Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2014-8943

    Lexiglot through 2014-11-20 allows SSRF via the admin.php?page=projects svn_url parameter.... Read more

    Affected Products : lexiglot
    • EPSS Score: %0.31
    • Published: Jun. 01, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-8942

    Lexiglot through 2014-11-20 allows CSRF.... Read more

    Affected Products : lexiglot
    • EPSS Score: %0.14
    • Published: Jun. 01, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-8941

    Lexiglot through 2014-11-20 allows SQL injection via an admin.php?page=users&from_id= or admin.php?page=history&limit= URI.... Read more

    Affected Products : lexiglot
    • EPSS Score: %0.26
    • Published: Jun. 01, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2014-8940

    Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information (names and details of projects) by visiting the /update.log URI.... Read more

    Affected Products : lexiglot
    • EPSS Score: %0.24
    • Published: Jun. 01, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2014-8939

    Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information (full path) via an include/smarty/plugins/modifier.date_format.php request if PHP has a non-recommended configuration that produces warning messages.... Read more

    Affected Products : lexiglot
    • EPSS Score: %0.20
    • Published: Jun. 01, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-8938

    Lexiglot through 2014-11-20 allows local users to obtain sensitive information by listing a process because the username and password are on the command line.... Read more

    Affected Products : lexiglot
    • EPSS Score: %0.05
    • Published: Jun. 01, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-8937

    Lexiglot through 2014-11-20 allows denial of service because api/update.php launches svn update operations that use a great deal of resources.... Read more

    Affected Products : lexiglot
    • EPSS Score: %0.33
    • Published: Jun. 01, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-8888

    The remote administration interface in D-Link DIR-815 devices with firmware before 2.03.B02 allows remote attackers to execute arbitrary commands via vectors related to an "HTTP command injection issue."... Read more

    Affected Products : dir-815_firmware dir-815
    • EPSS Score: %8.47
    • Published: Apr. 12, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-8780

    Cross-site scripting (XSS) vulnerability in Jease 2.11 allows remote authenticated users to inject arbitrary web script or HTML via a content section note.... Read more

    Affected Products : jease
    • EPSS Score: %0.14
    • Published: Mar. 07, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-8742

    Directory traversal vulnerability in the ReportDownloadServlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to read arbitrary files via unspecified vectors.... Read more

    Affected Products : markvision_enterprise
    • EPSS Score: %8.10
    • Published: Jan. 27, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-8741

    Directory traversal vulnerability in the GfdFileUploadServerlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to write to arbitrary files via unspecified vectors.... Read more

    Affected Products : markvision_enterprise
    • EPSS Score: %70.35
    • Published: Jan. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-8739

    Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) before 1.0.0 for WordPress and before 2.0.1 for ... Read more

    • EPSS Score: %78.94
    • Published: Feb. 08, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-8674

    Multiple Cross-Site Scripting (XSS) vulnerabilities exist in Simple Online Planning (SOPlanning) before 1.33 via the document.cookie in nb_mois and mb_ligness and the debug GET parameter to export.php, which allows malicious users to execute arbitrary cod... Read more

    Affected Products : soplanning
    • EPSS Score: %0.66
    • Published: Jan. 06, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-8673

    Multiple SQL vulnerabilities exist in planning.php, user_list.php, projets.php, user_groupes.php, and groupe_list.php in Simple Online Planning (SOPPlanning)before 1.33.... Read more

    Affected Products : soplanning
    • EPSS Score: %49.86
    • Published: Jan. 07, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-8650

    python-requests-Kerberos through 0.5 does not handle mutual authentication... Read more

    Affected Products : debian_linux requests-kerberos
    • EPSS Score: %0.48
    • Published: Dec. 15, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-8597

    A reflected cross-site scripting (XSS) vulnerability in PHP-Fusion 7.02.07 allows remote attackers to inject arbitrary web script or HTML via the status parameter in the CMS admin panel.... Read more

    Affected Products : phpfusion
    • EPSS Score: %0.22
    • Published: Feb. 17, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-8579

    TRENDnet TEW-823DRU devices with firmware before 1.00b36 have a hardcoded password of kcodeskcodes for the root account, which makes it easier for remote attackers to obtain access via an FTP session.... Read more

    Affected Products : tew-823dru_firmware tew-823dru
    • EPSS Score: %1.23
    • Published: Jan. 05, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-8563

    Synacor Zimbra Collaboration before 8.0.9 allows plaintext command injection during STARTTLS.... Read more

    Affected Products : zimbra_collaboration_server
    • EPSS Score: %5.17
    • Published: Jan. 27, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2014-8561

    imagemagick 6.8.9.6 has remote DOS via infinite loop... Read more

    Affected Products : debian_linux imagemagick
    • EPSS Score: %1.04
    • Published: Dec. 15, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2014-8540

    The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks.... Read more

    Affected Products : gitlab
    • EPSS Score: %0.32
    • Published: Jan. 05, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292095 Results