Export limit exceeded: 365444 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (365444 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-5267 1 Drupal 1 Drupal 2025-04-12 N/A
modules/openid/xrds.inc in Drupal 6.x before 6.33 and 7.x before 7.31 allows remote attackers to have unspecified impact via a crafted DOCTYPE declaration in an XRDS document.
CVE-2014-5268 1 Fasttoggle Project 1 Fasttoggle 2025-04-12 N/A
The Fasttoggle module 7.x-1.3 and 7.x-1.4 for Drupal allows remote attackers to block or unblock an account via a crafted user status link.
CVE-2014-5269 1 Plack Project 1 Plack 2025-04-12 N/A
Plack::App::File in Plack before 1.0031 removes trailing slash characters from paths, which allows remote attackers to bypass the whitelist of generated files and obtain sensitive information via a crafted path, related to Plack::Middleware::Static.
CVE-2014-5270 2 Debian, Gnupg 2 Debian Linux, Libgcrypt 2025-04-12 N/A
Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576.
CVE-2014-5272 1 Ffmpeg 1 Ffmpeg 2025-04-12 N/A
libavcodec/iff.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.2.x before 2.2.7, and 2.3.x before 2.3.2 allows remote attackers to have unspecified impact via a crafted iff image, which triggers an out-of-bounds array access, related to the rgb8 and rgbn formats.
CVE-2014-4584 1 Wp-easybooking Plugin Project 1 Wp-easybooking 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in admin/editFacility.php in the wp-easybooking plugin 1.0.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the fID parameter.
CVE-2014-4585 1 Mnt-tech 1 Wp-facethumb 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the WP-FaceThumb plugin possibly 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the ajax_url parameter to index.php.
CVE-2014-4586 1 Wp-football Project 1 Wp-football 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the wp-football plugin 1.1 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the league parameter to (1) football_classification.php, (2) football_criteria.php, (3) templates/template_default_preview.php, or (4) templates/template_worldCup_preview.php; the (5) f parameter to football-functions.php; the id parameter in an "action" action to (6) football_groups_list.php, (7) football_matches_list.php, (8) football_matches_phase.php, or (9) football_phases_list.php; or the (10) id_league parameter in a delete action to football_matches_load.php.
CVE-2014-4587 1 Wp Guestmap Project 1 Wp Guestmap Project 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the WP GuestMap plugin 1.8 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) zl, (2) mt, or (3) dc parameter to guest-locator.php; the (4) zl, (5) mt, (6) activate, or (7) dc parameter to online-tracker.php; the (8) zl, (9) mt, or (10) dc parameter to stats-map.php; or the (11) zl, (12) mt, (13) activate, or (14) dc parameter to weather-map.php.
CVE-2014-4588 1 Hot Files\ 1 File Sharing And Download Manager Project 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in tpls/editmedia.php in the Hot Files: File Sharing and Download Manager (wphotfiles) plugin 1.0.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the mediaid parameter.
CVE-2014-4597 1 Wp Social Invitations Project 1 Wp Social Invitations 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in test.php in the WP Social Invitations plugin before 1.4.4.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xhrurl parameter.
CVE-2014-4589 1 Wp Silverlight Media Player Project 1 Wp Silverlight Media Player 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in uploader.php in the WP Silverlight Media Player (wp-media-player) plugin 0.8 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the post_id parameter.
CVE-2014-4590 1 Wp Microblogs Project 1 Wp Microblogs 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in get.php in the WP Microblogs plugin 0.4.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the oauth_verifier parameter.
CVE-2014-4591 1 Wp Picasa Image Project 1 Wp Picasa Image 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in picasa_upload.php in the WP-Picasa-Image plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the post_id parameter.
CVE-2014-4593 1 Wp Plugin Manager Project 1 Wp Plugin Manager 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in wp-plugins-net/index.php in the WP Plugin Manager (wppm) plugin 1.6.4.b and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filter parameter.
CVE-2014-4594 1 Wordpress Responsive Preview Project 1 Wordpress Responsive Preview 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in index.php in the WordPress Responsive Preview plugin before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter.
CVE-2014-4595 1 Wp Restful Project 1 Wp Restful 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the WP RESTful plugin 0.1 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) oauth_callback parameter to html_api_authorize.php or the (2) oauth_token_temp or (3) oauth_callback_temp parameter to html_api_login.php.
CVE-2014-4596 1 Snapapp Project 1 Snapapp 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in js/button-snapapp.php in the SnapApp plugin 1.5 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) msg or (2) act parameter.
CVE-2014-4598 1 Wp-tmkm-amazon Project 1 Wp-tmkm-amazon 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in wp-tmkm-amazon-search.php in the wp-tmkm-amazon plugin 1.5b and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the AID parameter.
CVE-2014-4599 1 Wp-business Directory Project 1 Wp-business Directory 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in forms/search.php in the WP-Business Directory (wp-ttisbdir) plugin 1.0.2 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) edit, (2) search_term, (3) page_id, (4) page, or (5) page_links parameter.