CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

29542 matches found

OSV•added yesterday•9 views

ROOT-OS-DEBIAN-13-CVE-2014-9892 CVE-2014-9892 in rootio-linux - Patched by Root

Root has patched CVE-2014-9892 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...

5.5CVSS8.2AI score0.00499EPSS

Exploits0

OSV•added yesterday•3 views

ROOT-OS-DEBIAN-13-CVE-2014-9900 CVE-2014-9900 in rootio-linux - Patched by Root

Root has patched CVE-2014-9900 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...

5.5CVSS8.3AI score0.00519EPSS

Exploits0

Nuclei•added yesterday•43 views

WordPress EasyCart <2.0.6 - Information Disclosure

WordPress EasyCart plugin before 2.0.6 contains an information disclosure vulnerability. An attacker can obtain configuration information via a direct request to inc/admin/phpinfo.php, which calls the phpinfo function. id: CVE-2014-4942 info: name: WordPress EasyCart 2.0.6 - Information Disclosur...

5CVSS5.8AI score0.0437EPSS

Exploits1References5

Nuclei•added yesterday•25 views

Movies <= 0.6 - Cross-Site Scripting

A cross-site scripting vulnerability in the Movies plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php. id: CVE-2014-4539 info: name: Movies = 0.6 - Cross-Site Scripting author: daffainfo...

6.1CVSS6.4AI score0.03983EPSS

Exploits2References4

Nuclei•added yesterday•31 views

webEdition 6.3.8.0 - Directory Traversal

A directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. dot dot in the file parameter. id: CVE-2014-5258 info: name: webEdition 6.3.8.0 - Directory Traversal author: daffainfo severity: medium...

4CVSS6AI score0.19764EPSS

Exploits6References5

Nuclei•added yesterday•22 views

Frontend Uploader <= 0.9.2 - Cross-Site Scripting

The Frontend Uploader WordPress plugin prior to v.0.9.2 was affected by an unauthenticated Cross-Site Scripting security vulnerability. id: CVE-2014-9444 info: name: Frontend Uploader = 0.9.2 - Cross-Site Scripting author: daffainfo severity: medium description: The Frontend Uploader WordPress...

4.3CVSS5.8AI score0.06701EPSS

Exploits2References4

Nuclei•added yesterday•19 views

Sitecore CMS - Cross-Site Scripting

Sitecore CMS contains a cross-site scripting vulnerability via the "special way" of displaying XML Controls directly, which allows for a Cross Site Scripting Attack. id: CVE-2014-100004 info: name: Sitecore CMS - Cross-Site Scripting author: DhiyaneshDK severity: medium description: | Sitecore CM...

4.3CVSS5.6AI score0.02016EPSS

Exploits1References3

Nuclei•added yesterday•33 views

Podcast Channels < 0.28 - Cross-Site Scripting

The Podcast Channels WordPress plugin was affected by an unauthenticated reflected cross-site scripting security vulnerability. id: CVE-2014-4544 info: name: Podcast Channels 0.28 - Cross-Site Scripting author: daffainfo severity: medium description: The Podcast Channels WordPress plugin was...

6.1CVSS6.2AI score0.03779EPSS

Exploits1References4

Nuclei•added yesterday•24 views

WordPress Plugin Tera Charts - Local File Inclusion

Multiple local file inclusion vulnerabilities in Tera Charts tera-charts plugin 0.1 for WordPress allow remote attackers to read arbitrary files via a .. dot dot in the fn parameter to 1 charts/treemap.php or 2 charts/zoomabletreemap.php. id: CVE-2014-4940 info: name: WordPress Plugin Tera Charts...

5CVSS7.5AI score0.18734EPSS

Exploits2References4

Nuclei•added yesterday•21 views

WP Planet <= 0.1 - Cross-Site Scripting

A cross-site scripting vulnerability in rss.class/scripts/magpiedebug.php in the WP-Planet plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter. id: CVE-2014-4592 info: name: WP Planet = 0.1 - Cross-Site Scripting author:...

