Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2014-3114

    The EZPZ One Click Backup (ezpz-one-click-backup) plugin 12.03.10 and earlier for WordPress allows remote attackers to execute arbitrary commands via the cmd parameter to functions/ezpz-archive-cmd.php.... Read more

    Affected Products : ezpz-one-click-backup
    • EPSS Score: %2.89
    • Published: Apr. 10, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-3005

    XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an X... Read more

    Affected Products : fedora zabbix
    • EPSS Score: %4.29
    • Published: Feb. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-2914

    fish (aka fish-shell) 2.0.0 before 2.1.1 does not restrict access to the configuration service (aka fish_config), which allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by set_prompt.... Read more

    Affected Products : fish
    • EPSS Score: %2.48
    • Published: Jan. 28, 2020
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2014-2906

    The psub function in fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly create temporary files, which allows local users to execute arbitrary commands via a temporary file with a predictable name.... Read more

    Affected Products : fish
    • EPSS Score: %0.11
    • Published: Jan. 28, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-2904

    wolfssl before 3.2.0 has a server certificate that is not properly authorized for server authentication.... Read more

    Affected Products : wolfssl
    • EPSS Score: %0.23
    • Published: Nov. 21, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-2902

    wolfssl before 3.2.0 does not properly authorize CA certificate for signing other certificates.... Read more

    Affected Products : wolfssl
    • EPSS Score: %0.22
    • Published: Nov. 21, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-2901

    wolfssl before 3.2.0 does not properly issue certificates for a server's hostname.... Read more

    Affected Products : wolfssl
    • EPSS Score: %0.16
    • Published: Nov. 21, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-2898

    wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact via multiple calls to the CyaSSL_read function which triggers an out-of-bounds read when an error occurs, related to not checking the return code and MAC verification failure.... Read more

    Affected Products : wolfssl
    • EPSS Score: %1.01
    • Published: Jan. 28, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-2897

    The SSL 3 HMAC functionality in wolfSSL CyaSSL 2.5.0 before 2.9.4 does not check the padding length when verification fails, which allows remote attackers to have unspecified impact via a crafted HMAC, which triggers an out-of-bounds read.... Read more

    Affected Products : wolfssl
    • EPSS Score: %1.01
    • Published: Jan. 28, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-2896

    The DoAlert function in the (1) TLS and (2) DTLS implementations in wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact and vectors, which trigger memory corruption or an out-of-bounds read.... Read more

    Affected Products : wolfssl
    • EPSS Score: %1.01
    • Published: Jan. 28, 2020
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2014-2885

    Multiple integer overflows in TrueCrypt 7.1a allow local users to (1) obtain sensitive information via vectors involving a crafted item->OriginalLength value in the MainThreadProc function in EncryptedIoQueue.c or (2) cause a denial of service (memory con... Read more

    Affected Products : truecrypt
    • EPSS Score: %0.04
    • Published: Mar. 19, 2018
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2014-2884

    The ProcessVolumeDeviceControlIrp function in Ntdriver.c in TrueCrypt 7.1a allows local users to bypass access restrictions and obtain sensitive information about arbitrary files via a (1) TC_IOCTL_OPEN_TEST or (2) TC_IOCTL_GET_SYSTEM_DRIVE_CONFIG IOCTL c... Read more

    Affected Products : truecrypt
    • EPSS Score: %0.04
    • Published: Mar. 19, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-2875

    The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated based on OS time, which allows remote attackers to hijack arbitrary sessions via a brute force attack. NOTE: CVE-2014-10399 and CVE-2014-10400 were SPLIT from th... Read more

    Affected Products : cgilua
    • EPSS Score: %0.57
    • Published: Feb. 06, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-2843

    Cross-site scripting (XSS) vulnerability in infoware MapSuite MapAPI 1.0.x before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : mapsuite
    • EPSS Score: %0.42
    • Published: Jan. 31, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-2727

    The STARTTLS implementation in MailMarshal before 7.2 allows plaintext command injection.... Read more

    Affected Products : mailmarshal
    • EPSS Score: %5.98
    • Published: Feb. 19, 2020
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2014-2723

    In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and ... Read more

    • EPSS Score: %1.51
    • Published: Mar. 19, 2020
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2014-2722

    In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and ... Read more

    • EPSS Score: %1.51
    • Published: Mar. 19, 2020
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2014-2721

    In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and ... Read more

    • EPSS Score: %1.51
    • Published: Mar. 19, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-2686

    Ansible prior to 1.5.4 mishandles the evaluation of some strings.... Read more

    Affected Products : ansible
    • EPSS Score: %0.38
    • Published: Jan. 09, 2020
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2014-2680

    The update process in Xmind 3.4.1 and earlier allow remote attackers to execute arbitrary code via a man-in-the-middle attack.... Read more

    Affected Products : xmind
    • EPSS Score: %2.12
    • Published: Jan. 21, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 291806 Results