Note:
This project will be discontinued after December 13, 2021. [more]
Main entries ~3682 :
Remaining NVD entries (unprocessed / no code available): ~296728 :
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2013-04-02 | CVE-2012-6119 | Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests. | Candlepin, Subscription_asset_manager | N/A | ||
| 2013-03-01 | CVE-2012-6116 | modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file. | Katello, Katello\-Configure | N/A | ||
| 2013-01-27 | CVE-2012-6112 | classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote attackers to trigger arbitrary outbound HTTP requests via a crafted string. | Moodle, Spellchecker_php | N/A | ||
| 2013-03-01 | CVE-2012-6109 | lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header. | Rack | N/A | ||
| 2013-01-01 | CVE-2012-6084 | modules/m_capab.c in (1) ircd-ratbox before 3.0.8 and (2) Charybdis before 3.4.2 does not properly support capability negotiation during server handshakes, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed request. | Ircd\-Ratbox, Ircd\-Ratbox | N/A | ||
| 2012-11-04 | CVE-2012-5787 | The PayPal merchant SDK does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | Merchant_sdk | N/A | ||
| 2013-01-03 | CVE-2012-5666 | Cross-site scripting (XSS) vulnerability in bookmarks/js/bookmarks.js in ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to apps/bookmark/index.php. | Owncloud | N/A |
| Date | Id | Summary | Products | Score | Patch |
|---|---|---|---|---|---|
| 2025-07-12 | CVE-2025-7470 | A vulnerability was found in Campcodes Sales and Inventory System 1.0. It has been classified as critical. Affected is an unknown function of the file /pages/product_add.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | N/A | 7.3 | |
| 2025-07-12 | CVE-2025-7469 | A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. This issue affects some unknown processing of the file /pages/product_add.php. The manipulation of the argument prod_name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | N/A | 7.3 | |
| 2025-07-12 | CVE-2020-36847 | The Simple-File-List Plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.2.2 via the rename function which can be used to rename uploaded PHP code with a png extension to use a php extension. This allows unauthenticated attackers to execute code on the server. | N/A | 9.8 | |
| 2025-07-12 | CVE-2025-7518 | The RSFirewall! plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.1.42 via the get_local_filename() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. | N/A | 4.9 | |
| 2025-07-12 | CVE-2025-7468 | A vulnerability has been found in Tenda FH1201 1.2.0.14 and classified as critical. This vulnerability affects the function fromSafeUrlFilter of the file /goform/fromSafeUrlFilter of the component HTTP POST Request Handler. The manipulation of the argument page leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | N/A | 8.8 | |
| 2025-07-12 | CVE-2025-7467 | A vulnerability, which was classified as critical, was found in code-projects Modern Bag 1.0. This affects an unknown part of the file /product-detail.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | N/A | 7.3 | |
| 2025-07-12 | CVE-2025-7504 | The Friends plugin for WordPress is vulnerable to PHP Object Injection in version 3.5.1 via deserialization of untrusted input of the query_vars parameter This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an... | N/A | 7.5 |