Export limit exceeded: 338959 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (338959 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-10385 | 1 Memphis Documents Library Project | 1 Memphis Documents Library | 2024-11-21 | N/A |
| The memphis-documents-library plugin before 3.0 for WordPress has XSS via $_REQUEST. | ||||
| CVE-2014-10384 | 1 Memphis Documents Library Project | 1 Memphis Documents Library | 2024-11-21 | N/A |
| The memphis-documents-library plugin before 3.0 for WordPress has Local File Inclusion. | ||||
| CVE-2014-10383 | 1 Memphis Documents Library Project | 1 Memphis Documents Library | 2024-11-21 | N/A |
| The memphis-documents-library plugin before 3.0 for WordPress has Remote File Inclusion. | ||||
| CVE-2014-10382 | 1 Pippinsplugins | 1 Featured Comments | 2024-11-21 | N/A |
| The feature-comments plugin before 1.2.5 for WordPress has CSRF for featuring or burying a comment. | ||||
| CVE-2014-10381 | 1 User Domain Whitelist Project | 1 User Domain Whitelist | 2024-11-21 | N/A |
| The user-domain-whitelist plugin before 1.5 for WordPress has CSRF. | ||||
| CVE-2014-10380 | 1 Cozmoslabs | 1 Profile Builder | 2024-11-21 | N/A |
| The profile-builder plugin before 1.1.66 for WordPress has multiple XSS issues in forms. | ||||
| CVE-2014-10379 | 1 Duplicate Post Project | 1 Duplicate Post | 2024-11-21 | N/A |
| The duplicate-post plugin before 2.6 for WordPress has SQL injection. | ||||
| CVE-2014-10378 | 1 Duplicate Post Project | 1 Duplicate Post | 2024-11-21 | N/A |
| The duplicate-post plugin before 2.6 for WordPress has XSS. | ||||
| CVE-2014-10377 | 1 Cformsii Project | 1 Cformsii | 2024-11-21 | 6.1 Medium |
| The cforms2 plugin before 13.2 for WordPress has XSS in lib_ajax.php. | ||||
| CVE-2014-10376 | 1 Themeist | 1 I Recommend This | 2024-11-21 | N/A |
| The i-recommend-this plugin before 3.7.3 for WordPress has SQL injection. | ||||
| CVE-2014-10375 | 1 Gnu | 1 Exosip | 2024-11-21 | N/A |
| handle_messages in eXtl_tls.c in eXosip before 5.0.0 mishandles a negative value in a content-length header. | ||||
| CVE-2014-10374 | 1 Fitbit | 2 Charge 2, Charge 2 Firmware | 2024-11-21 | N/A |
| On Fitbit activity-tracker devices, certain addresses never change. According to the popets-2019-0036.pdf document, this leads to "permanent trackability" and "considerable privacy concerns" without a user-accessible anonymization feature. The devices, such as Charge 2, transmit Bluetooth Low Energy (BLE) advertising packets with a TxAdd flag indicating random addresses, but the addresses remain constant. If devices come within BLE range at one or more locations where an adversary has set up passive sniffing, the adversary can determine whether the same device has entered one of these locations. | ||||
| CVE-2014-10079 | 1 Vembu | 1 Storegrid | 2024-11-21 | N/A |
| In Vembu StoreGrid 4.4.x, the front page of the server web interface leaks the private IP address in the "ipaddress" hidden form value of the HTML source code, which is disclosed because of incorrect processing of an index.php/ trailing slash. | ||||
| CVE-2014-10078 | 1 Vembu | 1 Storegrid | 2024-11-21 | N/A |
| Vembu StoreGrid 4.4.x has XSS in interface/registercustomer/onlineregsuccess.php, interface/registerreseller/onlineregfailure.php, interface/registerclient/onlineregfailure.php, and interface/registercustomer/onlineregfailure.php. | ||||
| CVE-2014-10077 | 2 Debian, I18n Project | 2 Debian Linux, I18n | 2024-11-21 | N/A |
| Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 for Ruby allows remote attackers to cause a denial of service (application crash) via a call in a situation where :some_key is present in keep_keys but not present in the hash. | ||||
| CVE-2014-10076 | 1 Wp-db-backup Project | 1 Wp-db-backup | 2024-11-21 | N/A |
| The wp-db-backup plugin 2.2.4 for WordPress relies on a five-character string for access control, which makes it easier for remote attackers to read backup archives via a brute-force attack. | ||||
| CVE-2014-10075 | 1 Karo Project | 1 Karo | 2024-11-21 | N/A |
| The karo gem 2.3.8 for Ruby allows Remote command injection via the host field. | ||||
| CVE-2014-10074 | 1 Umbraco | 1 Umbraco Cms | 2024-11-21 | N/A |
| Umbraco before 7.2.0 has a remote PHP code execution vulnerability because Umbraco.Web.UI/config/umbracoSettings.Release.config does not block the upload of .php files. | ||||
| CVE-2014-10073 | 2 Debian, Wpitchoune | 2 Debian Linux, Psensor | 2024-11-21 | 7.5 High |
| The create_response function in server/server.c in Psensor before 1.1.4 allows Directory Traversal because it lacks a check for whether a file is under the webserver directory. | ||||
| CVE-2014-10072 | 2 Redhat, Zsh Project | 2 Enterprise Linux, Zsh | 2024-11-21 | N/A |
| In utils.c in zsh before 5.0.6, there is a buffer overflow when scanning very long directory paths for symbolic links. | ||||