Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2014-1598

    centurystar 7.12 ActiveX Control has a Stack Buffer Overflow... Read more

    Affected Products : centurystar
    • EPSS Score: %0.38
    • Published: Jan. 08, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-1457

    Open Web Analytics (OWA) before 1.5.6 improperly generates random nonce values, which makes it easier for remote attackers to bypass a CSRF protection mechanism by leveraging knowledge of an OWA user name.... Read more

    Affected Products : open_web_analytics
    • EPSS Score: %0.03
    • Published: Mar. 20, 2018
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2014-1454

    Pearson eSIS (Enterprise Student Information System) message board has stored XSS due to improper validation of user input... Read more

    • EPSS Score: %0.18
    • Published: Jan. 08, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2014-1428

    A vulnerability in generate_filestorage_key of Ubuntu MAAS allows an attacker to brute-force filenames. This issue affects Ubuntu MAAS versions prior to 1.9.2.... Read more

    Affected Products : metal_as_a_service
    • EPSS Score: %0.24
    • Published: Apr. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2014-1427

    A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. This issue affects MAAS versions prior to 1.9.2.... Read more

    Affected Products : metal_as_a_service
    • EPSS Score: %0.38
    • Published: Apr. 22, 2019
    • Modified: Nov. 21, 2024

  • 8.6

    HIGH
    CVE-2014-1426

    A vulnerability in maasserver.api.get_file_by_name of Ubuntu MAAS allows unauthenticated network clients to download any file. This issue affects: Ubuntu MAAS versions prior to 1.9.2.... Read more

    Affected Products : metal_as_a_service
    • EPSS Score: %0.68
    • Published: Apr. 22, 2019
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2014-1423

    signond before 8.57+15.04.20141127.1-0ubuntu1, as used in Ubuntu Touch, did not properly restrict applications from querying oath tokens due to incorrect checks and the missing installation of the signon-apparmor-extension. An attacker could use this crea... Read more

    Affected Products : signond ubuntu_touch
    • EPSS Score: %0.21
    • Published: May. 07, 2020
    • Modified: Nov. 21, 2024

  • 5.0

    MEDIUM
    CVE-2014-1422

    In Ubuntu's trust-store, if a user revokes location access from an application, the location is still available to the application because the application will honour incorrect, cached permissions. This is because the cache was not ordered by creation tim... Read more

    • EPSS Score: %0.04
    • Published: Jul. 22, 2020
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2014-1420

    On desktop, Ubuntu UI Toolkit's StateSaver would serialise data on tmp/ files which an attacker could use to expose potentially sensitive data. StateSaver would also open files without the O_EXCL flag. An attacker could exploit this to launch a symlink at... Read more

    Affected Products : ubuntu-ui-toolkit
    • EPSS Score: %0.04
    • Published: Sep. 11, 2020
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2014-1409

    MobileIron VSP versions prior to 5.9.1 and Sentry versions prior to 5.0 have an authentication bypass vulnerability due to an XML file with obfuscated passwords... Read more

    Affected Products : sentry virtual_smartphone_platform
    • EPSS Score: %0.17
    • Published: Jan. 08, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2014-1400

    The entity_access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions and read unpublished comments via unspecified vectors.... Read more

    Affected Products : fedora entity_api
    • EPSS Score: %0.38
    • Published: Apr. 10, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2014-1399

    The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on referenced entities via unspecified vectors.... Read more

    Affected Products : fedora entity_api
    • EPSS Score: %0.31
    • Published: Apr. 10, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2014-1398

    The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on comment, user and node statistics properties via unspecified vectors.... Read more

    Affected Products : fedora entity_api
    • EPSS Score: %0.38
    • Published: Apr. 10, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-1238

    Cross-site scripting (XSS) vulnerability in ui/common/managedlistdialog.aspx in Gael Q-Pulse 0.6 and earlier.... Read more

    Affected Products : q-pulse
    • EPSS Score: %0.33
    • Published: Nov. 22, 2019
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-1226

    The pipe_init_terminal function in main.c in s3dvt allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. NOTE: This vulnerability exists because of an incomplete fix for CVE-2013-6876.... Read more

    Affected Products : s3dvt
    • EPSS Score: %0.05
    • Published: Apr. 06, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-1215

    Multiple buffer overflows in Core FTP Server before 1.2 build 508 allow local users to gain privileges via vectors related to reading data from config.dat and Windows Registry.... Read more

    Affected Products : core_ftp
    • EPSS Score: %0.05
    • Published: Mar. 20, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-1214

    views/upload.php in the ProJoom Smart Flash Header (NovaSFH) component 3.0.2 and earlier for Joomla! allows remote attackers to upload and execute arbitrary files via a crafted (1) dest parameter and (2) arbitrary extension in the Filename parameter.... Read more

    Affected Products : smart_flash_header
    • EPSS Score: %4.10
    • Published: Nov. 13, 2019
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2014-125111

    A vulnerability was found in namithjawahar Wp-Insert up to 2.0.8 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version... Read more

    Affected Products : wp-insert
    • Published: Apr. 08, 2024
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2014-125110

    A vulnerability has been found in wp-file-upload Plugin up to 2.4.3 on WordPress and classified as problematic. Affected by this vulnerability is the function wfu_ajax_action_callback of the file lib/wfu_ajaxactions.php. The manipulation leads to cross si... Read more

    Affected Products : wordpress_file_upload
    • Published: Apr. 01, 2024
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-125109

    A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.27. It has been declared as problematic. This vulnerability affects the function bws_add_menu_render of the file bws_menu/bws_menu.php. The manipulation of the argument bwsmn_form_email lea... Read more

    Affected Products : portfolio
    • EPSS Score: %0.07
    • Published: Dec. 26, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 291782 Results