Export limit exceeded: 364872 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364872 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-9480 | 1 Mediawiki | 1 Mediawiki | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Hovercards extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via vectors related to text extracts. | ||||
| CVE-2015-2846 | 1 Bittorrent | 1 Sync | 2025-04-12 | N/A |
| BitTorrent Sync allows remote attackers to execute arbitrary commands via a crafted btsync: link. | ||||
| CVE-2014-9488 | 2 Gnu, Opensuse | 2 Less, Opensuse | 2025-04-12 | N/A |
| The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read. | ||||
| CVE-2014-9490 | 1 Getsentry | 1 Raven-ruby | 2025-04-12 | N/A |
| The numtok function in lib/raven/okjson.rb in the raven-ruby gem before 0.12.2 for Ruby allows remote attackers to cause a denial of service via a large exponent value in a scientific number. | ||||
| CVE-2014-9491 | 1 Illumos | 1 Illumos | 2025-04-12 | N/A |
| The devzvol_readdir function in illumos does not check the return value of a strchr call, which allows remote attackers to cause a denial of service (NULL pointer dereference and panic) via unspecified vectors. | ||||
| CVE-2014-9493 | 2 Openstack, Redhat | 2 Image Registry And Delivery Service \(glance\), Openstack | 2025-04-12 | N/A |
| The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property. | ||||
| CVE-2014-9494 | 1 Pivotal Software | 1 Rabbitmq | 2025-04-12 | N/A |
| RabbitMQ before 3.4.0 allows remote attackers to bypass the loopback_users restriction via a crafted X-Forwareded-For header. | ||||
| CVE-2014-9498 | 1 Webform Invitation Project | 1 Webform Invitation | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Webform Invitation module 7.x-1.x before 7.x-1.3 and 7.x-2.x before 7.x-2.4 for Drupal allows remote authenticated users with the Webform: Create new content, Webform: Edit own content, or Webform: Edit any content permission to inject arbitrary web script or HTML via a node title. | ||||
| CVE-2014-9499 | 1 Godwin\'s Law Project | 1 Godwin\'s Law | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Godwin's Law module before 7.x-1.1 for Drupal, when using the dblog module, allows remote authenticated users to inject arbitrary web script or HTML via a Watchdog message. | ||||
| CVE-2014-9500 | 1 Moip Project | 1 Moip | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Moip module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to the notification page callback. | ||||
| CVE-2014-9501 | 1 Poll Chart Block Project | 1 Poll Chart Block | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Poll Chart Block module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a poll node title. | ||||
| CVE-2014-9505 | 1 School Administration Project | 1 School Administration | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the School Administration module 7.x-1.x before 7.x-1.8 for Drupal allows remote authenticated users with permission to create or edit a class node to inject arbitrary web script or HTML via a node title. | ||||
| CVE-2014-9506 | 1 Mantisbt | 1 Mantisbt | 2025-04-12 | N/A |
| MantisBT before 1.2.18 does not properly check permissions when sending an email that indicates when a monitored issue is related to another issue, which allows remote authenticated users to obtain sensitive information about restricted issues. | ||||
| CVE-2014-9507 | 1 Mediawiki | 1 Mediawiki | 2025-04-12 | N/A |
| MediaWiki 1.21.x, 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgContentHandlerUseDB is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks by setting the content model for a revision to JS. | ||||
| CVE-2014-9508 | 1 Typo3 | 1 Typo3 | 2025-04-12 | N/A |
| The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for those links via unknown vectors. | ||||
| CVE-2014-9509 | 1 Typo3 | 1 Typo3 | 2025-04-12 | N/A |
| The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set to all or cached, allows remote attackers to have an unspecified impact (possibly resource consumption) via a "Cache Poisoning" attack using a URL with arbitrary arguments, which triggers a reload of the page. | ||||
| CVE-2014-9510 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the administration console in TP-Link TL-WR840N (V1) router with firmware before 3.13.27 build 141120 allows remote attackers to hijack the authentication of administrators for requests that change router settings via a configuration file import. | ||||
| CVE-2014-9512 | 3 Opensuse, Oracle, Samba | 3 Opensuse, Solaris, Rsync | 2025-04-12 | N/A |
| rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path. | ||||
| CVE-2014-9516 | 1 Social Microblogging Pro Project | 1 Social Microblogging Pro | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Social Microblogging PRO 1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI, related to the "Web Site" input in the Profile section. | ||||
| CVE-2014-9517 | 1 Dlink | 2 Dcs-2103, Dcs-2103 Firmware | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in D-link IP camera DCS-2103 with firmware before 1.20 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to vb.htm. | ||||