Export limit exceeded: 343925 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (343925 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-9304 | 1 Ultimatemember | 1 Ultimate Member | 2024-11-21 | 6.1 Medium |
| The ultimate-member plugin before 1.3.18 for WordPress has XSS via text input. | ||||
| CVE-2015-9303 | 1 Simplesharebuttons | 1 Simple Share Buttons Adder | 2024-11-21 | N/A |
| The simple-share-buttons-adder plugin before 6.0.0 for WordPress has XSS. | ||||
| CVE-2015-9302 | 1 Simple Fields Project | 1 Simple Fields | 2024-11-21 | 6.1 Medium |
| The simple-fields plugin before 1.4.11 for WordPress has XSS. | ||||
| CVE-2015-9301 | 1 W3eden | 1 Live Forms | 2024-11-21 | N/A |
| The liveforms plugin before 3.2.0 for WordPress has SQL injection. | ||||
| CVE-2015-9300 | 1 Pixelite | 1 Events Manager | 2024-11-21 | N/A |
| The events-manager plugin before 5.5.7 for WordPress has multiple XSS issues. | ||||
| CVE-2015-9299 | 1 Pixelite | 1 Events Manager | 2024-11-21 | N/A |
| The events-manager plugin before 5.5.7.1 for WordPress has DOM XSS. | ||||
| CVE-2015-9298 | 1 Pixelite | 1 Events Manager | 2024-11-21 | 9.8 Critical |
| The events-manager plugin before 5.6 for WordPress has code injection. | ||||
| CVE-2015-9297 | 1 Pixelite | 1 Events Manager | 2024-11-21 | 6.1 Medium |
| The events-manager plugin before 5.6 for WordPress has XSS. | ||||
| CVE-2015-9296 | 1 Never5 | 1 Download Monitor | 2024-11-21 | N/A |
| The download-monitor plugin before 1.7.1 for WordPress has XSS related to add_query_arg. | ||||
| CVE-2015-9295 | 1 Bestwebsoft | 1 Contact Form | 2024-11-21 | N/A |
| The contact-form-plugin plugin before 3.96 for WordPress has XSS. | ||||
| CVE-2015-9294 | 1 Tipsandtricks-hq | 1 All In One Wp Security \& Firewall | 2024-11-21 | N/A |
| The all-in-one-wp-security-and-firewall plugin before 3.9.5 for WordPress has XSS in add_query_arg and remove_query_arg function instances. | ||||
| CVE-2015-9293 | 1 Tipsandtricks-hq | 1 All In One Wp Security \& Firewall | 2024-11-21 | N/A |
| The all-in-one-wp-security-and-firewall plugin before 3.9.8 for WordPress has XSS in the unlock request feature. | ||||
| CVE-2015-9292 | 1 6kbbs | 1 6kbbs | 2024-11-21 | N/A |
| 6kbbs 7.1 and 8.0 allows CSRF via portalchannel_ajax.php (id or code parameter) or admin.php (fileids parameter). | ||||
| CVE-2015-9291 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 11.52.0.13 does not prevent arbitrary file-read operations via get_information_for_applications (CPANEL-1221). | ||||
| CVE-2015-9290 | 1 Freetype | 1 Freetype | 2024-11-21 | N/A |
| In FreeType before 2.6.1, a buffer over-read occurs in type1/t1parse.c on function T1_Get_Private_Dict where there is no check that the new values of cur and limit are sensible before going to Again. | ||||
| CVE-2015-9289 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Extras Rt | 2024-11-21 | 5.5 Medium |
| In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the userspace API. However, the code allows larger values such as 23. | ||||
| CVE-2015-9288 | 1 Unity | 1 Web Player | 2024-11-21 | N/A |
| The Unity Web Player plugin before 4.6.6f2 and 5.x before 5.0.3f2 allows attackers to read messages or access online services via a victim's credentials | ||||
| CVE-2015-9287 | 1 Cam | 1 The University Of Cambridge Web Authentication System Apache Authentication Agent | 2024-11-21 | N/A |
| Directory Traversal was discovered in University of Cambridge mod_ucam_webauth before 2.0.2. The key identification field ("kid") of the IdP's HTTP response message ("WLS-Response") can be manipulated by an attacker. The "kid" field is not signed like the rest of the message, and manipulation is therefore trivial. The "kid" field should only ever represent an integer. However, it is possible to provide any string value. An attacker could use this to their advantage to force the application agent to load the RSA public key required for message integrity checking from an unintended location. | ||||
| CVE-2015-9286 | 1 Nodebb | 1 Nodebb | 2024-11-21 | N/A |
| Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS. | ||||
| CVE-2015-9285 | 1 Esotalk | 1 Esotalk | 2024-11-21 | N/A |
| esoTalk 1.0.0g4 has XSS via the PATH_INFO to the conversations/ URI. | ||||