Note:
This project will be discontinued after December 13, 2021. [more]
Main entries ~3682 :
Remaining NVD entries (unprocessed / no code available): ~294597 :
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2013-08-14 | CVE-2013-2126 | Multiple double free vulnerabilities in the LibRaw::unpack function in libraw_cxx.cpp in LibRaw before 0.15.2 allow context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed full-color (1) Foveon or (2) sRAW image file. | Ubuntu_linux, Libraw, Opensuse | N/A | ||
| 2014-05-27 | CVE-2013-2124 | Double free vulnerability in inspect-fs.c in LibguestFS 1.20.x before 1.20.7, 1.21.x, 1.22.0, and 1.23.0 allows remote attackers to cause a denial of service (crash) via empty guest files. | Libguestfs | N/A | ||
| 2013-05-14 | CVE-2013-2094 | The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call. | Linux_kernel | N/A | ||
| 2013-11-18 | CVE-2013-2061 | The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher. | Opensuse, Openvpn, Openvpn_access_server | N/A | ||
| 2013-11-04 | CVE-2013-2058 | The host_start function in drivers/usb/chipidea/host.c in the Linux kernel before 3.7.4 does not properly support a certain non-streaming option, which allows local users to cause a denial of service (system crash) by sending a large amount of network traffic through a USB/Ethernet adapter. | Linux_kernel | N/A | ||
| 2013-08-28 | CVE-2013-2035 | Race condition in hawtjni-runtime/src/main/java/org/fusesource/hawtjni/runtime/Library.java in HawtJNI before 1.8, when a custom library path is not specified, allows local users to execute arbitrary Java code by overwriting a temporary JAR file with a predictable name in /tmp. | Hawtjni | N/A | ||
| 2014-04-25 | CVE-2013-2025 | Cross-site scripting (XSS) vulnerability in Ushahidi Platform 2.5.x through 2.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Ushahidi_platform | N/A |
| Date | Id | Summary | Products | Score | Patch |
|---|---|---|---|---|---|
| 2025-07-02 | CVE-2025-49713 | Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | N/A | 8.8 | |
| 2025-07-02 | CVE-2025-45813 | ENENSYS IPGuard v2 2.10.0 was discovered to contain hardcoded credentials. | N/A | N/A | |
| 2025-07-02 | CVE-2025-20307 | A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform could allow an authenticated, remote attacker to to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful... | N/A | 4.8 | |
| 2025-07-02 | CVE-2025-20309 | A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. This vulnerability is due to the presence of static user credentials for the root account that are reserved for use during development. An attacker could exploit... | N/A | 10.0 | |
| 2025-07-02 | CVE-2025-45424 | Incorrect access control in Xinference before v1.4.0 allows attackers to access the Web GUI without authentication. | N/A | N/A | |
| 2025-07-02 | CVE-2025-45814 | Missing authentication checks in the query.fcgi endpoint of NS3000 v8.1.1.125110 , v7.2.8.124852 , and v7.x and NS2000 v7.02.08 allows attackers to execute a session hijacking attack. | N/A | N/A | |
| 2025-07-02 | CVE-2025-52841 | Cross-Site Request Forgery (CSRF) vulnerability in Laundry on Linux, MacOS allows to perform an Account Takeover. This issue affects Laundry: 2.3.0. | N/A | N/A |