Note:
This project will be discontinued after December 13, 2021. [more]
Main entries ~3682 :
Remaining NVD entries (unprocessed / no code available): ~294368 :
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2012-05-17 | CVE-2012-2319 | Multiple buffer overflows in the hfsplus filesystem implementation in the Linux kernel before 3.3.5 allow local users to gain privileges via a crafted HFS plus filesystem, a related issue to CVE-2009-4020. | Linux_kernel | N/A | ||
| 2012-06-13 | CVE-2012-2313 | The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel before 3.3.7 does not restrict access to the SIOCSMIIREG command, which allows local users to write data to an Ethernet adapter via an ioctl call. | Linux_kernel, Suse_linux_enterprise_server, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_long_life, Enterprise_linux_server_aus, Enterprise_linux_server_eus | N/A | ||
| 2012-06-05 | CVE-2012-2144 | Session fixation vulnerability in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie. | Horizon | N/A | ||
| 2012-07-18 | CVE-2012-2140 | The Mail gem before 2.4.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) sendmail or (2) exim delivery. | Mail_gem | N/A | ||
| 2012-07-18 | CVE-2012-2139 | Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a .. (dot dot) in the to parameter. | Mail_gem | N/A | ||
| 2012-08-09 | CVE-2012-2136 | The sock_alloc_send_pskb function in net/core/sock.c in the Linux kernel before 3.4.5 does not properly validate a certain length value, which allows local users to cause a denial of service (heap-based buffer overflow and system crash) or possibly gain privileges by leveraging access to a TUN/TAP device. | Linux_kernel | N/A | ||
| 2012-07-03 | CVE-2012-2133 | Use-after-free vulnerability in the Linux kernel before 3.3.6, when huge pages are enabled, allows local users to cause a denial of service (system crash) or possibly gain privileges by interacting with a hugetlbfs filesystem, as demonstrated by a umount operation that triggers improper handling of quota data. | Linux_kernel | N/A |
| Date | Id | Summary | Products | Score | Patch |
|---|---|---|---|---|---|
| 2025-06-30 | CVE-2025-6904 | A vulnerability was found in code-projects Car Rental System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/add_cars.php. The manipulation of the argument car_name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | N/A | 7.3 | |
| 2025-06-30 | CVE-2025-40710 | Host Header Injection (HHI) vulnerability in the Hotspot Shield VPN client, which can induce unexpected behaviour when accessing third-party web applications through the VPN tunnel. Although such applications do not present this vulnerability per se, the use of the tunnel, together with a forged Host header, can cause the VPN client to redirect or forward HTTP requests to servers other than those originally intended, leading to consequences such as open redirects or delivery of traffic to... | N/A | N/A | |
| 2025-06-30 | CVE-2025-6903 | A vulnerability was found in code-projects Car Rental System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/approve.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | N/A | 7.3 | |
| 2025-06-30 | CVE-2024-8419 | The endpoint hosts a script that allows an unauthorized remote attacker to put the system in a fail-safe state over the network due to missing authentication. | N/A | 7.5 | |
| 2025-06-30 | CVE-2025-41439 | A reflected cross-site scripting vulnerability via a specific parameter exists in SLNX Help Documentation of RICOH Streamline NX. If this vulnerability is exploited, an arbitrary script may be executed in the web browser of the user who accessed the product. | N/A | N/A | |
| 2025-06-30 | CVE-2025-6901 | A vulnerability was found in code-projects Inventory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /php_action/removeUser.php. The manipulation of the argument userid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | N/A | 7.3 | |
| 2025-06-30 | CVE-2025-53416 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | N/A |