Note:
This project will be discontinued after December 13, 2021. [more]
Main entries ~3682 :
Remaining NVD entries (unprocessed / no code available): ~295040 :
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2013-10-09 | CVE-2013-5576 | administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended access restrictions and upload files with dangerous extensions via a filename with a trailing . (dot), as exploited in the wild in August 2013. | Joomla\! | N/A | ||
| 2013-08-19 | CVE-2013-5313 | Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/update.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for requests that modify arbitrary user accounts via an edit user action. | Bigtree_cms | N/A | ||
| 2014-05-27 | CVE-2013-5036 | The Square Squash allows remote attackers to execute arbitrary code via a YAML document in the (1) namespace parameter to the deobfuscation function or (2) sourcemap parameter to the sourcemap function in app/controllers/api/v1_controller.rb. | Square_squash | N/A | ||
| 2013-08-19 | CVE-2013-5029 | phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php. | Opensuse, Phpmyadmin | N/A | ||
| 2013-10-26 | CVE-2013-4885 | The http-domino-enum-passwords.nse script in NMap before 6.40, when domino-enum-passwords.idpath is set, allows remote servers to upload "arbitrarily named" files via a crafted FullName parameter in a response, as demonstrated using directory traversal sequences. | Nmap, Opensuse | N/A | ||
| 2013-08-19 | CVE-2013-4881 | Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/create.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create an administrative user via an add user action to index.php. | Bigtree_cms | N/A | ||
| 2013-08-14 | CVE-2013-4880 | Cross-site scripting (XSS) vulnerability in core/admin/modules/developer/modules/views/add.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to inject arbitrary web script or HTML via the module parameter. | Bigtree_cms | N/A |
| Date | Id | Summary | Products | Score | Patch |
|---|---|---|---|---|---|
| 2025-07-06 | CVE-2025-38235 | In the Linux kernel, the following vulnerability has been resolved: HID: appletb-kbd: fix "appletb_backlight" backlight device reference counting During appletb_kbd_probe, probe attempts to get the backlight device by name. When this happens backlight_device_get_by_name looks for a device in the backlight class which has name "appletb_backlight" and upon finding a match it increments the reference count for the device and returns it to the caller. However this reference is never... | N/A | N/A | |
| 2025-07-06 | CVE-2025-7078 | A vulnerability classified as problematic was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.3.9. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is published under multiple names. The vendor was contacted early about this disclosure but did not respond in any way. | N/A | 4.3 | |
| 2025-07-06 | CVE-2025-7077 | A vulnerability classified as critical has been found in Shenzhen Libituo Technology LBT-T300-T310 up to 2.2.3.6. This affects the function config_3g_para of the file /appy.cgi. The manipulation of the argument username_3g/password_3g leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way. | N/A | 8.8 | |
| 2025-07-06 | CVE-2025-27446 | Incorrect Permission Assignment for Critical Resource vulnerability in Apache APISIX(java-plugin-runner). Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges. This issue affects Apache APISIX(java-plugin-runner): from 0.2.0 through 0.5.0. Users are recommended to upgrade to version 0.6.0 or higher, which fixes the issue. | N/A | N/A | |
| 2025-07-06 | CVE-2025-7076 | A vulnerability was found in BlackVue Dashcam 590X up to 20250624. It has been rated as critical. Affected by this issue is some unknown functionality of the file /upload.cgi of the component Configuration Handler. The manipulation leads to improper access controls. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | N/A | 5.4 | |
| 2025-07-06 | CVE-2025-7075 | A vulnerability was found in BlackVue Dashcam 590X up to 20250624. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /upload.cgi of the component HTTP Endpoint. The manipulation leads to unrestricted upload. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | N/A | 6.3 | |
| 2025-07-05 | CVE-2023-5361 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | N/A |