Export limit exceeded: 366859 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366859 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-5475 | 1 Bestpractical | 1 Request Tracker | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Request Tracker (RT) 4.x before 4.2.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) user and (2) group rights management pages. | ||||
| CVE-2015-5477 | 2 Isc, Redhat | 4 Bind, Enterprise Linux, Rhel Aus and 1 more | 2025-04-12 | N/A |
| named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries. | ||||
| CVE-2015-5479 | 3 Libav, Opensuse, Ubuntu | 3 Libav, Leap, Ubuntu | 2025-04-12 | N/A |
| The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions. | ||||
| CVE-2015-5481 | 1 Dev4press | 1 Gd Bbpress Attachments | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in forms/panels.php in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab parameter in the gdbbpress_attachments page to wp-admin/edit.php. | ||||
| CVE-2015-5482 | 1 Dev4press | 1 Gd Bbpress Attachments | 2025-04-12 | N/A |
| Directory traversal vulnerability in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the tab parameter in the gdbbpress_attachments page to wp-admin/edit.php. | ||||
| CVE-2015-5485 | 1 Theeventscalendar | 1 Eventbrite Tickets | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Event Import page (import-eventbrite-events.php) in the Modern Tribe Eventbrite Tickets plugin before 3.10.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "error" parameter to wp-admin/edit.php. | ||||
| CVE-2015-5487 | 1 Techsmith | 1 Camtasia Relay | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Camtasia Relay module 6.x-2.x before 6.x-3.2 and 7.x-2.x before 7.x-1.3 for Drupal allows remote authenticated users with the "view meta information" permission to inject arbitrary web script or HTML via unspecified vectors related to the meta access tab. | ||||
| CVE-2015-5488 | 1 Thinkshout | 1 Mailchimp | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the MailChimp Signup submodule in the MailChimp module 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "administer mailchimp" permission to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2015-5489 | 1 Smart Trim Project | 1 Smart Trim | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Smart Trim module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors involving the field settings form. | ||||
| CVE-2015-5490 | 1 Views Project | 1 Views | 2025-04-12 | N/A |
| The _views_fetch_data method in includes/cache.inc in the Views module 7.x-3.5 through 7.x-3.10 for Drupal does not rebuild the full cache if the static cache is not empty, which allows remote attackers to bypass intended filters and obtain access to hidden content via unspecified vectors. | ||||
| CVE-2015-5491 | 1 Dynamic Display Block Project | 1 Dynamic Display Block | 2025-04-12 | N/A |
| The Dynamic display block module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users to bypass intended access restrictions and read sensitive titles by leveraging the "administer ddblock" permission. | ||||
| CVE-2015-5492 | 1 Video Consultation Project | 1 Video Consultation | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Video Consultation module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2015-5493 | 1 Entityform Block Project | 1 Entityform Block | 2025-04-12 | N/A |
| The Entityform Block module 7.x-1.x before 7.x-1.3 for Drupal does not properly check permissions when a form is locked to a role, which allows remote attackers to obtain access to certain entityforms via unspecified vectors. | ||||
| CVE-2015-5494 | 1 Webform Matrix Component Project | 1 Webform Matrix Component | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Webform Matrix Component module 7.x-4.x before 7.x-4.13 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2015-5495 | 1 Mobile Sliding Menu Project | 1 Mobile Sliding Menu | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Mobile sliding menu module 7.x-2.x before 7.x-2.1 for Drupal allows remote authenticated users with the "administer menu" permission to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2015-5496 | 1 Pass2pdf Project | 1 Pass2pdf | 2025-04-12 | N/A |
| The pass2pdf module for Drupal does not restrict access to generated PDF files, which allows remote attackers to obtain user passwords via unspecified vectors. | ||||
| CVE-2015-5497 | 1 Web Links Project | 1 Web Links | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Web Links module 6.x-2.x before 6.x-2.6 and 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2015-5498 | 1 Shipwire Api Project | 1 Shipwire Api | 2025-04-12 | N/A |
| The Shipwire API module 7.x-1.x before 7.x-1.03 for Drupal does not check the view permission for the shipments overview (admin/shipwire/shipments), which allows remote attackers to obtain sensitive information via a request to the page. | ||||
| CVE-2015-5499 | 1 Navigate Project | 1 Navigate | 2025-04-12 | N/A |
| The Navigate module for Drupal does not properly check permissions, which allows remote authenticated users to modify custom widgets and create widget database records by leveraging the "navigate view" permission. | ||||
| CVE-2015-5500 | 1 Navigate Project | 1 Navigate | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Navigate module for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. | ||||