Note:
This project will be discontinued after December 13, 2021. [more]
Main entries ~3682 :
Remaining NVD entries (unprocessed / no code available): ~296594 :
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2012-08-25 | CVE-2012-4668 | Cross-site scripting (XSS) vulnerability in Roundcube Webmail 0.8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the signature in an email. | Webmail | N/A | ||
| 2012-11-11 | CVE-2012-4573 | The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482. | Essex, Folsom, Image_registry_and_delivery_service_\(Glance\) | N/A | ||
| 2012-12-21 | CVE-2012-4565 | The tcp_illinois_info function in net/ipv4/tcp_illinois.c in the Linux kernel before 3.4.19, when the net.ipv4.tcp_congestion_control illinois setting is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) by reading TCP stats. | Linux_kernel | N/A | ||
| 2013-02-18 | CVE-2012-4530 | The load_script function in fs/binfmt_script.c in the Linux kernel before 3.7.2 does not properly handle recursion, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. | Linux_kernel | N/A | ||
| 2012-11-18 | CVE-2012-4520 | The django.http.HttpRequest.get_host function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host header values. | Django | N/A | ||
| 2012-12-21 | CVE-2012-4508 | Race condition in fs/ext4/extents.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from a deleted file by reading an extent that was not properly marked as uninitialized. | Linux_kernel | N/A | ||
| 2012-10-22 | CVE-2012-4506 | Directory traversal vulnerability in gitolite 3.x before 3.1, when wild card repositories and a pattern matching "../" are enabled, allows remote authenticated users to create arbitrary repositories and possibly perform other actions via a .. (dot dot) in a repository name. | Gitolite, Gitolite | N/A |
| Date | Id | Summary | Products | Score | Patch |
|---|---|---|---|---|---|
| 2025-07-11 | CVE-2025-53851 | Rejected reason: Not used | N/A | N/A | |
| 2025-07-11 | CVE-2025-53852 | Rejected reason: Not used | N/A | N/A | |
| 2025-07-11 | CVE-2025-7436 | A vulnerability was found in Campcodes Online Recruitment Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/ajax.php?action=delete_vacancy. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | N/A | 7.3 | |
| 2025-07-11 | CVE-2025-53850 | Rejected reason: Not used | N/A | N/A | |
| 2025-07-11 | CVE-2025-53848 | Rejected reason: Not used | N/A | N/A | |
| 2025-07-11 | CVE-2025-53849 | Rejected reason: Not used | N/A | N/A | |
| 2025-07-11 | CVE-2025-53864 | Connect2id Nimbus JOSE + JWT before 10.0.2 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because of uncontrolled recursion. NOTE: this is independent of the Gson 2.11.0 issue because the Connect2id product could have checked the JSON object nesting depth, regardless of what limits (if any) were imposed by Gson. | N/A | N/A |