Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2014-125002

    A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is the function dnxhd_init_rc of the file libavcodec/dnxhdenc.c. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is reco... Read more

    Affected Products : ffmpeg
    • EPSS Score: %0.16
    • Published: Jun. 18, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-125001

    A vulnerability classified as critical has been found in Cardo Systems Scala Rider Q3. Affected is the file /cardo/api of the Cardo-Updater. Unauthenticated remote code execution with root permissions is possible. Firewalling or disabling the service is r... Read more

    • EPSS Score: %6.66
    • Published: May. 24, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-10402

    An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fi... Read more

    Affected Products : dbi
    • EPSS Score: %0.05
    • Published: Sep. 16, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-10401

    An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute.... Read more

    Affected Products : dbi
    • EPSS Score: %0.03
    • Published: Sep. 11, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-10400

    The session.lua library in CGILua 5.0.x uses sequential session IDs, which makes it easier for remote attackers to predict the session ID and hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875.... Read more

    Affected Products : cgilua
    • EPSS Score: %0.46
    • Published: Feb. 06, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-10399

    The session.lua library in CGILua 5.1.x uses the same ID for each session, which allows remote attackers to hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875.... Read more

    Affected Products : cgilua
    • EPSS Score: %0.46
    • Published: Feb. 06, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-10398

    Multiple cross-site scripting (XSS) vulnerabilities in bsi.dll in Bank Soft Systems (BSS) RBS BS-Client. Private Client (aka RBS BS-Client. Retail Client) 2.5, 2.4, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) DICT... Read more

    Affected Products : rbs_bs-client._retail_client
    • EPSS Score: %0.31
    • Published: Jan. 03, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-10397

    The Antioch theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to lib/scripts/download.php.... Read more

    Affected Products : antioch
    • EPSS Score: %1.15
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-10396

    The epic theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to includes/download.php.... Read more

    Affected Products : epic
    • EPSS Score: %1.15
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-10395

    The cp-polls plugin before 1.0.1 for WordPress has XSS in the votes list.... Read more

    Affected Products : polls_cp
    • EPSS Score: %0.19
    • Published: Aug. 27, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-10394

    The rich-counter plugin before 1.2.0 for WordPress has JavaScript injection via a User-Agent header.... Read more

    Affected Products : rich_counter
    • EPSS Score: %0.19
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-10393

    The cforms2 plugin before 10.5 for WordPress has XSS.... Read more

    Affected Products : cformsii
    • EPSS Score: %0.19
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-10392

    The cforms2 plugin before 10.2 for WordPress has XSS.... Read more

    Affected Products : cformsii
    • EPSS Score: %0.28
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-10391

    The wp-support-plus-responsive-ticket-system plugin before 4.1 for WordPress has JavaScript injection.... Read more

    • EPSS Score: %0.19
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2014-10390

    The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has directory traversal.... Read more

    • EPSS Score: %0.52
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-10389

    The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has incorrect authentication.... Read more

    • EPSS Score: %0.79
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2014-10388

    The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has full path disclosure.... Read more

    • EPSS Score: %0.25
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-10387

    The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has SQL injection.... Read more

    • EPSS Score: %0.51
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-10386

    The wp-live-chat-support plugin before 4.1.0 for WordPress has JavaScript injections.... Read more

    Affected Products : live_chat
    • EPSS Score: %0.19
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-10385

    The memphis-documents-library plugin before 3.0 for WordPress has XSS via $_REQUEST.... Read more

    Affected Products : memphis_documents_library
    • EPSS Score: %0.19
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 291781 Results