Export limit exceeded: 366508 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 366508 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366508 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-125126 1 Tecorange 1 Simple E-document 2026-07-15 N/A
An unrestricted file upload vulnerability exists in Simple E-Document versions 3.0 to 3.1 that allows an unauthenticated attacker to bypass authentication by sending a specific cookie header (access=3) with HTTP requests. The application’s upload mechanism fails to restrict file types and does not validate or sanitize user-supplied input, allowing attackers to upload malicious .php scripts. Authentication can be bypassed entirely by supplying a specially crafted cookie (access=3), granting access to the upload functionality without valid credentials. If file uploads are enabled on the server, the attacker can upload a web shell and gain remote code execution with the privileges of the web server user, potentially leading to full system compromise.
CVE-2013-10036 2 Beetel, Intel 2 Connection Manager, Connection Manager 2026-07-15 N/A
A stack-based buffer overflow vulnerability exists in Beetel Connection Manager version PCW_BTLINDV1.0.0B04 when parsing the UserName parameter in the NetConfig.ini configuration file. A crafted .ini file containing an overly long UserName value can overwrite the Structured Exception Handler (SEH), leading to arbitrary code execution when the application processes the file.
CVE-2012-10056 1 Shawn Bradley 1 Php Volunteer Management 2026-07-15 N/A
PHP Volunteer Management System v1.0.2 contains an arbitrary file upload vulnerability in its document upload functionality. Authenticated users can upload files to the mods/documents/uploads/ directory without any restriction on file type or extension. Because this directory is publicly accessible and lacks execution controls, attackers can upload a malicious PHP payload and execute it remotely. The application ships with default credentials, making exploitation trivial. Once authenticated, the attacker can upload a PHP shell and trigger it via a direct GET request.
CVE-2012-10055 2 Cerberusftp, Comsndftp 2 Ftp Server, Ftp Server 2026-07-15 N/A
ComSndFTP FTP Server version 1.3.7 Beta contains a format string vulnerability in its handling of the USER command. By sending a specially crafted username containing format specifiers, a remote attacker can overwrite a hardcoded function pointer in memory (specifically WSACleanup from Ws2_32.dll). This allows the attacker to redirect execution flow and bypass DEP protections using a ROP chain, ultimately leading to arbitrary code execution. The vulnerability is exploitable without authentication and affects default configurations.
CVE-2012-10026 3 Asset-manager, Hp, Wordpress 3 Asset-manager Wordpress Plugin, Asset Manager, Wordpress 2026-07-15 N/A
The WordPress plugin Asset-Manager version 2.0 and below contains an unauthenticated arbitrary file upload vulnerability in upload.php. The endpoint fails to properly validate and restrict uploaded file types, allowing remote attackers to upload malicious PHP scripts to a predictable temporary directory. Once uploaded, the attacker can execute the file via a direct HTTP GET request, resulting in remote code execution under the web server’s context.
CVE-2012-10024 2 Uberrider, Xbmc 2 Mediacenter, Xbmc 2026-07-15 N/A
XBMC version 11.0 contains a path traversal vulnerability in its embedded HTTP server. When accessed via HTTP Basic Authentication, the server fails to properly sanitize URI input, allowing authenticated users to request files outside the intended document root. An attacker can exploit this flaw to read arbitrary files from the host filesystem, including sensitive configuration or credential files.
CVE-2010-20107 1 Novell 1 Data Synchronizer 2026-07-15 N/A
A stack-based buffer overflow exists in FTP Synchronizer Professional <= v4.0.73.274. When the client connects to an FTP server and issues a LIST command—typically during sync preview or profile creation—the server’s response containing an overly long filename triggers a buffer overflow. This results in the corruption of the Structured Exception Handler (SEH), potentially allowing remote code execution.
CVE-2010-20042 1 Doryphores 1 Audio Player 2026-07-15 N/A
Xion Audio Player versions 1.0.126 and prior are vulnerable to a Unicode-based stack buffer overflow triggered by opening a specially crafted .m3u playlist file. The file contains an overly long string that overwrites the Structured Exception Handler (SEH) chain, allowing an attacker to hijack execution flow and run arbitrary code.
CVE-2009-10005 2 Contentkeeper Technologies, Sophos 2 Contentkeeper, Web Appliance 2026-07-15 N/A
ContentKeeper Web Appliance (now maintained by Impero Software) versions prior to 125.10 expose the mimencode binary via a CGI endpoint, allowing unauthenticated attackers to retrieve arbitrary files from the filesystem. By crafting a POST request to /cgi-bin/ck/mimencode with traversal and output parameters, attackers can read sensitive files such as /etc/passwd outside the webroot.
CVE-2026-57220 1 Rabbitmq 1 Rabbitmq-server 2026-07-15 7.5 High
RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, the RabbitMQ stream listener does not enforce the configured stream frame-size limit while assembling frames during authentication and before Tune negotiation, allowing an unauthenticated remote client to declare oversized frame lengths and consume broker memory in rabbit_stream_core. This issue is fixed in version 4.2.6.
CVE-2026-20744 1 Hydro-québec 1 Le Circuit Electrique Charging Station Backend 2026-07-15 9.8 Critical
The charging station websocket endpoint accepts connections without proper authentication, which could lead to privilege escalation.
CVE-2026-48914 1 Redhat 5 Enterprise Linux, Enterprise Linux For Nvidia 26, Enterprise Linux Nvidia and 2 more 2026-07-15 6.7 Medium
A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before writing data. A malicious guest with high privileges could exploit this vulnerability by submitting a malformed virtio-blk SCSI request, leading to an out-of-bounds write in the host heap memory and a potential denial of service (DoS) for the QEMU process.
CVE-2026-48353 2026-07-14 5.5 Medium
CAI Content Credentials is affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-48352 2026-07-14 7.5 High
CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CVE-2026-48298 2026-07-14 6.2 Medium
CAI Content Credentials is affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CVE-2026-48354 2026-07-14 6.2 Medium
CAI Content Credentials is affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CVE-2026-48302 2026-07-14 6.2 Medium
CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CVE-2026-48351 2026-07-14 7.5 High
CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CVE-2026-48312 2026-07-14 6.8 Medium
CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user interaction.
CVE-2026-48287 2026-07-14 7.4 High
CAI Content Credentials is affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.