Export limit exceeded: 12591 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (12591 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-24306 1 Microsoft 1 Azure Front Door 2026-04-16 9.8 Critical
Improper access control in Azure Front Door (AFD) allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-24304 1 Microsoft 1 Azure Resource Manager 2026-04-16 9.9 Critical
Improper access control in Azure Resource Manager allows an authorized attacker to elevate privileges over a network.
CVE-2026-20666 1 Apple 1 Macos 2026-04-16 5.5 Medium
An authorization issue was addressed with improved state management. This issue is fixed in macOS Tahoe 26.3. An app may be able to access sensitive user data.
CVE-2026-20603 1 Apple 1 Macos 2026-04-16 4.4 Medium
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Tahoe 26.3. An app with root privileges may be able to access private information.
CVE-2006-2380 1 Microsoft 1 Windows 2000 2026-04-16 N/A
Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability."
CVE-2004-2182 1 Macromedia 1 Jrun 2026-04-16 N/A
Session fixation vulnerability in Macromedia JRun 4.0 allows remote attackers to hijack user sessions by pre-setting the user session ID information used by the session server.
CVE-2001-0537 1 Cisco 1 Ios 2026-04-16 N/A
HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.
CVE-2002-0563 1 Oracle 4 Application Server, Application Server Web Cache, Oracle8i and 1 more 2026-04-16 N/A
The default configuration of Oracle 9i Application Server 1.0.2.x allows remote anonymous users to access sensitive services without authentication, including Dynamic Monitoring Services (1) dms0, (2) dms/DMSDump, (3) servlet/DMSDump, (4) servlet/Spy, (5) soap/servlet/Spy, and (6) dms/AggreSpy; and Oracle Java Process Manager (7) oprocmgr-status and (8) oprocmgr-service, which can be used to control Java processes.
CVE-2005-1920 3 Debian, Kde, Redhat 3 Debian Linux, Kde, Enterprise Linux 2026-04-16 7.5 High
The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through 3.4.0 do not properly set the same permissions on the backup file as were set on the original file, which could allow local users and possibly remote attackers to obtain sensitive information.
CVE-2005-1957 1 Adam Mmedici 1 File Upload Manager 2026-04-16 N/A
mtnpeak.net File Upload Manager does not properly check user authentication for certain actions, which allows remote attackers to provide a modified base64-encoded file parameter and (1) read arbitrary files via the "view" action or (2) delete arbitrary files via the del action.
CVE-2005-4851 1 Ez 1 Ez Publish 2026-04-16 N/A
eZ publish 3.4.4 through 3.7 before 20050722 applies certain permissions on the node level, which allows remote authenticated users to bypass the original permissions on embedded objects in XML fields and read these objects.
CVE-2006-4244 1 Sql-ledger 1 Sql-ledger 2026-04-16 N/A
SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-[username] cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value.
CVE-2006-3583 1 Jetbox 1 Jetbox Cms 2026-04-16 N/A
Session fixation vulnerability in Jetbox CMS 2.1 SR1 allows remote attackers to hijack web sessions via a crafted link and the administrator section.
CVE-2006-1228 1 Drupal 1 Drupal 2026-04-16 N/A
Session fixation vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to gain privileges by tricking a user to click on a URL that fixes the session identifier.
CVE-1999-0987 1 Microsoft 1 Windows Nt 2026-04-16 N/A
Windows NT does not properly download a system policy if the domain user logs into the domain with a space at the end of the domain name.
CVE-2002-2417 1 Acftp 1 Acftp 2026-04-16 N/A
acFTP 1.4 does not properly handle when an invalid password is provided by the user during authentication, which allows remote attackers to hide or misrepresent certain activity from log files and possibly gain privileges.
CVE-2005-3979 1 Coppermine-gallery 1 Coppermine Photo Gallery 2026-04-16 N/A
relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 beta is not removed after installation and does not use authentication, which allows remote attackers to obtain sensitive information, such as database configuration, via a direct request.
CVE-2002-2279 1 Aldap 1 Aldap 2026-04-16 N/A
Unspecified vulnerability in the bind function in config.inc of aldap 0.09 allows remote attackers to authenticate with Manager permissions.
CVE-2001-0195 1 Debian 1 Debian Linux 2026-04-16 7.8 High
sash before 3.4-4 in Debian GNU/Linux does not properly clone /etc/shadow, which makes it world-readable and could allow local users to gain privileges via password cracking.
CVE-1999-0680 1 Microsoft 1 Terminal Server 2026-04-16 N/A
Windows NT Terminal Server performs extra work when a client opens a new connection but before it is authenticated, allowing for a denial of service.