Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2014-4550

    Cross-site scripting (XSS) vulnerability in preview-shortcode-external.php in the Shortcode Ninja plugin 1.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the shortcode parameter.... Read more

    Affected Products : ninja
    • EPSS Score: %2.71
    • Published: Dec. 27, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-4548

    Cross-site scripting (XSS) vulnerability in tinymce/popup.php in the Ruven Toolkit plugin 1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the popup parameter.... Read more

    Affected Products : ruven-toolkit
    • EPSS Score: %0.24
    • Published: Dec. 27, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-4544

    Cross-site scripting (XSS) vulnerability in the Podcast Channels plugin 0.20 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the Filename parameter to getid3/demos/demo.write.php.... Read more

    Affected Products : podcast_channels
    • EPSS Score: %2.58
    • Published: Dec. 27, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-4539

    Cross-site scripting (XSS) vulnerability in the Movies plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php.... Read more

    Affected Products : movies
    • EPSS Score: %1.61
    • Published: Dec. 27, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-4536

    Multiple cross-site scripting (XSS) vulnerabilities in tests/notAuto_test_ContactService_pauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) go, (2... Read more

    Affected Products : infusionsoft_gravity_forms
    • EPSS Score: %2.65
    • Published: Dec. 27, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-4535

    Cross-site scripting (XSS) vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php.... Read more

    Affected Products : import_legacy_media
    • EPSS Score: %3.80
    • Published: Dec. 27, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-4530

    flog plugin 0.1 for WordPress has XSS... Read more

    Affected Products : flog
    • EPSS Score: %0.19
    • Published: Jan. 10, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-4525

    Cross-site scripting (XSS) vulnerability in magpie/scripts/magpie_slashbox.php in the Ebay Feeds for WordPress plugin 1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the rss_url parameter.... Read more

    Affected Products : wp_ebay_product_feeds
    • EPSS Score: %0.22
    • Published: Dec. 27, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-4523

    Cross-site scripting (XSS) vulnerability in the Easy Career Openings plugin 0.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.... Read more

    Affected Products : easy_career_openings
    • EPSS Score: %0.24
    • Published: Dec. 27, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-4519

    Cross-site scripting (XSS) vulnerability in the Conversador plugin 2.61 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the 'page' parameter.... Read more

    Affected Products : conversador
    • EPSS Score: %0.24
    • Published: Dec. 27, 2019
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2014-4198

    A Two-Factor Authentication Bypass Vulnerability exists in BS-Client Private Client 2.4 and 2.5 via an XML request that neglects the use of ADPswID and AD parameters, which could let a malicious user access privileged function.... Read more

    Affected Products : rbs_bs-client._retail_client
    • EPSS Score: %0.28
    • Published: Feb. 13, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-4196

    Cross-site scripting (XSS) vulnerability in bsi.dll in Bank Soft Systems (BSS) RBS BS-Client 3.17.9 allows remote attackers to inject arbitrary web script or HTML via the colorstyle parameter.... Read more

    Affected Products : rbs_bs-client
    • EPSS Score: %0.22
    • Published: Jan. 03, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-4172

    A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary w... Read more

    • EPSS Score: %6.74
    • Published: Jan. 24, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-4170

    A Privilege Escalation Vulnerability exists in Free Reprintables ArticleFR 11.06.2014 due to insufficient access restrictions in the data.php script, which could let a remote malicious user obtain access or modify or delete database information.... Read more

    Affected Products : articlefr
    • EPSS Score: %47.77
    • Published: Feb. 13, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2014-4156

    Proxmox VE prior to 3.2: 'AccessControl.pm' User Enumeration Vulnerability... Read more

    Affected Products : virtual_environment
    • EPSS Score: %0.21
    • Published: Jan. 27, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2014-4150

    The scheme48-send-definition function in cmuscheme48.el in Scheme 48 allows local users to write to arbitrary files via a symlink attack on /tmp/s48lose.tmp.... Read more

    Affected Products : scheme48
    • EPSS Score: %0.06
    • Published: Jul. 20, 2018
    • Modified: Nov. 21, 2024

  • 7.6

    HIGH
    CVE-2014-4145

    Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2810... Read more

    Affected Products : internet_explorer
    • EPSS Score: %9.55
    • Published: Feb. 08, 2018
    • Modified: Nov. 21, 2024

  • 7.6

    HIGH
    CVE-2014-4112

    Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0304... Read more

    Affected Products : internet_explorer
    • EPSS Score: %9.55
    • Published: Feb. 08, 2018
    • Modified: Nov. 21, 2024

  • 7.6

    HIGH
    CVE-2014-4066

    Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2787... Read more

    Affected Products : internet_explorer
    • EPSS Score: %12.43
    • Published: Feb. 08, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2014-4024

    SSL virtual servers in F5 BIG-IP systems 10.x before 10.2.4 HF9, 11.x before 11.2.1 HF12, 11.3.0 before HF10, 11.4.0 before HF8, 11.4.1 before HF5, 11.5.0 before HF5, and 11.5.1 before HF5, when used with third-party Secure Sockets Layer (SSL) accelerator... Read more

    • EPSS Score: %0.63
    • Published: Mar. 19, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292095 Results