Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.8

    LOW
    CVE-2014-1420

    On desktop, Ubuntu UI Toolkit's StateSaver would serialise data on tmp/ files which an attacker could use to expose potentially sensitive data. StateSaver would also open files without the O_EXCL flag. An attacker could exploit this to launch a symlink at... Read more

    Affected Products : ubuntu-ui-toolkit
    • EPSS Score: %0.04
    • Published: Sep. 11, 2020
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2014-1409

    MobileIron VSP versions prior to 5.9.1 and Sentry versions prior to 5.0 have an authentication bypass vulnerability due to an XML file with obfuscated passwords... Read more

    Affected Products : sentry virtual_smartphone_platform
    • EPSS Score: %0.17
    • Published: Jan. 08, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2014-1400

    The entity_access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions and read unpublished comments via unspecified vectors.... Read more

    Affected Products : fedora entity_api
    • EPSS Score: %0.38
    • Published: Apr. 10, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2014-1399

    The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on referenced entities via unspecified vectors.... Read more

    Affected Products : fedora entity_api
    • EPSS Score: %0.31
    • Published: Apr. 10, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2014-1398

    The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on comment, user and node statistics properties via unspecified vectors.... Read more

    Affected Products : fedora entity_api
    • EPSS Score: %0.38
    • Published: Apr. 10, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-1238

    Cross-site scripting (XSS) vulnerability in ui/common/managedlistdialog.aspx in Gael Q-Pulse 0.6 and earlier.... Read more

    Affected Products : q-pulse
    • EPSS Score: %0.33
    • Published: Nov. 22, 2019
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-1226

    The pipe_init_terminal function in main.c in s3dvt allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. NOTE: This vulnerability exists because of an incomplete fix for CVE-2013-6876.... Read more

    Affected Products : s3dvt
    • EPSS Score: %0.05
    • Published: Apr. 06, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-1215

    Multiple buffer overflows in Core FTP Server before 1.2 build 508 allow local users to gain privileges via vectors related to reading data from config.dat and Windows Registry.... Read more

    Affected Products : core_ftp
    • EPSS Score: %0.05
    • Published: Mar. 20, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-1214

    views/upload.php in the ProJoom Smart Flash Header (NovaSFH) component 3.0.2 and earlier for Joomla! allows remote attackers to upload and execute arbitrary files via a crafted (1) dest parameter and (2) arbitrary extension in the Filename parameter.... Read more

    Affected Products : smart_flash_header
    • EPSS Score: %4.10
    • Published: Nov. 13, 2019
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2014-125111

    A vulnerability was found in namithjawahar Wp-Insert up to 2.0.8 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version... Read more

    Affected Products : wp-insert
    • Published: Apr. 08, 2024
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2014-125110

    A vulnerability has been found in wp-file-upload Plugin up to 2.4.3 on WordPress and classified as problematic. Affected by this vulnerability is the function wfu_ajax_action_callback of the file lib/wfu_ajaxactions.php. The manipulation leads to cross si... Read more

    Affected Products : wordpress_file_upload
    • Published: Apr. 01, 2024
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-125109

    A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.27. It has been declared as problematic. This vulnerability affects the function bws_add_menu_render of the file bws_menu/bws_menu.php. The manipulation of the argument bwsmn_form_email lea... Read more

    Affected Products : portfolio
    • EPSS Score: %0.07
    • Published: Dec. 26, 2023
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-125108

    A vulnerability was found in w3c online-spellchecker-py up to 20140130. It has been rated as problematic. This issue affects some unknown processing of the file spellchecker. The manipulation leads to cross site scripting. The attack may be initiated remo... Read more

    Affected Products : spell_checker
    • EPSS Score: %0.08
    • Published: Dec. 23, 2023
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2014-125107

    A vulnerability was found in Corveda PHPSandbox 1.3.4 and classified as critical. Affected by this issue is some unknown functionality of the component String Handler. The manipulation leads to protection mechanism failure. The attack may be launched remo... Read more

    Affected Products : phpsandbox
    • EPSS Score: %0.08
    • Published: Dec. 19, 2023
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-125105

    A vulnerability was found in Broken Link Checker Plugin up to 1.10.1 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function options_page of the file core/core.php of the component Settings Page. The manipulation ... Read more

    • EPSS Score: %0.06
    • Published: Jun. 05, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-125104

    A vulnerability was found in VaultPress Plugin up to 1.6.0 on WordPress. It has been declared as critical. Affected by this vulnerability is the function protect_aioseo_ajax of the file class.vaultpress-hotfixes.php of the component MailPoet Plugin. The m... Read more

    Affected Products : vaultpress
    • EPSS Score: %0.06
    • Published: Jun. 01, 2023
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-125103

    A vulnerability was found in BestWebSoft Twitter Plugin up to 1.3.2 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function twttr_settings_page of the file twitter.php. The manipulation of the argument twttr_url_t... Read more

    Affected Products : twitter
    • EPSS Score: %0.07
    • Published: May. 31, 2023
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-125102

    A vulnerability classified as problematic was found in Bestwebsoft Relevant Plugin up to 1.0.7 on WordPress. Affected by this vulnerability is an unknown functionality of the component Thumbnail Handler. The manipulation leads to information disclosure. T... Read more

    Affected Products : relevant
    • EPSS Score: %0.08
    • Published: May. 29, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-125101

    A vulnerability classified as critical has been found in Portfolio Gallery Plugin up to 1.1.8 on WordPress. This affects an unknown part. The manipulation leads to sql injection. It is possible to initiate the attack remotely. Upgrading to version 1.1.9 i... Read more

    Affected Products : portfolio_gallery
    • EPSS Score: %0.10
    • Published: May. 28, 2023
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-125100

    A vulnerability classified as problematic was found in BestWebSoft Job Board Plugin 1.0.0 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.0... Read more

    Affected Products : job_board
    • EPSS Score: %0.08
    • Published: May. 02, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 291814 Results