Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2014-1922

    Absolute path traversal vulnerability in tools/pdfViewer.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote attackers to read arbitrary files via unspecified vectors.... Read more

    Affected Products : koha
    • EPSS Score: %0.92
    • Published: Jan. 24, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2014-1889

    The Group creation process in the Buddypress plugin before 1.9.2 for WordPress allows remote authenticated users to gain control of arbitrary groups by leveraging a missing permissions check.... Read more

    Affected Products : buddypress
    • EPSS Score: %11.75
    • Published: Apr. 10, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-1867

    suPHP before 0.7.2 source-highlighting feature allows security bypass which could lead to arbitrary code execution... Read more

    Affected Products : suphp
    • EPSS Score: %0.06
    • Published: Dec. 13, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-1860

    Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities... Read more

    Affected Products : contao contao_cms
    • EPSS Score: %0.28
    • Published: Jan. 08, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2014-1859

    (1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file.... Read more

    Affected Products : enterprise_linux fedora numpy
    • EPSS Score: %0.07
    • Published: Jan. 08, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2014-1858

    __init__.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file.... Read more

    Affected Products : numpy
    • EPSS Score: %0.07
    • Published: Jan. 08, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-1846

    Enlightenment before 0.17.6 might allow local users to gain privileges via vectors involving the gdb method.... Read more

    Affected Products : enlightenment
    • EPSS Score: %0.07
    • Published: Apr. 27, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-1845

    An unspecified setuid root helper in Enlightenment before 0.17.6 allows local users to gain privileges by leveraging failure to properly sanitize the environment.... Read more

    Affected Products : enlightenment
    • EPSS Score: %0.06
    • Published: Apr. 27, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-1835

    The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to steal the login credentials by watching the process table.... Read more

    Affected Products : echor
    • EPSS Score: %0.05
    • Published: Feb. 02, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-1834

    The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to inject arbitrary code by adding a semi-colon in their username or password.... Read more

    Affected Products : echor
    • EPSS Score: %0.12
    • Published: Feb. 02, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2014-1686

    MediaWiki 1.18.0 allows remote attackers to obtain the installation path via vectors related to thumbnail creation.... Read more

    Affected Products : mediawiki
    • EPSS Score: %0.34
    • Published: Apr. 16, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-1665

    Cross-site scripting (XSS) vulnerability in ownCloud before 6.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file.... Read more

    Affected Products : owncloud
    • EPSS Score: %0.42
    • Published: Mar. 20, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-1634

    SQL Injection exists in Advanced Newsletter Magento extension before 2.3.5 via the /store/advancednewsletter/index/subscribeajax/an_category_id/ PATH_INFO.... Read more

    Affected Products : advanced_newsletter
    • EPSS Score: %0.10
    • Published: Mar. 09, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2014-1632

    htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname parameter.... Read more

    Affected Products : eventum
    • EPSS Score: %16.90
    • Published: Jan. 31, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-1631

    Eventum before 2.3.5 allows remote attackers to reinstall the application via direct request to /setup/index.php.... Read more

    Affected Products : eventum
    • EPSS Score: %27.60
    • Published: Jan. 31, 2018
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2014-1617

    Microsys PROMOTIC 8.2.13 contains an ActiveX Control Start Buffer Overflow vulnerability which can lead to denial of service.... Read more

    Affected Products : promotic
    • EPSS Score: %0.30
    • Published: Feb. 13, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-1598

    centurystar 7.12 ActiveX Control has a Stack Buffer Overflow... Read more

    Affected Products : centurystar
    • EPSS Score: %0.38
    • Published: Jan. 08, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-1457

    Open Web Analytics (OWA) before 1.5.6 improperly generates random nonce values, which makes it easier for remote attackers to bypass a CSRF protection mechanism by leveraging knowledge of an OWA user name.... Read more

    Affected Products : open_web_analytics
    • EPSS Score: %0.03
    • Published: Mar. 20, 2018
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2014-1454

    Pearson eSIS (Enterprise Student Information System) message board has stored XSS due to improper validation of user input... Read more

    • EPSS Score: %0.18
    • Published: Jan. 08, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2014-1428

    A vulnerability in generate_filestorage_key of Ubuntu MAAS allows an attacker to brute-force filenames. This issue affects Ubuntu MAAS versions prior to 1.9.2.... Read more

    Affected Products : metal_as_a_service
    • EPSS Score: %0.24
    • Published: Apr. 22, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 291878 Results