Export limit exceeded: 366256 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366256 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-5449 1 Softbizscripts 1 Recipes Portal Script 2026-04-06 N/A
SQL injection vulnerability in searchresult.php in Softbiz Recipes Portal Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter.
CVE-2023-3972 1 Redhat 23 Enterprise Linux, Enterprise Linux Aus, Enterprise Linux Desktop and 20 more 2026-04-06 7.8 High
A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local user or attacker could create the /var/tmp/insights-client directory (owning the directory with read, write, and execute permissions) on the system. After the insights-client is registered by root, an attacker could then control the directory content that insights are using by putting malicious scripts into it and executing arbitrary code as root (trivially bypassing SELinux protections because insights processes are allowed to disable SELinux system-wide).
CVE-2025-22040 2 Debian, Linux 2 Debian Linux, Linux Kernel 2026-04-06 8.8 High
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix session use-after-free in multichannel connection There is a race condition between session setup and ksmbd_sessions_deregister. The session can be freed before the connection is added to channel list of session. This patch check reference count of session before freeing it.
CVE-2009-2790 1 Softbizscripts 1 Dating Script 2026-04-06 N/A
SQL injection vulnerability in cat_products.php in SoftBiz Dating Script allows remote attackers to execute arbitrary SQL commands via the cid parameter. NOTE: this might overlap CVE-2006-3271.4.
CVE-2008-3511 1 Softbizscripts 1 Image Gallery Script 2026-04-06 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Image Gallery (Photo Gallery) allow remote attackers to inject arbitrary web script or HTML via the (1) latest parameter to (a) index.php, (b) images.php, (c) suggest_image.php, and (d) image_desc.php; and the (2) msg parameter to index.php, images.php, and suggest_image.php, and (e) index.php, (f) adminhome.php, (g) config.php, (h) changepassword.php, (i) cleanup.php, (j) browsecats.php, and (k) images.php in admin/. NOTE: the image_desc.php/msg vector is covered by CVE-2006-1660. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-2087 1 Softbizscripts 1 Web Hosting Directory Script 2026-04-06 N/A
SQL injection vulnerability in search_result.php in Softbiz Web Host Directory Script, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the host_id parameter, a different vector than CVE-2005-3817.
CVE-2008-1050 1 Softbizscripts 1 Jokes And Funny Pictures Script 2026-04-06 N/A
SQL injection vulnerability in index.php in Softbiz Jokes & Funny Pics Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter.
CVE-2007-6124 1 Softbizscripts 1 Freelancers Script 2026-04-06 N/A
Cross-site scripting (XSS) vulnerability in signin.php in Softbiz Freelancers Script 1 allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter.
CVE-2017-6052 1 Hyundai 1 Blue Link 2026-04-06 3.7 Low
A Man-in-the-Middle issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. Communication channel endpoints are not verified, which may allow a remote attacker to access or influence communications between the identified endpoints.
CVE-2017-6054 1 Hyundai 1 Blue Link 2026-04-06 7.5 High
A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. The application uses a hard-coded decryption password to protect sensitive user information.
CVE-2025-55618 1 Hyundai 1 Navigation 2026-04-06 7.3 High
In Hyundai Navigation App STD5W.EUR.HMC.230516.afa908d, an attacker can inject HTML payloads in the profile name field in navigation app which then get rendered.
CVE-2022-37418 3 Hyundai, Kia, Nissan 6 Hyundai, Hyundai Firmware, Kia and 3 more 2026-04-06 6.4 Medium
The Remote Keyless Entry (RKE) receiving unit on certain Nissan, Kia, and Hyundai vehicles through 2017 allows remote attackers to perform unlock operations and force a resynchronization after capturing two consecutive valid key fob signals over the radio, aka a RollBack attack. The attacker retains the ability to unlock indefinitely.
CVE-2026-27255 1 Adobe 2 Adobe Experience Manager, Experience Manager 2026-04-06 5.4 Medium
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2025-7398 1 Broadcom 1 Brocade Active Support Connectivity Gateway 2026-04-06 9.1 Critical
Brocade ASCG before 3.3.0 allows for the use of medium strength cryptography algorithms on internal ports ports 9000 and 8036.
CVE-2025-6391 1 Broadcom 1 Brocade Active Support Connectivity Gateway 2026-04-06 9.1 Critical
Brocade ASCG before 3.3.0 logs JSON Web Tokens (JWT) in log files. An attacker with access to the log files can withdraw the unencrypted tokens with security implications, such as unauthorized access, session hijacking, and information disclosure.
CVE-2024-1509 1 Broadcom 1 Brocade Active Support Connectivity Gateway 2026-04-06 9.1 Critical
Brocade ASCG before 3.2.0 Web Interface is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
CVE-2026-31890 2 Inspektor-gadget, Linuxfoundation 2 Inspektor-gadget, Inspektor Gadget 2026-04-06 5.5 Medium
Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. Prior to 0.50.1, in a situation where the ring-buffer of a gadget is – incidentally or maliciously – already full, the gadget will silently drop events. The include/gadget/buffer.h file contains definitions for the Buffer API that gadgets can use to, among the other things, transfer data from eBPF programs to userspace. For hosts running a modern enough Linux kernel (>= 5.8), this transfer mechanism is based on ring-buffers. The size of the ring-buffer for the gadgets is hard-coded to 256KB. When a gadget_reserve_buf fails because of insufficient space, the gadget silently cleans up without producing an alert. The lost count reported by the eBPF operator, when using ring-buffers – the modern choice – is hardcoded to zero. The vulnerability can be used by a malicious event source (e.g. a compromised container) to cause a Denial Of Service, forcing the system to drop events coming from other containers (or the same container). This vulnerability is fixed in 0.50.1.
CVE-2026-4181 2 D-link, Dlink 3 Dir-816, Dir-816, Dir-816 Firmware 2026-04-06 9.8 Critical
A security flaw has been discovered in D-Link DIR-816 1.10CNB05. This affects an unknown function of the file /goform/form2RepeaterStep2.cgi of the component goahead. The manipulation of the argument key1/key2/key3/key4/pskValue results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2001-0631 1 Opentext 1 Firstclass 2026-04-06 N/A
Centrinity First Class Internet Services 5.50 allows for the circumventing of the default 'spam' filters via the presence of '<@>' in the 'From:' field, which allows remote attackers to send spoofed email with the identity of local users.
CVE-2025-47268 2 Iputils, Redhat 2 Iputils, Enterprise Linux 2026-04-06 6.5 Medium
ping in iputils before 20250602 allows a denial of service (application error or incorrect data collection) via a crafted ICMP Echo Reply packet, because of a signed 64-bit integer overflow in timestamp multiplication.