Export limit exceeded: 26448 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (26448 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-4616 2 The Spanner, Wordpress 2 Spambam Plugin, Spambam Plugin 2026-04-23 N/A
The SpamBam plugin for WordPress allows remote attackers to bypass restrictions and add blog comments by using server-supplied values to calculate a shared key.
CVE-2008-4618 2 Linux, Redhat 2 Linux Kernel, Enterprise Mrg 2026-04-23 N/A
The Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.27 does not properly handle a protocol violation in which a parameter has an invalid length, which allows attackers to cause a denial of service (panic) via unspecified vectors, related to sctp_sf_violation_paramlen, sctp_sf_abort_violation, sctp_make_abort_violation, and incorrect data types in function calls.
CVE-2008-4635 2 Hisanaga Electric Co, Xoops 2 Hisa Cart, Xoops 2026-04-23 N/A
Unspecified vulnerability in Hisanaga Electric Co, Ltd. hisa_cart 1.29 and earlier, a module for XOOPS, allows remote attackers to obtain sensitive user information via unknown vectors.
CVE-2008-4638 1 Symantec 1 Veritas File System 2026-04-23 N/A
qioadmin in the Quick I/O for Database feature in Symantec Veritas File System (VxFS) on HP-UX, and before 5.0 MP3 on Solaris, Linux, and AIX, allows local users to read arbitrary files by causing qioadmin to write a file's content to standard error in an error message.
CVE-2008-4640 1 Sentex 1 Jhead 2026-04-23 N/A
The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename in which (1) a final "z" character is replaced by a "t" character or (2) a final "t" character is replaced by a "z" character.
CVE-2008-4641 1 Sentex 1 Jhead 2026-04-23 N/A
The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input.
CVE-2008-4681 2 Redhat, Wireshark 2 Enterprise Linux, Wireshark 2026-04-23 N/A
Unspecified vulnerability in the Bluetooth RFCOMM dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via unknown packets.
CVE-2008-4682 2 Redhat, Wireshark 2 Enterprise Linux, Wireshark 2026-04-23 N/A
wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application abort) via a malformed Tamos CommView capture file (aka .ncf file) with an "unknown/unexpected packet type" that triggers a failed assertion.
CVE-2008-4688 1 Mantis 1 Mantis 2026-04-23 N/A
core/string_api.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote attackers to discover an issue's title and status via a request with a modified issue number.
CVE-2008-4693 1 Ibm 1 Db2 2026-04-23 N/A
The SORT/LIST SERVICES component in IBM DB2 9.1 before FP6 and 9.5 before FP2 writes sensitive information to the trace output, which allows attackers to obtain sensitive information by reading "PASSWORD-RELATED CONNECTION STRING KEYWORD VALUES."
CVE-2008-4695 1 Opera 1 Opera 2026-04-23 N/A
Opera before 9.60 allows remote attackers to obtain sensitive information and have unspecified other impact by predicting the cache pathname of a cached Java applet and then launching this applet from the cache, leading to applet execution within the local-machine context.
CVE-2025-34123 1 Videocharge 1 Videocharge Studio 2026-04-22 N/A
A stack-based buffer overflow vulnerability exists in VideoCharge Studio 2.12.3.685 when processing a specially crafted .VSC configuration file. The issue occurs due to improper handling of user-supplied data in the XML 'Name' attribute, leading to an SEH overwrite condition. An attacker can exploit this vulnerability by convincing a user to open a malicious .VSC file, resulting in arbitrary code execution under the context of the user.
CVE-2025-10744 2 Softdiscover, Wordpress 2 File Manager Code Editor And Backup, Wordpress 2026-04-22 5.9 Medium
The File Manager, Code Editor, and Backup by Managefy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.1 through publicly exposed log files. This makes it possible for unauthenticated attackers to view information like full paths and full paths to backup files information contained in the exposed log files.
CVE-2025-11760 2 Wordpress, Wpcenter 2 Wordpress, Eroom 2026-04-22 5.3 Medium
The eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams plugin for WordPress is vulnerable to exposure of sensitive information in all versions up to, and including, 1.5.6. This is due to the plugin exposing Zoom SDK secret keys in client-side JavaScript within the meeting view template. This makes it possible for unauthenticated attackers to extract the sdk_secret value, which should remain server-side, compromising the security of the Zoom integration and allowing attackers to generate valid JWT signatures for unauthorized meeting access.
CVE-2025-43458 1 Apple 7 Ios, Ipados, Iphone Os and 4 more 2026-04-22 4.3 Medium
This issue was addressed through improved state management. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43443 1 Apple 7 Ios, Ipados, Iphone Os and 4 more 2026-04-22 4.3 Medium
This issue was addressed with improved checks. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43480 1 Apple 7 Ios, Ipados, Iphone Os and 4 more 2026-04-22 8.1 High
The issue was addressed with improved checks. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A malicious website may exfiltrate data cross-origin.
CVE-2025-43479 1 Apple 3 Macos, Macos Sequoia, Macos Sonoma 2026-04-22 5.5 Medium
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to access sensitive user data.
CVE-2025-43495 1 Apple 4 Ios, Ipad Os, Ipados and 1 more 2026-04-22 5.4 Medium
The issue was addressed with improved checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1. An app may be able to monitor keystrokes without user permission.
CVE-2025-43460 1 Apple 3 Ios, Ipados, Iphone Os 2026-04-22 4.6 Medium
A logic issue was addressed with improved checks. This issue is fixed in iOS 26.1 and iPadOS 26.1. An attacker with physical access to a locked device may be able to view sensitive user information.