CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2003-1341 The default installation of Trend Micro OfficeScan 3.0 through 3.54 and 5.x allows remote attackers to bypass authentication from cgiChkMasterPasswd.exe and gain access to the web management console v... | N/A | NONE | — | 0 |
| CVE-2003-1342 Trend Micro Virus Control System (TVCS) 1.8 running with IIS allows remote attackers to cause a denial of service (memory consumption) in IIS via multiple URL requests for ActiveSupport.exe. | N/A | NONE | — | 0 |
| CVE-2006-0541 Multiple cross-site scripting (XSS) vulnerabilities in Tachyon Vanilla Guestbook 1.0 beta allow remote attackers to inject arbitrary web script or HTML via unknown vectors related to "posting new mess... | N/A | NONE | — | 0 |
| CVE-2026-3991 Symantec Data Loss Prevention Windows Endpoint, prior to 25.1 MP1, 16.1 MP2, 16.0 RU2 HF9, 16.0 RU1 MP1 HF12, and 16.0 MP2 HF15, may be susceptible to a Elevation of Privilege vulnerability, which is ... | 7.8 | HIGH | — | 0 |
| CVE-2026-21710 A flaw in Node.js HTTP request handling causes an uncaught `TypeError` when a request is received with a header named `__proto__` and the application accesses `req.headersDistinct`. When this occur... | N/A | NONE | — | 0 |
| CVE-2026-21713 A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. U... | N/A | NONE | — | 0 |
| CVE-2026-21714 A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOW_UPDATE frames on stream 0 (connection-level) that cause the flow control window to exceed the maximum value of 2³¹-1. The serv... | N/A | NONE | — | 0 |
| CVE-2026-29925 Invoice Ninja v5.12.46 and v5.12.48 is vulnerable to Server-Side Request Forgery (SSRF) in CheckDatabaseRequest.php. | 7.7 | HIGH | — | 0 |
| CVE-2026-31804 Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the /pms_image_proxy endpoint accepts a user-supplied img parameter and forwards it to Plex Medi... | 4.0 | MEDIUM | — | 0 |
| CVE-2005-4848 Buffer overflow in the decompression algorithm in Research in Motion BlackBerry Enterprise Server 4.0 SP1 and earlier before 20050607 might allow remote attackers to execute arbitrary code via certain... | N/A | NONE | — | 0 |
| CVE-2024-50420 Unrestricted Upload of File with Dangerous Type vulnerability in aDirectory aDirectory adirectory allows Upload a Web Shell to a Web Server.This issue affects aDirectory: from n/a through <= 1.3. | 10.0 | CRITICAL | — | 0 |
| CVE-2026-21716 An incomplete fix for CVE-2024-36137 leaves `FileHandle.chmod()` and `FileHandle.chown()` in the promises API without the required permission checks, while their callback-based equivalents (`fs.fchmod... | N/A | NONE | — | 0 |
| CVE-2026-21717 A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such colli... | N/A | NONE | — | 0 |
| CVE-2026-28505 Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the str_eval() function in notification_handler.py implements a sandboxed eval() for notificatio... | 10.0 | CRITICAL | — | 0 |
| CVE-2003-1343 Trend Micro ScanMail for Exchange (SMEX) before 3.81 and before 6.1 might install a back door account in smg_Smxcfg30.exe, which allows remote attackers to gain access to the web management interface ... | N/A | NONE | — | 0 |
| CVE-2003-1344 Trend Micro Virus Control System (TVCS) Log Collector allows remote attackers to obtain usernames, encrypted passwords, and other sensitive information via a URL request for getservers.exe with the ac... | N/A | NONE | — | 0 |
| CVE-2003-1345 Directory traversal vulnerability in s.dll in WebCollection Plus 5.00 allows remote attackers to view arbitrary files in c:\ via a full pathname in the d parameter. | N/A | NONE | — | 0 |
| CVE-2003-1346 D-Link wireless access point DWL-900AP+ 2.2, 2.3 and possibly 2.5 allows remote attackers to set factory default settings by upgrading the firmware using AirPlus Access Point Manager. | N/A | NONE | — | 0 |
| CVE-2003-1347 Multiple cross-site scripting (XSS) vulnerabilities in Geeklog 1.3.7 allow remote attackers to inject arbitrary web script or HTML via the (1) cid parameter to comment.php, (2) uid parameter to profil... | N/A | NONE | — | 0 |
| CVE-2026-27599 CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to proper... | 4.7 | MEDIUM | — | 0 |
| CVE-2025-46504 Cross-Site Request Forgery (CSRF) vulnerability in Olar Marius Vasaio QR Code vasaio-qr-code allows Stored XSS.This issue affects Vasaio QR Code: from n/a through <= 1.2.5. | 7.1 | HIGH | — | 0 |
| CVE-2010-4622 Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1-TIV-AWS-FP0001 on AIX allows remote attackers to read arbitrary files via a %uff0e%uff0e (en... | N/A | NONE | — | 0 |
| CVE-2026-28228 OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. Prior to versions 19.1.31, 20.1.18, and 20.2.5, an authenticated user with the Author rol... | 8.8 | HIGH | — | 0 |
| CVE-2003-1348 Cross-site scripting (XSS) vulnerability in guestbook.cgi in ftls.org Guestbook 1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) name, or (3) title field. | N/A | NONE | — | 0 |
| CVE-2003-1349 Directory traversal vulnerability in NITE ftp-server (NiteServer) 1.83 allows remote attackers to list arbitrary directories via a "\.." (backslash dot dot) in the CD (CWD) command. | N/A | NONE | — | 0 |
