Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2014-4613

    Cross-site request forgery (CSRF) vulnerability in the administration panel in Piwigo before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that add users via a pwg.users.add action in a request to ws.php.... Read more

    Affected Products : piwigo
    • EPSS Score: %4.03
    • Published: Mar. 16, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-4612

    Cross-site scripting (XSS) vulnerability in the keywords manager (keywordmgr.php) in Coppermine Photo Gallery before 1.5.27 and 1.6.x before 1.6.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : coppermine_photo_gallery
    • EPSS Score: %0.56
    • Published: Mar. 16, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-4610

    Integer overflow in the get_len function in libavutil/lzo.c in FFmpeg before 0.10.14, 1.1.x before 1.1.12, 1.2.x before 1.2.7, 2.0.x before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.4 allows remote attackers to execute arbitrary code via a crafted L... Read more

    Affected Products : ffmpeg
    • EPSS Score: %1.45
    • Published: Jan. 14, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-4609

    Integer overflow in the get_len function in libavutil/lzo.c in Libav before 0.8.13, 9.x before 9.14, and 10.x before 10.2 allows remote attackers to execute arbitrary code via a crafted Literal Run.... Read more

    Affected Products : libav
    • EPSS Score: %1.34
    • Published: Jan. 14, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-4607

    Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 before 2.07 on 32-bit platforms might allow remote attackers to execute arbitrary code via a crafted Literal Run.... Read more

    Affected Products : liblzo2 lzo2
    • EPSS Score: %6.28
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-4592

    Cross-site scripting (XSS) vulnerability in rss.class/scripts/magpie_debug.php in the WP-Planet plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter.... Read more

    Affected Products : wp-planet
    • EPSS Score: %3.80
    • Published: Dec. 27, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-4567

    Cross-site scripting (XSS) vulnerability in comments/videowhisper2/r_logout.php in the Video Comments Webcam Recorder plugin 1.55, as downloaded before 20140116 for WordPress allows remote attackers to inject arbitrary web script or HTML via the message p... Read more

    Affected Products : video_comments_webcam_recorder
    • EPSS Score: %0.22
    • Published: Dec. 27, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-4561

    The ultimate-weather plugin 1.0 for WordPress has XSS... Read more

    Affected Products : ultimate-weather
    • EPSS Score: %12.80
    • Published: Jan. 10, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-4559

    Multiple cross-site scripting (XSS) vulnerabilities in test-plugin.php in the Swipe Checkout for WP e-Commerce plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) api_key, (2) payment_page_url, ... Read more

    • EPSS Score: %0.24
    • Published: Dec. 27, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-4558

    Cross-site scripting (XSS) vulnerability in test-plugin.php in the Swipe Checkout for WooCommerce plugin 2.7.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the api_url parameter.... Read more

    • EPSS Score: %10.64
    • Published: Dec. 27, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-4553

    Cross-site Scripting (XSS) in the spreadshirt-rss-3d-cube-flash-gallery plugin 2014 for WordPress allows remote attackers to execute arbitrary web script or HTML via unspecified parameters.... Read more

    • EPSS Score: %0.17
    • Published: Jan. 02, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-4550

    Cross-site scripting (XSS) vulnerability in preview-shortcode-external.php in the Shortcode Ninja plugin 1.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the shortcode parameter.... Read more

    Affected Products : ninja
    • EPSS Score: %2.71
    • Published: Dec. 27, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-4548

    Cross-site scripting (XSS) vulnerability in tinymce/popup.php in the Ruven Toolkit plugin 1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the popup parameter.... Read more

    Affected Products : ruven-toolkit
    • EPSS Score: %0.24
    • Published: Dec. 27, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-4544

    Cross-site scripting (XSS) vulnerability in the Podcast Channels plugin 0.20 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the Filename parameter to getid3/demos/demo.write.php.... Read more

    Affected Products : podcast_channels
    • EPSS Score: %2.58
    • Published: Dec. 27, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-4539

    Cross-site scripting (XSS) vulnerability in the Movies plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php.... Read more

    Affected Products : movies
    • EPSS Score: %1.61
    • Published: Dec. 27, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-4536

    Multiple cross-site scripting (XSS) vulnerabilities in tests/notAuto_test_ContactService_pauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) go, (2... Read more

    Affected Products : infusionsoft_gravity_forms
    • EPSS Score: %2.65
    • Published: Dec. 27, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-4535

    Cross-site scripting (XSS) vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php.... Read more

    Affected Products : import_legacy_media
    • EPSS Score: %3.80
    • Published: Dec. 27, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-4530

    flog plugin 0.1 for WordPress has XSS... Read more

    Affected Products : flog
    • EPSS Score: %0.19
    • Published: Jan. 10, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-4525

    Cross-site scripting (XSS) vulnerability in magpie/scripts/magpie_slashbox.php in the Ebay Feeds for WordPress plugin 1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the rss_url parameter.... Read more

    Affected Products : wp_ebay_product_feeds
    • EPSS Score: %0.22
    • Published: Dec. 27, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-4523

    Cross-site scripting (XSS) vulnerability in the Easy Career Openings plugin 0.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.... Read more

    Affected Products : easy_career_openings
    • EPSS Score: %0.24
    • Published: Dec. 27, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292275 Results