Main entries ~3682 :
Date Id Summary Products Score Patch Annotated
2012-08-25 CVE-2012-4668 Cross-site scripting (XSS) vulnerability in Roundcube Webmail 0.8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the signature in an email. Webmail N/A
2012-11-11 CVE-2012-4573 The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482. Essex, Folsom, Image_registry_and_delivery_service_\(Glance\) N/A
2012-12-21 CVE-2012-4565 The tcp_illinois_info function in net/ipv4/tcp_illinois.c in the Linux kernel before 3.4.19, when the net.ipv4.tcp_congestion_control illinois setting is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) by reading TCP stats. Linux_kernel N/A
2013-02-18 CVE-2012-4530 The load_script function in fs/binfmt_script.c in the Linux kernel before 3.7.2 does not properly handle recursion, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. Linux_kernel N/A
2012-11-18 CVE-2012-4520 The django.http.HttpRequest.get_host function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host header values. Django N/A
2012-12-21 CVE-2012-4508 Race condition in fs/ext4/extents.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from a deleted file by reading an extent that was not properly marked as uninitialized. Linux_kernel N/A
2012-10-22 CVE-2012-4506 Directory traversal vulnerability in gitolite 3.x before 3.1, when wild card repositories and a pattern matching "../" are enabled, allows remote authenticated users to create arbitrary repositories and possibly perform other actions via a .. (dot dot) in a repository name. Gitolite, Gitolite N/A
Remaining NVD entries (unprocessed / no code available): ~296594 :
Date Id Summary Products Score Patch
2025-07-11 CVE-2025-53851 Rejected reason: Not used N/A N/A
2025-07-11 CVE-2025-53852 Rejected reason: Not used N/A N/A
2025-07-11 CVE-2025-7436 A vulnerability was found in Campcodes Online Recruitment Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/ajax.php?action=delete_vacancy. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. N/A 7.3
2025-07-11 CVE-2025-53850 Rejected reason: Not used N/A N/A
2025-07-11 CVE-2025-53848 Rejected reason: Not used N/A N/A
2025-07-11 CVE-2025-53849 Rejected reason: Not used N/A N/A
2025-07-11 CVE-2025-53864 Connect2id Nimbus JOSE + JWT before 10.0.2 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because of uncontrolled recursion. NOTE: this is independent of the Gson 2.11.0 issue because the Connect2id product could have checked the JSON object nesting depth, regardless of what limits (if any) were imposed by Gson. N/A N/A