| CVE-2003-1350 List Site Pro 2.0 allows remote attackers to hijack user accounts by inserting a "|" (pipe), which is used as a field delimiter, into the bannerurl field. | N/A | NONE | — | 0 |
| CVE-2003-1351 Directory traversal vulnerability in edittag.cgi in EditTag 1.1 allows remote attackers to read arbitrary files via a "%2F.." (encoded slash dot dot) in the file parameter. | N/A | NONE | — | 0 |
| CVE-2003-1352 Gabber 0.8.7 sends an email to a specific address during user login and logout, which allows remote attackers to obtain user session activity and Gabber version number by sniffing. | N/A | NONE | — | 0 |
| CVE-2003-1353 Multiple cross-site scripting (XSS) vulnerabilities in Outreach Project Tool (OPT) 0.946b allow remote attackers to inject arbitrary web script or HTML, as demonstrated using the news field. | N/A | NONE | — | 0 |
| CVE-2026-32696 NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In NanoMQ version 0.24.6, after enabling auth.http_auth (HTTP authentication), when a client connects to the broker using MQTT CON... | 3.1 | LOW | — | 0 |
| CVE-2026-32877 Botan is a C++ cryptography library. From version 2.3.0 to before version 3.11.0, during SM2 decryption, the code that checked the authentication code value (C3) failed to check that the encoded value... | 8.2 | HIGH | — | 0 |
| CVE-2003-1354 Multiple GameSpy 3D 2.62 compatible gaming servers generate very large UDP responses to small requests, which allows remote attackers to use the servers as an amplifier in DDoS attacks with spoofed UD... | N/A | NONE | — | 0 |
| CVE-2003-1355 Buffer overflow in the remote console (rcon) in Battlefield 1942 1.2 and 1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long user name and p... | N/A | NONE | — | 0 |
| CVE-2006-2997 Cross-site scripting (XSS) vulnerability in ZMS 2.9 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the raw parameter in the search fi... | N/A | NONE | — | 0 |
| CVE-2026-31946 OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. From version 10.5.4 to before version 20.2.5, OpenOLAT's OpenID Connect implicit flow imp... | 9.8 | CRITICAL | — | 0 |
| CVE-2003-1356 The "file handling" in sort in HP-UX 10.01 through 10.20, and 11.00 through 11.11 is "incorrect," which allows attackers to gain access or cause a denial of service via unknown vectors. | N/A | NONE | — | 0 |
| CVE-2003-1357 ProxyView has a default administrator password of Administrator for Embedded Windows NT, which allows remote attackers to gain access. | N/A | NONE | — | 0 |
| CVE-2003-1358 rs.F300 for HP-UX 10.0 through 11.22 uses the PATH environment variable to find and execute programs such as rm while operating at raised privileges, which allows local users to gain privileges by mod... | N/A | NONE | — | 0 |
| CVE-2003-1359 Buffer overflow in stmkfont utility of HP-UX 10.0 through 11.22 allows local users to gain privileges via a long command line argument. | N/A | NONE | — | 0 |
| CVE-2005-4849 Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function... | N/A | NONE | — | 0 |
| CVE-2003-1360 Buffer overflow in the setupterm function of (1) lanadmin and (2) landiag programs of HP-UX 10.0 through 10.34 allows local users to execute arbitrary code via a long TERM environment variable. | N/A | NONE | — | 0 |
| CVE-2003-1361 Unknown vulnerability in VERITAS Bare Metal Restore (BMR) of Tivoli Storage Manager (TSM) 3.1.0 through 3.2.1 allows remote attackers to gain root privileges on the BMR Main Server. | N/A | NONE | — | 0 |
| CVE-2003-1362 Bastille B.02.00.00 of HP-UX 11.00 and 11.11 does not properly configure the (1) NOVRFY and (2) NOEXPN options in the sendmail.cf file, which could allow remote attackers to verify the existence of sy... | N/A | NONE | — | 0 |
| CVE-2003-1363 The remote web management interface of Aprelium Technologies Abyss Web Server 1.1.2 and earlier does not log connection attempts to the web management port (9999), which allows remote attackers to mou... | N/A | NONE | — | 0 |
| CVE-2003-1364 Aprelium Technologies Abyss Web Server 1.1.2, and possibly other versions before 1.1.4, allows remote attackers to cause a denial of service (crash) via an HTTP GET message with empty (1) Connection o... | N/A | NONE | — | 0 |
| CVE-2003-1365 The escape_dangerous_chars function in CGI::Lite 2.0 and earlier does not correctly remove special characters including (1) "\" (backslash), (2) "?", (3) "~" (tilde), (4) "^" (carat), (5) newline, or ... | N/A | NONE | — | 0 |
| CVE-2003-1366 chpass in OpenBSD 2.0 through 3.2 allows local users to read portions of arbitrary files via a hard link attack on a temporary file used to store user database information. | N/A | NONE | — | 0 |
| CVE-2003-1367 The which_access variable for Majordomo 2.0 through 1.94.4, and possibly earlier versions, is set to "open" by default, which allows remote attackers to identify the email addresses of members of mail... | N/A | NONE | — | 0 |
| CVE-2003-1368 Buffer overflow in the 32bit FTP client 9.49.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP server banner. | N/A | NONE | — | 0 |
| CVE-2003-1369 Buffer overflow in ByteCatcher FTP client 1.04b allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP server banner. | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.