Export limit exceeded: 352610 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (352610 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-66335 | 1 Apache | 1 Doris Mcp Server | 2026-04-22 | 5.3 Medium |
| Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended SQL statements and bypass of intended query validation and access restrictions through the MCP query execution interface. Version 0.6.1 and later are not affected. | ||||
| CVE-2026-5358 | 1 The Gnu C Library | 1 Glibc | 2026-04-22 | 8.2 High |
| REJECTED: CVE-2026-5358 is rejected for two reasons. Firstly it has been discovered that no NIS+ client or server was ever released for any Linux-based OS distributions and as such this makes the API provisional and unused. Secondly it has been discovered that the NIS+ cold start cache (/var/nis/NIS_COLD_START) cannot be bypassed and as such the API can only be called with a trusted server from the pre-populated cache. The use of a trusted server means no trust boundary is crossed and this is therefore considered a normal bug. | ||||
| CVE-2010-5326 | 1 Sap | 1 Netweaver Application Server Java | 2026-04-22 | 10 Critical |
| The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, which allows remote attackers to execute arbitrary code via an HTTP or HTTPS request, as exploited in the wild in 2013 through 2016, aka a "Detour" attack. | ||||
| CVE-2014-125120 | 2026-04-22 | N/A | ||
| This CVE has the been REJECTED and will not be published by the CNA. | ||||
| CVE-2013-10056 | 2026-04-22 | N/A | ||
| This CVE has the been REJECTED and will not be published by the CNA. | ||||
| CVE-2013-10045 | 2026-04-22 | N/A | ||
| This CVE has the been REJECTED and will not be published by the CNA. | ||||
| CVE-2013-10041 | 2026-04-22 | N/A | ||
| This CVE has the been REJECTED and will not be published by the CNA. | ||||
| CVE-2011-10031 | 2026-04-22 | N/A | ||
| This CVE has the been REJECTED and will not be published by the CNA. | ||||
| CVE-2010-20124 | 2026-04-22 | N/A | ||
| This CVE has the been REJECTED and will not be published by the CNA. | ||||
| CVE-2010-20118 | 2026-04-22 | N/A | ||
| This CVE has the been REJECTED and will not be published by the CNA. | ||||
| CVE-2010-20117 | 2026-04-22 | N/A | ||
| This CVE has the been REJECTED and will not be published by the CNA. | ||||
| CVE-2010-20116 | 2026-04-22 | N/A | ||
| This CVE has the been REJECTED and will not be published by the CNA. | ||||
| CVE-2010-20110 | 2026-04-22 | N/A | ||
| This CVE has the been REJECTED and will not be published by the CNA. | ||||
| CVE-2009-20012 | 2026-04-22 | N/A | ||
| This CVE has the been REJECTED and will not be published by the CNA. | ||||
| CVE-2008-20003 | 2026-04-22 | N/A | ||
| This CVE has the been REJECTED and will not be published by the CNA. | ||||
| CVE-2008-20002 | 2026-04-22 | N/A | ||
| This CVE has the been REJECTED and will not be published by the CNA. | ||||
| CVE-2005-20001 | 2026-04-22 | N/A | ||
| This CVE has the been REJECTED and will not be published by the CNA. | ||||
| CVE-2000-5001 | 2026-04-22 | N/A | ||
| This CVE has the been REJECTED and will not be published by the CNA. | ||||
| CVE-2026-33558 | 1 Apache | 2 Kafka, Kafka Clients | 2026-04-22 | 5.3 Medium |
| Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and responses information in the DEBUG log level in the logs. By default, the log level is set to INFO level. If the DEBUG level is enabled, the sensitive information will be exposed via the requests and responses output log. The entire lists of impacted requests and responses are: * AlterConfigsRequest * AlterUserScramCredentialsRequest * ExpireDelegationTokenRequest * IncrementalAlterConfigsRequest * RenewDelegationTokenRequest * SaslAuthenticateRequest * createDelegationTokenResponse * describeDelegationTokenResponse * SaslAuthenticateResponse This issue affects Apache Kafka: from any version supported the listed API above through v3.9.1, v4.0.0. We advise the Kafka users to upgrade to v3.9.2, v4.0.1, or later to avoid this vulnerability. | ||||
| CVE-2010-3765 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2026-04-22 | 9.8 Critical |
| Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware. | ||||