Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2014-10379

    The duplicate-post plugin before 2.6 for WordPress has SQL injection.... Read more

    Affected Products : duplicate_post
    • EPSS Score: %0.51
    • Published: Aug. 21, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-10378

    The duplicate-post plugin before 2.6 for WordPress has XSS.... Read more

    Affected Products : duplicate_post
    • EPSS Score: %0.19
    • Published: Aug. 21, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-10377

    The cforms2 plugin before 13.2 for WordPress has XSS in lib_ajax.php.... Read more

    Affected Products : cformsii
    • EPSS Score: %0.19
    • Published: Aug. 21, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-10376

    The i-recommend-this plugin before 3.7.3 for WordPress has SQL injection.... Read more

    Affected Products : i_recommend_this
    • EPSS Score: %0.48
    • Published: Aug. 16, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-10375

    handle_messages in eXtl_tls.c in eXosip before 5.0.0 mishandles a negative value in a content-length header.... Read more

    Affected Products : exosip
    • EPSS Score: %0.35
    • Published: Aug. 14, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2014-10374

    On Fitbit activity-tracker devices, certain addresses never change. According to the popets-2019-0036.pdf document, this leads to "permanent trackability" and "considerable privacy concerns" without a user-accessible anonymization feature. The devices, su... Read more

    Affected Products : charge_2_firmware charge_2
    • EPSS Score: %0.18
    • Published: Jul. 15, 2019
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2014-10079

    In Vembu StoreGrid 4.4.x, the front page of the server web interface leaks the private IP address in the "ipaddress" hidden form value of the HTML source code, which is disclosed because of incorrect processing of an index.php/ trailing slash.... Read more

    Affected Products : storegrid
    • EPSS Score: %13.82
    • Published: Feb. 23, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-10078

    Vembu StoreGrid 4.4.x has XSS in interface/registercustomer/onlineregsuccess.php, interface/registerreseller/onlineregfailure.php, interface/registerclient/onlineregfailure.php, and interface/registercustomer/onlineregfailure.php.... Read more

    Affected Products : storegrid
    • EPSS Score: %2.27
    • Published: Feb. 23, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-10077

    Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 for Ruby allows remote attackers to cause a denial of service (application crash) via a call in a situation where :some_key is present in keep_keys but not present in the hash.... Read more

    Affected Products : debian_linux i18n
    • EPSS Score: %1.36
    • Published: Nov. 06, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-10076

    The wp-db-backup plugin 2.2.4 for WordPress relies on a five-character string for access control, which makes it easier for remote attackers to read backup archives via a brute-force attack.... Read more

    Affected Products : wp-db-backup
    • EPSS Score: %0.57
    • Published: Oct. 05, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-10075

    The karo gem 2.3.8 for Ruby allows Remote command injection via the host field.... Read more

    Affected Products : karo
    • EPSS Score: %3.34
    • Published: Oct. 05, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-10074

    Umbraco before 7.2.0 has a remote PHP code execution vulnerability because Umbraco.Web.UI/config/umbracoSettings.Release.config does not block the upload of .php files.... Read more

    Affected Products : umbraco_cms
    • EPSS Score: %1.40
    • Published: Aug. 27, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-10073

    The create_response function in server/server.c in Psensor before 1.1.4 allows Directory Traversal because it lacks a check for whether a file is under the webserver directory.... Read more

    Affected Products : debian_linux psensor
    • EPSS Score: %0.35
    • Published: Apr. 20, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-10072

    In utils.c in zsh before 5.0.6, there is a buffer overflow when scanning very long directory paths for symbolic links.... Read more

    Affected Products : zsh zsh
    • EPSS Score: %0.26
    • Published: Feb. 27, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-10071

    In exec.c in zsh before 5.0.7, there is a buffer overflow for very long fds in the ">& fd" syntax.... Read more

    Affected Products : ubuntu_linux zsh
    • EPSS Score: %0.28
    • Published: Feb. 27, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-10070

    zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment (instead of treating them as literal numbers). That could allow local privilege escalation, under some specific and atypical conditions where zsh i... Read more

    Affected Products : zsh zsh
    • EPSS Score: %0.03
    • Published: Feb. 27, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-10069

    Hitron CVE-30360 devices use a 578A958E3DD933FC DES key that is shared across different customers' installations, which makes it easier for attackers to obtain sensitive information by decrypting a backup configuration file, as demonstrated by a password ... Read more

    Affected Products : cve-30360_firmware cve-30360
    • EPSS Score: %7.42
    • Published: Jan. 07, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-10068

    The inert directory handler in inert node module before 1.1.1 always allows files in hidden directories to be served, even when `showHidden` is false.... Read more

    Affected Products : inert
    • EPSS Score: %0.50
    • Published: May. 29, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2014-10067

    paypal-ipn before 3.0.0 uses the `test_ipn` parameter (which is set by the PayPal IPN simulator) to determine if it should use the production PayPal site or the sandbox. With a bit of time, an attacker could craft a request using the simulator that would ... Read more

    Affected Products : paypal-ipn
    • EPSS Score: %0.23
    • Published: May. 29, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-10066

    Versions less than 0.1.4 of the static file server module fancy-server are vulnerable to directory traversal. An attacker can provide input such as `../` to read files outside of the served directory.... Read more

    Affected Products : fancy-server
    • EPSS Score: %1.03
    • Published: May. 31, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291756 Results