Note:
This project will be discontinued after December 13, 2021. [more]
Main entries ~3682 :
Remaining NVD entries (unprocessed / no code available): ~294287 :
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2014-11-24 | CVE-2012-6662 | Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo. | Jquery_ui, Enterprise_linux_desktop, Enterprise_linux_hpc_node, Enterprise_linux_server, Enterprise_linux_workstation | N/A | ||
| 2014-09-28 | CVE-2012-6657 | The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5.7 does not ensure that a keepalive action is associated with a stream socket, which allows local users to cause a denial of service (system crash) by leveraging the ability to create a raw socket. | Linux_kernel, Suse_linux_enterprise_server | N/A | ||
| 2014-05-26 | CVE-2012-6647 | The futex_wait_requeue_pi function in kernel/futex.c in the Linux kernel before 3.5.1 does not ensure that calls have two different futex addresses, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted FUTEX_WAIT_REQUEUE_PI command. | Linux_kernel | N/A | ||
| 2014-04-05 | CVE-2012-6640 | Cross-site scripting (XSS) vulnerability in Horde Internet Mail Program (IMP) before 5.0.22, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted SVG image attachment, a different vulnerability than CVE-2012-5565. | Groupware, Imp | N/A | ||
| 2014-02-15 | CVE-2012-6638 | The tcp_rcv_state_process function in net/ipv4/tcp_input.c in the Linux kernel before 3.2.24 allows remote attackers to cause a denial of service (kernel resource consumption) via a flood of SYN+FIN TCP packets, a different vulnerability than CVE-2012-2663. | Linux_kernel | N/A | ||
| 2014-01-16 | CVE-2012-6620 | Multiple cross-site scripting (XSS) vulnerabilities in the (1) tasks and (2) search views in Horde Kronolith H4 before 3.0.17 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Kronolith_h4 | N/A | ||
| 2013-11-23 | CVE-2012-6607 | The transform_save function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augsave file in a backup save action, a different vector than CVE-2012-0786. | Augeas | N/A |
| Date | Id | Summary | Products | Score | Patch |
|---|---|---|---|---|---|
| 2025-06-29 | CVE-2025-6844 | A vulnerability was found in code-projects Simple Forum 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /signin.php. The manipulation of the argument User leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | N/A | 7.3 | |
| 2025-06-29 | CVE-2025-6842 | A vulnerability was found in code-projects Product Inventory System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/edit_user.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | N/A | 4.7 | |
| 2025-06-29 | CVE-2025-6843 | A vulnerability was found in code-projects Simple Photo Gallery 1.0. It has been classified as critical. Affected is an unknown function of the file /upload-photo.php. The manipulation of the argument file_img leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | N/A | 7.3 | |
| 2025-06-29 | CVE-2025-6840 | A vulnerability, which was classified as critical, was found in code-projects Product Inventory System 1.0. This affects an unknown part of the file /index.php of the component Login. The manipulation of the argument Username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | N/A | 7.3 | |
| 2025-06-29 | CVE-2025-6841 | A vulnerability has been found in code-projects Product Inventory System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/edit_product.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | N/A | 4.7 | |
| 2025-06-29 | CVE-2025-6839 | A vulnerability, which was classified as critical, has been found in Conjure Position Department Service Quality Evaluation System up to 1.0.11. Affected by this issue is the function eval of the file public/assets/less/bootstrap-less/mixins/head.php. The manipulation of the argument payload leads to backdoor. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | N/A | 6.3 | |
| 2025-06-29 | CVE-2025-6836 | A vulnerability classified as critical has been found in code-projects Library System 1.0. Affected is an unknown function of the file /profile.php. The manipulation of the argument phone leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | N/A | 7.3 |