |
| The eCryptfs support utilities (ecryptfs-utils) 73-0ubuntu6.1 on Ubuntu 9.04 stores the mount passphrase in installation logs, which might allow local users to obtain access to the filesystem by reading the log files from disk. NOTE: the log files are only readable by root. | ||||
| CVE-2008-1014 | 1 Apple | 1 Quicktime | 2026-04-23 | N/A |
| Apple QuickTime before 7.4.5 does not properly handle external URLs in movies, which allows remote attackers to obtain sensitive information. | ||||
| CVE-2008-4137 | 1 Php Crawler | 1 Php Crawler | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in footer.php in PHP-Crawler 0.8 allows remote attackers to execute arbitrary PHP code via a URL in the footer_file parameter. | ||||
| CVE-2007-2479 | 1 Cerulean Studios | 1 Trillian | 2026-04-23 | N/A |
| Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to obtain potentially sensitive information via long CTCP PING messages that contain UTF-8 characters, which generates a malformed response that is not truncated by a newline, which can cause portions of a server message to be sent to the attacker. | ||||
| CVE-2008-5461 | 1 Oracle | 1 Bea Product Suite | 2026-04-23 | N/A |
| Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0, and SP7 allows remote attackers to affect confidentiality, integrity, and availability, related to WLS. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is cross-site scripting. | ||||
| CVE-2008-1741 | 1 Cisco | 1 Unified Presence | 2026-04-23 | N/A |
| The SIP Proxy (SIPD) service in Cisco Unified Presence before 6.0(3) allows remote attackers to cause a denial of service (core dump and service interruption) via a TCP port scan, aka Bug ID CSCsj64533. | ||||
| CVE-2008-3514 | 1 Vmware | 1 Virtualcenter | 2026-04-23 | N/A |
| VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update 5 relies on client-side "enabled/disabled functionality" for access control, which allows remote attackers to determine valid user names by enabling functionality in the GUI and then making an "attempt to assign permissions to other system users." | ||||
| CVE-2007-5043 | 1 Kaspersky Lab | 1 Kaspersky Internet Security | 2026-04-23 | N/A |
| Kaspersky Internet Security 7.0.0.125 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to (1) cause a denial of service (crash) and possibly gain privileges via the NtCreateSection kernel SSDT hook or (2) cause a denial of service (avp.exe service outage) via the NtLoadDriver kernel SSDT hook. NOTE: this issue may partially overlap CVE-2006-3074. | ||||
| CVE-2008-3208 | 1 Simpledns | 1 Simple Dns Plus | 2026-04-23 | N/A |
| Simple DNS Plus 4.1, 5.0, and possibly other versions before 5.1.101 allows remote attackers to cause a denial of service via multiple DNS reply packets. | ||||
| CVE-2008-3114 | 2 Redhat, Sun | 5 Network Satellite, Rhel Extras, Jdk and 2 more | 2026-04-23 | N/A |
| Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074. | ||||
| CVE-2025-43458 | 1 Apple | 7 Ios, Ipados, Iphone Os and 4 more | 2026-04-22 | 4.3 Medium |
| This issue was addressed through improved state management. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||
| CVE-2025-43443 | 1 Apple | 7 Ios, Ipados, Iphone Os and 4 more | 2026-04-22 | 4.3 Medium |
| This issue was addressed with improved checks. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||