Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2014-7221

    TeamSpeak Client 3.0.14 and earlier allows remote authenticated users to cause a denial of service (buffer overflow and application crash) by connecting to a channel with a different client instance, and placing crafted data in the Chat/Server tab contain... Read more

    Affected Products : teamspeak3
    • EPSS Score: %10.23
    • Published: Jan. 08, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-7198

    OMERO before 5.0.6 has multiple CSRF vulnerabilities because the framework for OMERO's web interface lacks CSRF protection.... Read more

    Affected Products : omero
    • EPSS Score: %0.18
    • Published: Apr. 01, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-7175

    FarLinX X25 Gateway through 2014-09-25 allows attackers to write arbitrary data to fsUI.xyz via fsSaveUIPersistence.php.... Read more

    • EPSS Score: %0.43
    • Published: Jun. 01, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2014-7174

    FarLinX X25 Gateway through 2014-09-25 allows directory traversal via the log-handling feature.... Read more

    • EPSS Score: %0.15
    • Published: Jun. 01, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-7173

    FarLinX X25 Gateway through 2014-09-25 allows command injection via shell metacharacters to sysSaveMonitorData.php, fsx25MonProxy.php, syseditdate.php, iframeupload.php, or sysRestoreX25Cplt.php.... Read more

    • EPSS Score: %13.08
    • Published: Jun. 01, 2020
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2014-6633

    The safe_eval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary commands via shell metacharacters in (1) the collection.... Read more

    Affected Products : trytond tryton
    • EPSS Score: %1.09
    • Published: Apr. 12, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-6617

    Softing FG-100 PB PROFIBUS firmware version FG-x00-PB_V2.02.0.00 contains a hardcoded password for the root account, which allows remote attackers to obtain administrative access via a TELNET session.... Read more

    • EPSS Score: %17.02
    • Published: Mar. 09, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-6604

    Cross-site scripting (XSS) vulnerability in class-s2-list-table.php in the Subscribe2 plugin before 10.16 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ip parameter.... Read more

    Affected Products : subscribe2
    • EPSS Score: %0.18
    • Published: Mar. 29, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-6448

    Juniper Junos OS 13.2 before 13.2R5, 13.2X51, 13.2X52, and 13.3 before 13.3R3 allow local users to bypass intended restrictions and execute arbitrary Python code via vectors involving shell access.... Read more

    Affected Products : junos junos
    • EPSS Score: %0.04
    • Published: Jan. 15, 2020
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2014-6447

    Multiple vulnerabilities exist in Juniper Junos J-Web error handling that may lead to cross site scripting (XSS) issues or crash the J-Web service (DoS). This affects Juniper Junos OS 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before ... Read more

    Affected Products : junos junos
    • EPSS Score: %0.48
    • Published: Feb. 11, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-6437

    Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices allow remote attackers to obtain sensitive device configuration information via vectors involving the ROM file.... Read more

    • EPSS Score: %18.77
    • Published: Jan. 12, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-6436

    Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices improperly manage sessions, which allows remote attackers to bypass authentication in opportunistic circumstances and execute arbitrary commands with administrator privileges by leveraging an exi... Read more

    • EPSS Score: %14.75
    • Published: Jan. 12, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-6435

    cgi-bin/AZ_Retrain.cgi in Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices does not check for authentication, which allows remote attackers to cause a denial of service (WAN connectivity reset) via a direct request.... Read more

    • EPSS Score: %13.10
    • Published: Jan. 12, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-6420

    Cross-site scripting (XSS) vulnerability in Livefyre LiveComments 3.0 allows remote attackers to inject arbitrary web script or HTML via the name of an uploaded picture.... Read more

    Affected Products : livecomments
    • EPSS Score: %0.88
    • Published: Dec. 27, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-6413

    A Cross-site Scripting (XSS) vulnerability exists in WatchGuard XTM 11.8.3 via the poll_name parameter in the firewall/policy script.... Read more

    Affected Products : fireware_xtm
    • EPSS Score: %0.42
    • Published: Feb. 07, 2020
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2014-6412

    WordPress before 4.4 makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach.... Read more

    Affected Products : wordpress
    • EPSS Score: %2.46
    • Published: Apr. 12, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-6311

    generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges.... Read more

    • EPSS Score: %0.51
    • Published: Nov. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-6310

    Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attackers to execute arbitrary code via the 'select' function.... Read more

    Affected Products : debian_linux chicken
    • EPSS Score: %16.93
    • Published: Nov. 22, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-6309

    The HTTP and WebSocket engine components in the server in Kaazing Gateway 4.0.2, 4.0.3, and 4.0.4 and Gateway - JMS Edition 4.0.2, 4.0.3, and 4.0.4 allow remote attackers to obtain sensitive information via vectors related to HTTP request handling.... Read more

    Affected Products : kaazing_websocket_gateway
    • EPSS Score: %0.25
    • Published: Apr. 12, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2014-6275

    FusionForge before 5.3.2 use scripts that run under the shared Apache user, which is also used by project homepages by default. If project webpages are hosted on the same server than FusionForge, it can allow users to incorrectly access on-disk private da... Read more

    Affected Products : debian_linux fusionforge
    • EPSS Score: %0.33
    • Published: Jan. 02, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 292275 Results