Export limit exceeded: 365444 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (365444 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-5267 | 1 Drupal | 1 Drupal | 2025-04-12 | N/A |
| modules/openid/xrds.inc in Drupal 6.x before 6.33 and 7.x before 7.31 allows remote attackers to have unspecified impact via a crafted DOCTYPE declaration in an XRDS document. | ||||
| CVE-2014-5268 | 1 Fasttoggle Project | 1 Fasttoggle | 2025-04-12 | N/A |
| The Fasttoggle module 7.x-1.3 and 7.x-1.4 for Drupal allows remote attackers to block or unblock an account via a crafted user status link. | ||||
| CVE-2014-5269 | 1 Plack Project | 1 Plack | 2025-04-12 | N/A |
| Plack::App::File in Plack before 1.0031 removes trailing slash characters from paths, which allows remote attackers to bypass the whitelist of generated files and obtain sensitive information via a crafted path, related to Plack::Middleware::Static. | ||||
| CVE-2014-5270 | 2 Debian, Gnupg | 2 Debian Linux, Libgcrypt | 2025-04-12 | N/A |
| Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576. | ||||
| CVE-2014-5272 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-12 | N/A |
| libavcodec/iff.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.2.x before 2.2.7, and 2.3.x before 2.3.2 allows remote attackers to have unspecified impact via a crafted iff image, which triggers an out-of-bounds array access, related to the rgb8 and rgbn formats. | ||||
| CVE-2014-4584 | 1 Wp-easybooking Plugin Project | 1 Wp-easybooking | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/editFacility.php in the wp-easybooking plugin 1.0.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the fID parameter. | ||||
| CVE-2014-4585 | 1 Mnt-tech | 1 Wp-facethumb | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the WP-FaceThumb plugin possibly 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the ajax_url parameter to index.php. | ||||
| CVE-2014-4586 | 1 Wp-football Project | 1 Wp-football | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the wp-football plugin 1.1 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the league parameter to (1) football_classification.php, (2) football_criteria.php, (3) templates/template_default_preview.php, or (4) templates/template_worldCup_preview.php; the (5) f parameter to football-functions.php; the id parameter in an "action" action to (6) football_groups_list.php, (7) football_matches_list.php, (8) football_matches_phase.php, or (9) football_phases_list.php; or the (10) id_league parameter in a delete action to football_matches_load.php. | ||||
| CVE-2014-4587 | 1 Wp Guestmap Project | 1 Wp Guestmap Project | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the WP GuestMap plugin 1.8 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) zl, (2) mt, or (3) dc parameter to guest-locator.php; the (4) zl, (5) mt, (6) activate, or (7) dc parameter to online-tracker.php; the (8) zl, (9) mt, or (10) dc parameter to stats-map.php; or the (11) zl, (12) mt, (13) activate, or (14) dc parameter to weather-map.php. | ||||
| CVE-2014-4588 | 1 Hot Files\ | 1 File Sharing And Download Manager Project | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in tpls/editmedia.php in the Hot Files: File Sharing and Download Manager (wphotfiles) plugin 1.0.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the mediaid parameter. | ||||
| CVE-2014-4597 | 1 Wp Social Invitations Project | 1 Wp Social Invitations | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in test.php in the WP Social Invitations plugin before 1.4.4.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xhrurl parameter. | ||||
| CVE-2014-4589 | 1 Wp Silverlight Media Player Project | 1 Wp Silverlight Media Player | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in uploader.php in the WP Silverlight Media Player (wp-media-player) plugin 0.8 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the post_id parameter. | ||||
| CVE-2014-4590 | 1 Wp Microblogs Project | 1 Wp Microblogs | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in get.php in the WP Microblogs plugin 0.4.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the oauth_verifier parameter. | ||||
| CVE-2014-4591 | 1 Wp Picasa Image Project | 1 Wp Picasa Image | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in picasa_upload.php in the WP-Picasa-Image plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the post_id parameter. | ||||
| CVE-2014-4593 | 1 Wp Plugin Manager Project | 1 Wp Plugin Manager | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in wp-plugins-net/index.php in the WP Plugin Manager (wppm) plugin 1.6.4.b and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filter parameter. | ||||
| CVE-2014-4594 | 1 Wordpress Responsive Preview Project | 1 Wordpress Responsive Preview | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in the WordPress Responsive Preview plugin before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter. | ||||
| CVE-2014-4595 | 1 Wp Restful Project | 1 Wp Restful | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the WP RESTful plugin 0.1 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) oauth_callback parameter to html_api_authorize.php or the (2) oauth_token_temp or (3) oauth_callback_temp parameter to html_api_login.php. | ||||
| CVE-2014-4596 | 1 Snapapp Project | 1 Snapapp | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in js/button-snapapp.php in the SnapApp plugin 1.5 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) msg or (2) act parameter. | ||||
| CVE-2014-4598 | 1 Wp-tmkm-amazon Project | 1 Wp-tmkm-amazon | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in wp-tmkm-amazon-search.php in the wp-tmkm-amazon plugin 1.5b and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the AID parameter. | ||||
| CVE-2014-4599 | 1 Wp-business Directory Project | 1 Wp-business Directory | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in forms/search.php in the WP-Business Directory (wp-ttisbdir) plugin 1.0.2 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) edit, (2) search_term, (3) page_id, (4) page, or (5) page_links parameter. | ||||