Export limit exceeded: 366857 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366857 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-5603 1 Atlassian 1 Hipchat 2025-04-12 N/A
The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java code via unspecified vectors, related to "Velocity Template Injection Vulnerability."
CVE-2015-5605 3 Google, Opensuse, Redhat 3 Chrome, Opensuse, Rhel Extras 2025-04-12 N/A
The regular-expression implementation in Google V8, as used in Google Chrome before 44.0.2403.89, mishandles interrupts, which allows remote attackers to cause a denial of service (application crash) via crafted JavaScript code, as demonstrated by an error in garbage collection during allocation of a stack-overflow exception message.
CVE-2015-5610 1 Solarwinds 1 N-able N-central 2025-04-12 N/A
The RSM (aka RSMWinService) service in SolarWinds N-Able N-Central before 9.5.1.4514 uses the same password decryption key across different customers' installations, which makes it easier for remote authenticated users to obtain the cleartext domain-administrator password by locating the encrypted password within HTML source code and then leveraging knowledge of this key from another installation.
CVE-2015-5611 1 Fca 1 Uconnect 2025-04-12 N/A
Unspecified vulnerability in Uconnect before 15.26.1, as used in certain Fiat Chrysler Automobiles (FCA) from 2013 to 2015 models, allows remote attackers in the same cellular network to control vehicle movement, cause human harm or physical damage, or modify dashboard settings via vectors related to modification of entertainment-system firmware and access of the CAN bus due to insufficient "Radio security protection," as demonstrated on a 2014 Jeep Cherokee Limited FWD.
CVE-2015-5612 1 Octobercms 1 October 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via the caption tag of a profile image.
CVE-2015-5642 1 Icz 1 Matchasns 2025-04-12 N/A
Multiple SQL injection vulnerabilities in ICZ MATCHA INVOICE before 2.5.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-5618 1 Chiyutw 2 Bf-630, Bf-630w 2025-04-12 N/A
Chiyu BF-630 and BF-630W fingerprint access-control devices allow remote attackers to bypass authentication and (1) read or (2) modify (a) Voice Time Set configuration settings via a request to voice.htm or (b) UniFinger configuration settings via a request to bf.htm, a different vulnerability than CVE-2015-2871.
CVE-2015-5622 2 Debian, Wordpress 2 Debian Linux, Wordpress 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in WordPress before 4.2.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the Author or Contributor role to place a crafted shortcode inside an HTML element, related to wp-includes/kses.php and wp-includes/shortcodes.php.
CVE-2015-5623 2 Debian, Wordpress 2 Debian Linux, Wordpress 2025-04-12 N/A
WordPress before 4.2.3 does not properly verify the edit_posts capability, which allows remote authenticated users to bypass intended access restrictions and create drafts by leveraging the Subscriber role, as demonstrated by a post-quickdraft-save action to wp-admin/post.php.
CVE-2015-5624 1 Freebit 1 Elphonebtnv6 Activex Control 2025-04-12 N/A
Buffer overflow in the ExecCall method in c2lv6.ocx in the FreeBit ELPhoneBtnV6 ActiveX control allows remote attackers to execute arbitrary code via a crafted HTML document, related to the discontinued "Click to Live" service.
CVE-2015-5625 1 Opendocman 1 Opendocman 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in OpenDocMan before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via the redirection parameter.
CVE-2015-5632 1 Newphoria Corporation 1 Applican 2025-04-12 N/A
The runtime engine in the Newphoria applican framework before 1.12.3 for Android and before 1.12.2 for iOS allows attackers to bypass a whitelist.xml URL whitelist protection mechanism and obtain API access via unspecified vectors.
CVE-2015-5629 1 Ntt-bp 1 Japan Connected-free Wi-fi 2025-04-12 N/A
The NTT Broadband Platform Japan Connected-free Wi-Fi application 1.6.0 and earlier for Android and 1.0.2 and earlier for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors.
CVE-2015-5630 1 Ntt-bp 1 Japan Connected-free Wi-fi 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the NTT Broadband Platform Japan Connected-free Wi-Fi application 1.6.0 and earlier for Android and 1.0.2 and earlier for iOS allows remote attackers to inject arbitrary web script or HTML via a crafted SSID.
CVE-2015-5633 1 Newphoria Corporation 1 Auction Camera 2025-04-12 N/A
The Newphoria Auction Camera application for iOS and before 1.2 for Android allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors.
CVE-2015-5634 1 Newphoria Corporation 1 Megaphone Music 2025-04-12 N/A
The Newphoria MEGAPHONE MUSIC application before 1.1 for Android and before 1.1 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors.
CVE-2015-5635 1 Newphoria Corporation 1 Koritore 2025-04-12 N/A
The Newphoria Koritore application before 1.1 for Android and before 1.1 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors.
CVE-2015-5636 1 Newphoria Corporation 1 Reversi 2025-04-12 N/A
The Newphoria Reversi application before 1.0.3 for Android and before 1.2 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors.
CVE-2015-5637 1 Newphoria Corporation 1 1.1 2025-04-12 N/A
The Newphoria Photon application before 1.2 for Android allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors.
CVE-2015-5638 1 Dena 1 H20 2025-04-12 N/A
Directory traversal vulnerability in H2O before 1.4.5 and 1.5.x before 1.5.0-beta2, when the file.dir directive is enabled, allows remote attackers to read arbitrary files via a crafted URL.