Search Results (5495 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-2682 1 Realm Project 1 Realm Cms 2026-04-23 N/A
_RealmAdmin/login.asp in Realm CMS 2.3 and earlier allows remote attackers to bypass authentication and access admin pages via certain modified cookies, probably including (1) cUserRole, (2) cUserName, and (3) cUserID.
CVE-2008-2707 2 Intel, Sun 4 Network Interface Controller, Opensolaris, Solaris and 1 more 2026-04-23 N/A
Unspecified vulnerability in the e1000g driver in Sun Solaris 10 and OpenSolaris before snv_93 allows remote attackers to cause a denial of service (network connectivity loss) via unknown vectors.
CVE-2008-2717 2 Apache, Typo3 2 Apache Webserver, Typo3 2026-04-23 N/A
TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
CVE-2008-2722 1 Menalto 1 Gallery 2026-04-23 N/A
Menalto Gallery before 2.2.5 allows remote attackers to bypass permissions for sub-albums via a ZIP archive.
CVE-2008-2724 1 Menalto 1 Gallery 2026-04-23 N/A
Menalto Gallery before 2.2.5 does not enforce permissions for non-album items that have been protected by a password, which might allow remote attackers to bypass intended access restrictions.
CVE-2008-2771 1 Drupal 2 Drupal, Node Hierarchy Module 2026-04-23 N/A
The Node Hierarchy module 5.x before 5.x-1.1 and 6.x before 6.x-1.0 for Drupal does not properly implement access checks, which allows remote attackers with "access content" permissions to bypass restrictions and modify the node hierarchy via unspecified attack vectors.
CVE-2008-2784 1 Spamdyke 1 Spamdyke 2026-04-23 N/A
The smtp_filter function in spamdyke before 3.1.8 does not filter RCPT commands after encountering the first DATA command, which allows remote attackers to use the server as an open mail relay by sending RCPT commands with invalid recipients, followed by a DATA command, followed by arbitrary RCPT commands and a second DATA command.
CVE-2008-2794 1 Symantec 1 Altiris Notification Server 2026-04-23 N/A
Unspecified vulnerability in the GUI in Symantec Altiris Notification Server Agent 6.x before 6.0 SP3 R8 allows local users to gain privileges via unknown attack vectors.
CVE-2008-2802 2 Mozilla, Redhat 4 Firefox, Seamonkey, Thunderbird and 1 more 2026-04-23 N/A
Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to execute arbitrary code via an XUL document that includes a script from a chrome: URI that points to a fastload file, related to this file's "privilege level."
CVE-2026-6224 1 Nocobase 1 Plugin-workflow-javascript 2026-04-22 7.3 High
A security flaw has been discovered in nocobase plugin-workflow-javascript up to 2.0.23. This issue affects the function createSafeConsole of the file packages/plugins/@nocobase/plugin-workflow-javascript/src/server/Vm.js. Performing a manipulation results in sandbox issue. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2015-1769 1 Microsoft 9 Windows 10, Windows 7, Windows 8 and 6 more 2026-04-22 6.6 Medium
Mount Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 mishandles symlinks, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Mount Manager Elevation of Privilege Vulnerability."
CVE-2016-3643 1 Solarwinds 1 Virtualization Manager 2026-04-21 7.8 High
SolarWinds Virtualization Manager 6.3.1 and earlier allow local users to gain privileges by leveraging a misconfiguration of sudo, as demonstrated by "sudo cat /etc/passwd."
CVE-2026-24920 1 Huawei 2 Emui, Harmonyos 2026-04-18 6.2 Medium
Permission control vulnerability in the AMS module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-24923 1 Huawei 1 Harmonyos 2026-04-17 6.3 Medium
Permission control vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-24931 1 Huawei 1 Harmonyos 2026-04-17 5.9 Medium
Vulnerability of improper criterion security check in the card module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-24924 1 Huawei 1 Harmonyos 2026-04-17 6.1 Medium
Vulnerability of improper permission control in the print module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-3063 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2026-04-17 8.8 High
Inappropriate implementation in DevTools in Google Chrome prior to 145.0.7632.116 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via DevTools. (Chromium security severity: High)
CVE-2026-28541 1 Huawei 1 Harmonyos 2026-04-16 4 Medium
Permission control vulnerability in the cellular_data module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2002-2324 1 Microsoft 1 Windows Xp 2026-04-16 N/A
The "System Restore" directory and subdirectories, and possibly other subdirectories in the "System Volume Information" directory on Windows XP Professional, have insecure access control list (ACL) permissions, which allows local users to access restricted files and modify registry settings.
CVE-2006-1726 1 Mozilla 3 Firefox, Seamonkey, Thunderbird 2026-04-16 N/A
Unspecified vulnerability in Firefox and Thunderbird 1.5 before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to bypass the js_ValueToFunctionObject check and execute arbitrary code via unknown vectors involving setTimeout and Firefox' ForEach method.