6.1CVSS6.4AI score0.03884EPSS

Exploits2References4

Nuclei•added yesterday•64 views

Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting

A cross-site scripting vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. id: CVE-2014-2908 info: name: Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting author:...

4.3CVSS5.8AI score0.2095EPSS

Exploits3References5

Nuclei•added yesterday•39 views

Netsweeper 4.0.4 - Cross-Site Scripting

A cross-site scripting vulnerability in remotereporter/loadlogfiles.php in Netsweeper 4.0.3 and 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter. id: CVE-2014-9607 info: name: Netsweeper 4.0.4 - Cross-Site Scripting author: daffainfo severity: medium...

6.1CVSS6.4AI score0.05452EPSS

Exploits1References4

Nuclei•added yesterday•87 views

Eyou E-Mail <3.6 - Remote Code Execution

Eyou Mail System before 3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to admin/domain/iploginset/diploginget.php via the getloginipconfigfile function. id: CVE-2014-1203 info: name: Eyou E-Mail 3.6 - Remote Code Execution author: pikpik...

9.8CVSS7.6AI score0.15647EPSS

Exploits0References5

Nuclei•added yesterday•19 views

Netsweeper 4.0.8 - Directory Traversal

A directory traversal vulnerability in webadmin/reporter/viewserverlog.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to list directory contents via a .. dot dot in the log parameter in a stats action. id: CVE-2014-9609 info: name: Netsweeper...

5.3CVSS6.1AI score0.10619EPSS

Exploits1References4

Nuclei•added yesterday•22 views

Last.fm Rotation 1.0 - Path Traversal

Directory traversal vulnerability in lastfm-proxy.php in the Last.fm Rotation lastfm-rotation plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the snode parameter. id: CVE-2014-5181 info: name: Last.fm Rotation 1.0 - Path Traversal author: DhiyaneshDK...

5CVSS6AI score0.04259EPSS

Exploits1

Nuclei•added yesterday•23 views

WooCommerce Swipe <= 2.7.1 - Cross-Site Scripting

A cross-site scripting vulnerability in test-plugin.php in the Swipe Checkout for WooCommerce plugin 2.7.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the apiurl parameter. id: CVE-2014-4558 info: name: WooCommerce Swipe = 2.7.1 - Cross-Site...

6.1CVSS6.4AI score0.04055EPSS

Exploits2References4

Nuclei•added yesterday•32 views

Netsweeper 4.0.4 - Cross-Site Scripting

A cross-site scripting vulnerability in Netsweeper 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter to webadmin/deny/index.php. id: CVE-2014-9615 info: name: Netsweeper 4.0.4 - Cross-Site Scripting author: daffainfo severity: medium description: A...

6.1CVSS6.4AI score0.03705EPSS

Exploits1References4

Nuclei•added yesterday•43 views

Node.js st module Directory Traversal

A directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e encoded dot dot in an unspecified path. id: CVE-2014-3744 info: name: Node.js st module Directory Traversal author: geeknik severity: high description: A...

7.5CVSS7.3AI score0.34012EPSS

Exploits0References5

Nuclei•added yesterday•24 views

Import Legacy Media <= 0.1 - Cross-Site Scripting

A cross-site scripting vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php. id: CVE-2014-4535 info: name: Import Legacy Media = 0.1 - Cross-Site...

6.1CVSS6.4AI score0.03983EPSS

Exploits2References4

Nuclei•added yesterday•30 views

Tom M8te (tom-m8te) Plugin 1.5.3 - Directory Traversal

Directory traversal vulnerability in the Tom M8te tom-m8te plugin 1.5.3 for WordPress allows remote attackers to read arbitrary files via the file parameter to tom-download-file.php. id: CVE-2014-5187 info: name: Tom M8te tom-m8te Plugin 1.5.3 - Directory Traversal author: DhiyaneshDK severity:...

5CVSS7.5AI score0.04718EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by