Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2014-8739

    Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) before 1.0.0 for WordPress and before 2.0.1 for ... Read more

    • EPSS Score: %78.94
    • Published: Feb. 08, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-8674

    Multiple Cross-Site Scripting (XSS) vulnerabilities exist in Simple Online Planning (SOPlanning) before 1.33 via the document.cookie in nb_mois and mb_ligness and the debug GET parameter to export.php, which allows malicious users to execute arbitrary cod... Read more

    Affected Products : soplanning
    • EPSS Score: %0.66
    • Published: Jan. 06, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-8673

    Multiple SQL vulnerabilities exist in planning.php, user_list.php, projets.php, user_groupes.php, and groupe_list.php in Simple Online Planning (SOPPlanning)before 1.33.... Read more

    Affected Products : soplanning
    • EPSS Score: %49.86
    • Published: Jan. 07, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-8650

    python-requests-Kerberos through 0.5 does not handle mutual authentication... Read more

    Affected Products : debian_linux requests-kerberos
    • EPSS Score: %0.48
    • Published: Dec. 15, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-8597

    A reflected cross-site scripting (XSS) vulnerability in PHP-Fusion 7.02.07 allows remote attackers to inject arbitrary web script or HTML via the status parameter in the CMS admin panel.... Read more

    Affected Products : phpfusion
    • EPSS Score: %0.22
    • Published: Feb. 17, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-8579

    TRENDnet TEW-823DRU devices with firmware before 1.00b36 have a hardcoded password of kcodeskcodes for the root account, which makes it easier for remote attackers to obtain access via an FTP session.... Read more

    Affected Products : tew-823dru_firmware tew-823dru
    • EPSS Score: %1.23
    • Published: Jan. 05, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-8563

    Synacor Zimbra Collaboration before 8.0.9 allows plaintext command injection during STARTTLS.... Read more

    Affected Products : zimbra_collaboration_server
    • EPSS Score: %5.17
    • Published: Jan. 27, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2014-8561

    imagemagick 6.8.9.6 has remote DOS via infinite loop... Read more

    Affected Products : debian_linux imagemagick
    • EPSS Score: %1.04
    • Published: Dec. 15, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2014-8540

    The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks.... Read more

    Affected Products : gitlab
    • EPSS Score: %0.32
    • Published: Jan. 05, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-8516

    Unrestricted file upload vulnerability in Visual Mining NetCharts Server allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors.... Read more

    Affected Products : netcharts_server
    • EPSS Score: %82.70
    • Published: Jan. 03, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-8490

    Cross-site scripting (XSS) vulnerability in TennisConnect COMPONENTS 9.927 allows remote attackers to inject arbitrary web script or HTML via the pid parameter to index.cfm.... Read more

    Affected Products : components
    • EPSS Score: %0.28
    • Published: Jan. 28, 2020
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2014-8422

    The web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 generates session cookies with insufficient entropy, which makes it easier for remote attackers to hijack sessions via a... Read more

    • EPSS Score: %0.67
    • Published: Apr. 12, 2018
    • Modified: Nov. 21, 2024

  • 8.5

    HIGH
    CVE-2014-8421

    Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allow remote attackers to gain super-user privileges by leveraging SSH access and incorrect ownership of (1) ConfigureCoreFile.sh, (2) Traceroute.sh, (3) apps.sh, (... Read more

    • EPSS Score: %0.90
    • Published: Apr. 12, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-8356

    The web administrative portal in Zhone zNID 2426A before S3.0.501 allows remote authenticated users to bypass intended access restrictions via a modified server response, related to an insecure direct object reference.... Read more

    Affected Products : znid_2426a_firmware znid_2426a
    • EPSS Score: %1.54
    • Published: Nov. 21, 2019
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-8347

    An Authentication Bypass vulnerability exists in the MatchPasswordData function in DBEngine.dll in Filemaker Pro 13.03 and Filemaker Pro Advanced 12.04, which could let a malicious user obtain elevated privileges.... Read more

    • EPSS Score: %0.55
    • Published: Feb. 11, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-8338

    Cross-site scripting (XSS) vulnerability in vwrooms/js/jsor-jcarousel/examples/special_textscroller.php in the VideoWhisper Webcam plugins for Drupal 7.x allows remote attackers to inject arbitrary web script or HTML via a URL to a crafted SVG file in the... Read more

    Affected Products : webcam
    • EPSS Score: %0.37
    • Published: Jan. 31, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-8337

    Unrestricted file upload vulnerability in includes/classes/uploadify-v2.1.4/uploadify.php in HelpDEZk 1.0.1 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct requ... Read more

    Affected Products : helpdezk
    • EPSS Score: %4.14
    • Published: Jan. 03, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2014-8336

    The "Sql Run Query" panel in WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote attackers to read arbitrary files by leveraging failure to sufficiently limit queries, as demonstrated by use of LOAD_FILE in an INSERT statem... Read more

    Affected Products : wp-dbmanager
    • EPSS Score: %1.23
    • Published: Jan. 05, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-8335

    (1) wp-dbmanager.php and (2) database-manage.php in the WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.... Read more

    Affected Products : wp-dbmanager
    • EPSS Score: %0.11
    • Published: Jan. 05, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2014-8328

    The default configuration in the Dynamic Content Elements (dce) extension before 0.11.5 for TYPO3 allows remote attackers to obtain sensitive installation environment information by reading the update check request.... Read more

    Affected Products : dynamic_content_elements
    • EPSS Score: %0.32
    • Published: Feb. 03, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 292124 Results