Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2014-3875

    The addto parameter to fup in Frams' Fast File EXchange (F*EX, aka fex) before fex-2014053 allows remote attackers to conduct cross-site scripting (XSS) attacks... Read more

    Affected Products : fex
    • EPSS Score: %0.79
    • Published: Nov. 27, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-3868

    Multiple SQL injection vulnerabilities in ZeusCart 4.x.... Read more

    Affected Products : zeuscart
    • EPSS Score: %0.93
    • Published: Jan. 31, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-3860

    Xilisoft Video Converter Ultimate 7.8.1 build-20140505 has a DLL Hijacking vulnerability... Read more

    Affected Products : video_converter
    • EPSS Score: %0.07
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2014-3856

    The funced function in fish (aka fish-shell) 1.23.0 before 2.1.1 does not properly create temporary files, which allows local users to gain privileges via a temporary file with a predictable name.... Read more

    Affected Products : fish
    • EPSS Score: %0.11
    • Published: Jan. 28, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-3827

    Multiple cross-site scripting (XSS) vulnerabilities in the MyBB (aka MyBulletinBoard) before 1.8.4 allow remote authenticated users to inject arbitrary web script or HTML via the title parameter in the (1) edit or (2) add action in the user-users module o... Read more

    Affected Products : mybb
    • EPSS Score: %0.19
    • Published: Feb. 11, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-3826

    Cross-site scripting (XSS) vulnerability in MyBB before 1.6.13 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter in the edit action of the config-profile_fields module.... Read more

    Affected Products : mybb
    • EPSS Score: %0.14
    • Published: Feb. 11, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-3809

    Cross-site scripting (XSS) vulnerability in the management interface in Alcatel-Lucent 1830 Photonic Service Switch (PSS) 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the myurl parameter to menu/pop.html.... Read more

    • EPSS Score: %0.20
    • Published: Jan. 31, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2014-3798

    The Windows Guest Tools in Citrix XenServer 6.2 SP1 and earlier allows remote attackers to cause a denial of service (guest OS crash) via a crafted Ethernet frame.... Read more

    Affected Products : xenserver
    • EPSS Score: %4.62
    • Published: Jul. 11, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2014-3753

    AgileBits 1Password through 1.0.9.340 allows security feature bypass... Read more

    Affected Products : 1password
    • EPSS Score: %0.22
    • Published: Jan. 09, 2020
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2014-3752

    The MiniIcpt.sys driver in G Data TotalProtection 2014 24.0.2.1 and earlier allows local users with administrator rights to execute arbitrary code with SYSTEM privileges via a crafted 0x83170180 call.... Read more

    Affected Products : totalprotection
    • EPSS Score: %0.09
    • Published: Feb. 01, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-3743

    Multiple cross-site scripting (XSS) vulnerabilities in the Marked module before 0.3.1 for Node.js allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) gfm codeblocks (language) or (2) javascript url's.... Read more

    Affected Products : marked
    • EPSS Score: %0.58
    • Published: Jan. 06, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-3719

    Multiple SQL injection vulnerabilities in cgi-bin/review_m.cgi in Ex Libris ALEPH 500 (Integrated library management system) 18.1 and 20 allow remote attackers to execute arbitrary SQL commands via the (1) find, (2) lib, or (3) sid parameter.... Read more

    Affected Products : aleph_500
    • EPSS Score: %1.24
    • Published: Jan. 30, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-3718

    Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/tag_m.cgi in Ex Libris ALEPH 500 (Integrated library management system) 18.1 and 20 allow remote attackers to inject arbitrary web script or HTML via the (1) find, (2) lib, or (3) sid paramete... Read more

    Affected Products : aleph_500
    • EPSS Score: %0.37
    • Published: Jan. 30, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2014-3701

    eDeploy has tmp file race condition flaws... Read more

    Affected Products : jboss_enterprise_web_server edeploy
    • EPSS Score: %0.45
    • Published: Dec. 15, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-3700

    eDeploy through at least 2014-10-14 has remote code execution due to eval() of untrusted data... Read more

    Affected Products : jboss_enterprise_web_server edeploy
    • EPSS Score: %3.14
    • Published: Nov. 21, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-3699

    eDeploy has RCE via cPickle deserialization of untrusted data... Read more

    Affected Products : jboss_enterprise_web_server edeploy
    • EPSS Score: %0.99
    • Published: Dec. 15, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-3656

    JBoss KeyCloak: XSS in login-status-iframe.html... Read more

    Affected Products : jboss_keycloak
    • EPSS Score: %0.34
    • Published: Dec. 10, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-3655

    JBoss KeyCloak is vulnerable to soft token deletion via CSRF... Read more

    • EPSS Score: %0.18
    • Published: Nov. 13, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-3652

    JBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect URL.... Read more

    Affected Products : keycloak jboss_keycloak
    • EPSS Score: %0.22
    • Published: Dec. 15, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-3650

    Multiple persistent cross-site scripting (XSS) flaws were found in the way Aerogear handled certain user-supplied content. A remote attacker could use these flaws to compromise the application with specially crafted input.... Read more

    Affected Products : jboss_aerogear
    • EPSS Score: %0.16
    • Published: Jul. 01, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291878 Results