Export limit exceeded: 365158 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (365158 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-4505 | 1 Roger Padilla Camacho | 1 Easy Breadcrumb | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Easy Breadcrumb module 7.x-2.x before 7.x-2.10 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2014-4506 | 1 Louis Jimenez | 1 Custom Meta | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Custom Meta module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3 for Drupal allows remote authenticated users with the "administer custom meta settings" permission to inject arbitrary web script or HTML via the (1) attribute or (2) content value for a meta tag. | ||||
| CVE-2014-4507 | 1 Theforeman | 1 Foreman | 2025-04-12 | N/A |
| Directory traversal vulnerability in Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the dst parameter to tftp/fetch_boot_file. | ||||
| CVE-2014-4508 | 3 Canonical, Linux, Redhat | 3 Ubuntu Linux, Linux Kernel, Rhel Els | 2025-04-12 | 5.5 Medium |
| arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000. | ||||
| CVE-2014-4509 | 1 Netiq | 1 Identity Manager | 2025-04-12 | N/A |
| The MKDQUOTESAFE function in the Fan-out driver scripts in Fan-Out Platform Services in Novell Identity Manager (aka IDM) 4.0.2 allows local users to execute arbitrary commands by leveraging eDirectory POSIX attribute changes to insert shell metacharacters. | ||||
| CVE-2014-4510 | 1 Debian | 1 Apt-cacher | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in job.cc in apt-cacher-ng 0.7.26 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | ||||
| CVE-2014-4511 | 1 Gitlist | 1 Gitlist | 2025-04-12 | N/A |
| Gitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in the URI of a request for a (1) blame, (2) file, or (3) stats page, as demonstrated by requests to blame/master/, master/, and stats/master/. | ||||
| CVE-2014-4513 | 1 Activehelper | 1 Activehelper Livehelp Live Chat | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in server/offline.php in the ActiveHelper LiveHelp Live Chat plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) MESSAGE, (2) EMAIL, or (3) NAME parameter. | ||||
| CVE-2014-4514 | 1 Alipay Project | 1 Alipay | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in includes/api_tenpay/inc.tenpay_notify.php in the Alipay plugin 3.6.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to the getDebugInfo function. | ||||
| CVE-2014-4515 | 1 Anyfont Plugin Project | 1 Anyfont | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in mce_anyfont/dialog.php in the AnyFont plugin 2.2.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the text parameter. | ||||
| CVE-2014-4516 | 1 Bic Media Widget Plugin | 1 Bic Media Widget | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in bicm-carousel-preview.php in the BIC Media Widget plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the param parameter. | ||||
| CVE-2014-4517 | 1 Cbi Referral Manager Project | 1 Cbi Referral Manager | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in getNetworkSites.php in the CBI Referral Manager plugin 1.2.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the searchString parameter. | ||||
| CVE-2014-4518 | 1 D-coda | 1 Contactme | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in xd_resize.php in the Contact Form by ContactMe.com plugin 2.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the width parameter. | ||||
| CVE-2014-4520 | 1 Dmca | 1 Dmca Watermarker | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in phprack.php in the DMCA WaterMarker plugin before 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the plugin_dir parameter. | ||||
| CVE-2014-4521 | 1 Diversesolutions | 1 Dsidxpress Idx Plugin | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in client-assist.php in the dsIDXpress IDX plugin before 2.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter. | ||||
| CVE-2014-4522 | 1 Dssearchagent Project | 1 Dssearchagent | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in client-assist.php in the dsSearchAgent: WordPress Edition plugin 1.0-beta10 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter. | ||||
| CVE-2014-4524 | 1 Wp Easy Post Types Project | 1 Wp Easy Post Types | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in classes/custom-image/media.php in the WP Easy Post Types plugin before 1.4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ref parameter. | ||||
| CVE-2014-4526 | 1 Efence Project | 1 Efence | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in callback.php in the efence plugin 1.3.2 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) message, (2) zoneid, (3) pubKey, or (4) privKey parameter. | ||||
| CVE-2014-4527 | 1 Envialosimple | 1 Email Marketing Y Newsletters | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in paginas/vista-previa-form.php in the EnvialoSimple: Email Marketing and Newsletters (envialosimple-email-marketing-y-newsletters-gratis) plugin before 1.98 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) FormID or (2) AdministratorID parameter. | ||||
| CVE-2014-4528 | 1 Fbpromotions Project | 1 Fbpromotions | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in admin/swarm-settings.php in the Bugs Go Viral : Facebook Promotion Generator (fbpromotions) plugin 1.3.4 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) promo_type, (2) fb_edit_action, or (3) promo_id parameter. | ||||