Note:
This project will be discontinued after December 13, 2021. [more]
Main entries ~3682 :
Remaining NVD entries (unprocessed / no code available): ~295093 :
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2014-05-26 | CVE-2012-6647 | The futex_wait_requeue_pi function in kernel/futex.c in the Linux kernel before 3.5.1 does not ensure that calls have two different futex addresses, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted FUTEX_WAIT_REQUEUE_PI command. | Linux_kernel | N/A | ||
| 2014-04-05 | CVE-2012-6640 | Cross-site scripting (XSS) vulnerability in Horde Internet Mail Program (IMP) before 5.0.22, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted SVG image attachment, a different vulnerability than CVE-2012-5565. | Groupware, Imp | N/A | ||
| 2014-02-15 | CVE-2012-6638 | The tcp_rcv_state_process function in net/ipv4/tcp_input.c in the Linux kernel before 3.2.24 allows remote attackers to cause a denial of service (kernel resource consumption) via a flood of SYN+FIN TCP packets, a different vulnerability than CVE-2012-2663. | Linux_kernel | N/A | ||
| 2014-01-16 | CVE-2012-6620 | Multiple cross-site scripting (XSS) vulnerabilities in the (1) tasks and (2) search views in Horde Kronolith H4 before 3.0.17 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Kronolith_h4 | N/A | ||
| 2013-11-23 | CVE-2012-6607 | The transform_save function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augsave file in a backup save action, a different vector than CVE-2012-0786. | Augeas | N/A | ||
| 2013-05-10 | CVE-2012-6552 | Unspecified vulnerability in admin/action.php in phpVMS 2.1.x before 2.1.935 has unknown impact and attack vectors. | Phpvms | N/A | ||
| 2013-04-02 | CVE-2012-6550 | Cross-site scripting (XSS) vulnerability in ZeroClipboard before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via "the clipText returned from the flash object," a different vulnerability than CVE-2013-1808. | Zeroclipboard | N/A |
| Date | Id | Summary | Products | Score | Patch |
|---|---|---|---|---|---|
| 2025-07-07 | CVE-2025-7110 | A vulnerability, which was classified as problematic, was found in Portabilis i-Educar 2.9.0. This affects an unknown part of the file /intranet/educar_escola_lst.php of the component School Module. The manipulation of the argument Escola leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | N/A | 3.5 | |
| 2025-07-07 | CVE-2025-7145 | ThreatSonar Anti-Ransomware developed by TeamT5 has an OS Command Injection vulnerability, allowing remote attackers with product platform intermediate privileges to inject arbitrary OS commands and execute them on the server, thereby gaining administrative access to the remote host. | N/A | 7.2 | |
| 2025-07-07 | CVE-2025-7109 | A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.9.0. Affected by this issue is some unknown functionality of the file /intranet/educar_aluno_beneficio_lst.php of the component Student Benefits Registration. The manipulation of the argument BenefĂcio leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not... | N/A | 3.5 | |
| 2025-07-07 | CVE-2025-7108 | A vulnerability classified as critical was found in risesoft-y9 Digital-Infrastructure up to 9.6.7. Affected by this vulnerability is the function deleteFile of the file /Digital-Infrastructure-9.6.7/y9-digitalbase-webapp/y9-module-filemanager/risenet-y9boot-webapp-filemanager/src/main/java/net/risesoft/y9public/controller/Y9FileController.java. The manipulation of the argument fullPath leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public... | N/A | 5.4 | |
| 2025-07-07 | CVE-2024-58117 | Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function. | N/A | N/A | |
| 2025-07-07 | CVE-2025-53167 | Authentication vulnerability in the distributed collaboration framework module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | N/A | N/A | |
| 2025-07-07 | CVE-2025-53168 | Vulnerability of bypassing the process to start SA and use related functions on distributed cameras Impact: Successful exploitation of this vulnerability may allow the peer device to use the camera without user awareness. | N/A | N/A |