Note:
This project will be discontinued after December 13, 2021. [more]
Main entries ~3682 :
Remaining NVD entries (unprocessed / no code available): ~294760 :
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2012-05-17 | CVE-2012-1090 | The cifs_lookup function in fs/cifs/dir.c in the Linux kernel before 3.2.10 allows local users to cause a denial of service (OOPS) via attempted access to a special file, as demonstrated by a FIFO. | Linux_kernel, Enterprise_mrg, Linux_enterprise_desktop, Linux_enterprise_high_availability_extension, Linux_enterprise_server | N/A | ||
| 2012-02-13 | CVE-2012-1059 | Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Cart/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the value_title parameter, as demonstrated using the "Front" field in the shirt module. | Online_merchant | N/A | ||
| 2013-03-05 | CVE-2012-1016 | The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 attempts to find an agility KDF identifier in inappropriate circumstances, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted Draft 9 request. | Kerberos_5 | N/A | ||
| 2012-06-07 | CVE-2012-1013 | The check_1_6_dummy function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x, and 1.10.x before 1.10.2 allows remote authenticated administrators to cause a denial of service (NULL pointer dereference and daemon crash) via a KRB5_KDB_DISALLOW_ALL_TIX create request that lacks a password. | Kerberos_5 | N/A | ||
| 2012-02-02 | CVE-2012-0976 | Cross-site scripting (XSS) vulnerability in admin/EditForm in SilverStripe 2.4.6 allows remote authenticated users with Content Authors privileges to inject arbitrary web script or HTML via the Title parameter. NOTE: some of these details are obtained from third party information. | Silverstripe | N/A | ||
| 2012-09-25 | CVE-2012-0974 | Multiple cross-site scripting (XSS) vulnerabilities in the getParam function in oc-includes/osclass/core/Params.php in OSClass before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via the (1) sCity, (2) sPattern, (3) sPriceMax, and (4) sPriceMin parameters in a search action to index.php. | Osclass | N/A | ||
| 2012-09-06 | CVE-2012-1108 | The parse function in ogg/xiphcomment.cpp in TagLib 1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted vendorLength field in an ogg file. | Taglib | N/A |
| Date | Id | Summary | Products | Score | Patch |
|---|---|---|---|---|---|
| 2025-07-03 | CVE-2025-45809 | BerriAI litellm v1.65.4 was discovered to contain a SQL injection vulnerability via the /key/block endpoint. | N/A | N/A | |
| 2025-07-03 | CVE-2025-23968 | Unrestricted Upload of File with Dangerous Type vulnerability in WPCenter AiBud WP allows Upload a Web Shell to a Web Server.This issue affects AiBud WP: from n/a through 1.8.5. | N/A | N/A | |
| 2025-07-03 | CVE-2025-48939 | tarteaucitron.js is a compliant and accessible cookie banner. Prior to version 1.22.0, a vulnerability was identified in tarteaucitron.js where document.currentScript was accessed without verifying that it referenced an actual <script> element. If an attacker injected an HTML element, it could clobber the document.currentScript property. This causes the script to resolve incorrectly to an element instead of the <script> tag, leading to unexpected behavior or failure to load the script path... | N/A | N/A | |
| 2025-07-03 | CVE-2025-49846 | wire-ios is an iOS client for the Wire secure messaging application. From Wire iOS 3.111.1 to before 3.124.1, messages that were visible in the view port have been logged to the iOS system logs in clear text. Wire application logs created and managed by the application itself were not affected, especially not the logs users can export and send to Wire support. The iOS logs can only be accessed if someone had (physical) access to the underlying unlocked device. The issue manifested itself by... | N/A | N/A | |
| 2025-07-03 | CVE-2025-53489 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - GoogleDocs4MW Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - GoogleDocs4MW Extension: from 1.42.X before 1.42.7, from 1.43.X before 1.43.2. | N/A | N/A | |
| 2025-07-03 | CVE-2025-53500 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - MassEditRegex Extension allows Stored XSS.This issue affects Mediawiki - MassEditRegex Extension: from 1.39.X before 1.39.12, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2. | N/A | N/A | |
| 2025-07-03 | CVE-2025-53501 | Improper Access Control vulnerability in Wikimedia Foundation Mediawiki - Scribunto Extension allows : Accessing Functionality Not Properly Constrained by Authorization.This issue affects Mediawiki - Scribunto Extension: from 1.39.X before 1.39.12, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2. | N/A | N/A |