Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2014-2592

    Unrestricted file upload vulnerability in Aruba Web Management portal allows remote attackers to execute arbitrary code by uploading a file with an executable extension.... Read more

    Affected Products : web_management_portal
    • EPSS Score: %1.85
    • Published: Mar. 09, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-2581

    Smb4K before 1.1.1 allows remote attackers to obtain credentials via vectors related to the cuid option in the "Additional options" line edit.... Read more

    Affected Products : fedora smb4k
    • EPSS Score: %1.99
    • Published: Jan. 28, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-2560

    The PhonerLite phone before 2.15 provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue.... Read more

    Affected Products : phonerlite
    • EPSS Score: %2.08
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-2552

    Brookins Consulting (BC) Collected Information Export extension for eZ Publish 1.1.0 does not properly restrict access, which allows remote attackers to gain access to sensitive data.... Read more

    Affected Products : collected_information_export
    • EPSS Score: %3.33
    • Published: Apr. 27, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-2550

    Cross-site request forgery (CSRF) vulnerability in the Disable Comments plugin before 1.0.4 for WordPress allows remote attackers to hijack the authentication of administrators for requests that enable comments via a request to the disable_comments_settin... Read more

    Affected Products : disable_comments_project
    • EPSS Score: %0.28
    • Published: Mar. 19, 2018
    • Modified: Nov. 21, 2024

  • 4.6

    MEDIUM
    CVE-2014-2387

    Pen 0.18.0 has Insecure Temporary File Creation vulnerabilities... Read more

    Affected Products : debian_linux opensuse pen
    • EPSS Score: %0.10
    • Published: Dec. 13, 2019
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2014-2359

    OleumTech Wireless Sensor Network devices allow remote attackers to obtain sensitive information about sensor nodes or spoof devices by reading cleartext protocol data.... Read more

    Affected Products : ft1_firmware ad1_firmware ft1 ad1
    • EPSS Score: %0.91
    • Published: Apr. 06, 2018
    • Modified: Nov. 21, 2024

  • 6.6

    MEDIUM
    CVE-2014-2312

    The main function in android_main.cpp in thermald allows local users to write to arbitrary files via a symlink attack on /tmp/thermald.pid.... Read more

    Affected Products : thermald
    • EPSS Score: %0.05
    • Published: Mar. 26, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-2304

    A vulnerability in version 0.90 of the Open Floodlight SDN controller software could result in a denial of service attack and crashing of the controller service. This effect is the result of a flaw in OpenFlow protocol processing, where specific malformed... Read more

    Affected Products : open_sdn_controller
    • EPSS Score: %0.43
    • Published: Oct. 23, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-2302

    The installer script in webEdition CMS before 6.2.7-s1 and 6.3.x before 6.3.8-s1 allows remote attackers to conduct PHP Object Injection attacks by intercepting a request to update.webedition.org.... Read more

    Affected Products : webedition_cms
    • EPSS Score: %12.93
    • Published: Jul. 19, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-2297

    Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin 4.29.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to ls/htmlchat.php or (2) bgcolor paramete... Read more

    • EPSS Score: %0.17
    • Published: Mar. 19, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-2296

    XML external entity (XXE) vulnerability in java/org/jasig/cas/util/SamlUtils.java in Jasig CAS server before 3.4.12.1 and 3.5.x before 3.5.2.1, when Google Accounts Integration is enabled, allows remote unauthenticated users to bypass authentication via c... Read more

    Affected Products : cas_server
    • EPSS Score: %0.37
    • Published: Jul. 20, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-2294

    Open Web Analytics (OWA) before 1.5.7 allows remote attackers to conduct PHP object injection attacks via a crafted serialized object in the owa_event parameter to queue.php.... Read more

    Affected Products : open_web_analytics
    • EPSS Score: %4.91
    • Published: Apr. 17, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-2293

    Zikula Application Framework before 1.3.7 build 11 allows remote attackers to conduct PHP object injection attacks and delete arbitrary files or execute arbitrary PHP code via crafted serialized data in the (1) authentication_method_ser or (2) authenticat... Read more

    Affected Products : zikula_application_framework
    • EPSS Score: %16.85
    • Published: Mar. 26, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-2274

    Cross-site request forgery (CSRF) vulnerability in the Subscribe To Comments Reloaded plugin before 140219 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks vi... Read more

    Affected Products : subscribe_to_comments_reloaded
    • EPSS Score: %0.17
    • Published: Mar. 19, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2014-2271

    cn.wps.moffice.common.beans.print.CloudPrintWebView in Kingsoft Office 5.3.1, as used in Huawei P2 devices before V100R001C00B043, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct down... Read more

    Affected Products : wps_office p2-6011_firmware p2-6011
    • EPSS Score: %1.80
    • Published: Jan. 14, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-2228

    The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote attackers to execute arbitrary code via unsafe deserialization of XML messages.... Read more

    Affected Products : restlet
    • EPSS Score: %3.14
    • Published: Feb. 19, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-2225

    Multiple cross-site request forgery (CSRF) vulnerabilities in Ubiquiti Networks UniFi Controller before 3.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create a new admin user via a request to api/add/admi... Read more

    • EPSS Score: %0.18
    • Published: Feb. 08, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-2214

    Multiple cross-site scripting (XSS) vulnerabilities in POSH (aka Posh portal or Portaneo) 3.0 through 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) error parameter to /includes/plugins/mobile/scripts/login.php or (2) id p... Read more

    Affected Products : posh
    • EPSS Score: %0.43
    • Published: Nov. 22, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-2213

    Open redirect vulnerability in the password reset functionality in POSH 3.0 through 3.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to portal/scr_sendmd5.php.... Read more

    Affected Products : posh
    • EPSS Score: %0.64
    • Published: Nov. 22, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 291820 Results