Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2014-10079

    In Vembu StoreGrid 4.4.x, the front page of the server web interface leaks the private IP address in the "ipaddress" hidden form value of the HTML source code, which is disclosed because of incorrect processing of an index.php/ trailing slash.... Read more

    Affected Products : storegrid
    • EPSS Score: %13.82
    • Published: Feb. 23, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-10078

    Vembu StoreGrid 4.4.x has XSS in interface/registercustomer/onlineregsuccess.php, interface/registerreseller/onlineregfailure.php, interface/registerclient/onlineregfailure.php, and interface/registercustomer/onlineregfailure.php.... Read more

    Affected Products : storegrid
    • EPSS Score: %2.27
    • Published: Feb. 23, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-10077

    Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 for Ruby allows remote attackers to cause a denial of service (application crash) via a call in a situation where :some_key is present in keep_keys but not present in the hash.... Read more

    Affected Products : debian_linux i18n
    • EPSS Score: %1.36
    • Published: Nov. 06, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-10076

    The wp-db-backup plugin 2.2.4 for WordPress relies on a five-character string for access control, which makes it easier for remote attackers to read backup archives via a brute-force attack.... Read more

    Affected Products : wp-db-backup
    • EPSS Score: %0.57
    • Published: Oct. 05, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-10075

    The karo gem 2.3.8 for Ruby allows Remote command injection via the host field.... Read more

    Affected Products : karo
    • EPSS Score: %3.34
    • Published: Oct. 05, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-10074

    Umbraco before 7.2.0 has a remote PHP code execution vulnerability because Umbraco.Web.UI/config/umbracoSettings.Release.config does not block the upload of .php files.... Read more

    Affected Products : umbraco_cms
    • EPSS Score: %1.40
    • Published: Aug. 27, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-10073

    The create_response function in server/server.c in Psensor before 1.1.4 allows Directory Traversal because it lacks a check for whether a file is under the webserver directory.... Read more

    Affected Products : debian_linux psensor
    • EPSS Score: %0.35
    • Published: Apr. 20, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-10072

    In utils.c in zsh before 5.0.6, there is a buffer overflow when scanning very long directory paths for symbolic links.... Read more

    Affected Products : zsh zsh
    • EPSS Score: %0.26
    • Published: Feb. 27, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-10071

    In exec.c in zsh before 5.0.7, there is a buffer overflow for very long fds in the ">& fd" syntax.... Read more

    Affected Products : ubuntu_linux zsh
    • EPSS Score: %0.28
    • Published: Feb. 27, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-10070

    zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment (instead of treating them as literal numbers). That could allow local privilege escalation, under some specific and atypical conditions where zsh i... Read more

    Affected Products : zsh zsh
    • EPSS Score: %0.03
    • Published: Feb. 27, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-10069

    Hitron CVE-30360 devices use a 578A958E3DD933FC DES key that is shared across different customers' installations, which makes it easier for attackers to obtain sensitive information by decrypting a backup configuration file, as demonstrated by a password ... Read more

    Affected Products : cve-30360_firmware cve-30360
    • EPSS Score: %7.42
    • Published: Jan. 07, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-10068

    The inert directory handler in inert node module before 1.1.1 always allows files in hidden directories to be served, even when `showHidden` is false.... Read more

    Affected Products : inert
    • EPSS Score: %0.50
    • Published: May. 29, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2014-10067

    paypal-ipn before 3.0.0 uses the `test_ipn` parameter (which is set by the PayPal IPN simulator) to determine if it should use the production PayPal site or the sandbox. With a bit of time, an attacker could craft a request using the simulator that would ... Read more

    Affected Products : paypal-ipn
    • EPSS Score: %0.23
    • Published: May. 29, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-10066

    Versions less than 0.1.4 of the static file server module fancy-server are vulnerable to directory traversal. An attacker can provide input such as `../` to read files outside of the served directory.... Read more

    Affected Products : fancy-server
    • EPSS Score: %1.03
    • Published: May. 31, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-10065

    Certain input when passed into remarkable before 1.4.1 will bypass the bad protocol check that disallows the javascript: scheme allowing for javascript: url's to be injected into the rendered content.... Read more

    Affected Products : remarkable
    • EPSS Score: %0.24
    • Published: May. 31, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-10064

    The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporar... Read more

    Affected Products : qs
    • EPSS Score: %0.56
    • Published: May. 31, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-10063

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625 and SD 800, a fuse is not correctly blown on a secure device.... Read more

    • EPSS Score: %0.20
    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-10062

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617,... Read more

    • EPSS Score: %0.23
    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-10059

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, SD 210/SD 212/SD 205, SD 400, and SD 800, improper access control on ATCMD service allows third party services to access without user knowledge.... Read more

    • EPSS Score: %0.18
    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-10058

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, SD 400, SD 425, SD 427, SD 430, SD 435, SD 450, SD 617, SD 625, SD 650/52, SD 800, SD 845, and Snapdragon_High_Med_2016, unauthorized users ca... Read more

    • EPSS Score: %0.20
    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291750 Results