Main entries ~3682 :
Date Id Summary Products Score Patch Annotated
2014-03-18 CVE-2012-5641 Directory traversal vulnerability in the partition2 function in mochiweb_util.erl in MochiWeb before 2.4.0, as used in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1, allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the default URI. Couchdb, Mochiweb N/A
2012-12-26 CVE-2012-5625 OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume (PV) content when reallocating for instances, which allows attackers to obtain sensitive information by reading the memory of the previous logical volume (LV). Folsom, Grizzly N/A
2012-12-18 CVE-2012-5622 Cross-site request forgery (CSRF) vulnerability in the management console (openshift-console/app/controllers/application_controller.rb) in OpenShift 0.0.5 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors. Openshift N/A
2012-12-18 CVE-2012-5610 Incomplete blacklist vulnerability in lib/filesystem.php in ownCloud before 4.0.9 and 4.5.x before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a special crafted name. Owncloud N/A
2012-12-18 CVE-2012-5609 Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted mount.php file in a ZIP file. Owncloud N/A
2012-12-18 CVE-2012-5608 Cross-site scripting (XSS) vulnerability in apps/user_webdavauth/settings.php in ownCloud 4.5.x before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via arbitrary POST parameters. Owncloud N/A
2012-12-18 CVE-2012-5607 The "Lost Password" reset functionality in ownCloud before 4.0.9 and 4.5.0 does not properly check the security token, which allows remote attackers to change an accounts password via unspecified vectors related to a "Remote Timing Attack." Owncloud N/A
Remaining NVD entries (unprocessed / no code available): ~294238 :
Date Id Summary Products Score Patch
2025-06-28 CVE-2025-6350 The WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hotspot-hover’ parameter in all versions up to, and including, 8.5.32 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. N/A 6.4
2025-06-28 CVE-2025-6381 The BeeTeam368 Extensions plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.3.4 via the handle_remove_temp_file() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the originally intended directory. This vulnerability can be used to delete the wp-config.php file, which can be leveraged into a site takeover. N/A 8.8
2025-06-28 CVE-2025-6379 The BeeTeam368 Extensions Pro plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.3.4 via the handle_live_fn() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the originally intended directory. This vulnerability can be used to delete the wp-config.php file, which can be leveraged into a site takeover. N/A 8.8
2025-06-28 CVE-2025-53384 Rejected reason: Not used N/A N/A
2025-06-28 CVE-2025-53385 Rejected reason: Not used N/A N/A
2025-06-28 CVE-2025-53387 Rejected reason: Not used N/A N/A
2025-06-28 CVE-2025-53386 Rejected reason: Not used N/A N/A