Export limit exceeded: 365265 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 365265 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 35583 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 35583 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (35583 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-4625 3 Ati, Intel, Microsoft 3 Catalyst Driver, Display Adapter Driver, Internet Explorer 2026-04-16 N/A
Drivers for certain display adapters, including (1) an unspecified ATI driver and (2) an unspecified Intel driver, might allow remote attackers to cause a denial of service (system crash) via a large JPEG image, as demonstrated in Internet Explorer using stoopid.jpg with a width and height of 9999999.
CVE-2003-1525 1 My Photo Gallery 1 My Photo Gallery 2026-04-16 N/A
Unspecified vulnerability in My Photo Gallery 3.5, and possibly earlier versions, has unknown impact and attack vectors.
CVE-2005-3670 1 Hp 3 Hp-ux, Jetdirect 635n, Tru64 2026-04-16 N/A
Multiple unspecified vulnerabilities in the Internet Key Exchange version 1 (IKEv1) implementation in HP HP-UX B.11.00, B.11.11, and B.11.23 running IPSec, HP Jetdirect 635n IPv6/IPsec Print Server, and HP Tru64 UNIX 5.1B-3 and 5.1B-2/PK4, allow remote attackers to cause a denial of service via certain IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the HP advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to.
CVE-2005-0235 1 Opera 1 Opera Browser 2026-04-16 N/A
The International Domain Name (IDN) support in Opera 7.54 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
CVE-2005-3749 1 Ibm 1 Aix 2026-04-16 N/A
Unspecified "absolute path vulnerabilities" in the diagela command (diagela.sh) in IBM AIX 5.2 and 5.3 have unknown impact and attack vectors.
CVE-2001-0726 1 Microsoft 1 Exchange Server 2026-04-16 N/A
Outlook Web Access (OWA) in Microsoft Exchange 5.5 Server, when used with Internet Explorer, does not properly detect certain inline script, which can allow remote attackers to perform arbitrary actions on a user's Exchange mailbox via an HTML e-mail message.
CVE-2006-2218 1 Microsoft 2 Internet Explorer, Windows Xp 2026-04-16 N/A
Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via "exceptional conditions" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992.
CVE-2006-0218 1 Mybb 1 Mybb 2026-04-16 N/A
Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0.2 have unspecified impact and attack vectors, related to (1) admin/moderate.php, (2) admin/themes.php, (3) inc/functions.php, (4) inc/functions_upload.php, (5) printthread.php, and (6) usercp.php, and probably related to SQL injection. NOTE: it is likely that this issue subsumes CVE-2005-4602 and CVE-2005-4603. However, since the vendor advisory is vague and additional files are mentioned, is is likely that this contains at least one distinct vulnerability from CVE-2005-4602 and CVE-2005-4603.
CVE-2006-0289 1 Oracle 2 Application Server, E-business Suite 2026-04-16 N/A
Multiple unspecified vulnerabilities in Oracle Application Server 6.0.8.26(PS17) and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) REP05 and (2) REP06 in the Oracle Reports Developer component. NOTE: Oracle has not disputed reliable researcher claims that REP05 is the same as CVE-2005-2378 and REP06 is the same as CVE-2005-2371, both of which involve directory traversal.
CVE-2006-2945 1 Andreas Gohr 1 Dokuwiki 2026-04-16 N/A
Unspecified vulnerability in the user profile change functionality in DokuWiki, when Access Control Lists are enabled, allows remote authenticated users to read unauthorized files via unknown attack vectors.
CVE-2026-29111 2 Systemd, Systemd Project 2 Systemd, Systemd 2026-04-15 5.5 Medium
systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this is not possible as the safety check causes an assert instead. This IPC call was added in v239, so versions older than that are not affected. Versions 260-rc1, 259.2, 258.5, and 257.11 contain patches. No known workarounds are available.
CVE-2026-34456 1 Reviactyl 2 Panel, Reviactyl 2026-04-15 9.1 Critical
Reviactyl is an open-source game server management panel built using Laravel, React, FilamentPHP, Vite, and Go. From version 26.2.0-beta.1 to before version 26.2.0-beta.5, a vulnerability in the OAuth authentication flow allowed automatic linking of social accounts based solely on matching email addresses. An attacker could create or control a social account (e.g., Google, GitHub, Discord) using a victim’s email address and gain full access to the victim's account without knowing their password. This results in a full account takeover with no prior authentication required. This issue has been patched in version 26.2.0-beta.5.
CVE-2022-39177 3 Bluez, Canonical, Debian 3 Bluez, Ubuntu Linux, Debian Linux 2026-04-15 8.8 High
BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c.
CVE-2022-39176 3 Bluez, Canonical, Debian 3 Bluez, Ubuntu Linux, Debian Linux 2026-04-15 8.8 High
BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.
CVE-2019-12098 4 Debian, Fedoraproject, Heimdal Project and 1 more 5 Debian Linux, Fedora, Heimdal and 2 more 2026-04-15 7.4 High
In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c.
CVE-2026-20646 1 Apple 1 Macos 2026-04-15 3.3 Low
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.3. A malicious app may be able to read sensitive location information.
CVE-2026-20682 1 Apple 3 Ios And Ipados, Ipados, Iphone Os 2026-04-15 5.3 Medium
A logic issue was addressed with improved state management. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. An attacker may be able to discover a user’s deleted notes.
CVE-2026-20656 1 Apple 5 Ios And Ipados, Ipados, Iphone Os and 2 more 2026-04-15 3.3 Low
A logic issue was addressed with improved validation. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, macOS Tahoe 26.3. An app may be able to access a user's Safari history.
CVE-2026-20663 1 Apple 3 Ios And Ipados, Ipados, Iphone Os 2026-04-15 3.3 Low
The issue was resolved by sanitizing logging. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. An app may be able to enumerate a user's installed apps.
CVE-2026-20618 1 Apple 1 Macos 2026-04-15 5.5 Medium
An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Tahoe 26.3. An app may be able to access user-sensitive data.