Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2014-9629

    Integer overflow in the Encode function in modules/codec/schroedinger.c in VideoLAN VLC media player before 2.1.6 and 2.2.x before 2.2.1 allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted length value.... Read more

    Affected Products : vlc_media_player
    • EPSS Score: %4.50
    • Published: Jan. 24, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-9628

    The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to trigger an unintended zero-size malloc and conduct buffer overflow attacks, and consequently execute arbitrary code, via a b... Read more

    Affected Products : vlc_media_player
    • EPSS Score: %1.63
    • Published: Jan. 24, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-9627

    The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to cause a denial of service or possibly ... Read more

    Affected Products : vlc_media_player
    • EPSS Score: %0.34
    • Published: Jan. 24, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-9626

    Integer underflow in the MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a box size less than 7.... Read more

    Affected Products : vlc_media_player
    • EPSS Score: %0.47
    • Published: Jan. 24, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-9625

    The GetUpdateFile function in misc/update.c in the Updater in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to conduct buffer overflow attacks and execu... Read more

    Affected Products : vlc_media_player
    • EPSS Score: %4.22
    • Published: Jan. 24, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-9617

    Open redirect vulnerability in remotereporter/load_logfiles.php in Netsweeper before 4.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.... Read more

    Affected Products : netsweeper
    • EPSS Score: %26.19
    • Published: Feb. 19, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-9615

    Cross-site scripting (XSS) vulnerability in Netsweeper 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter to webadmin/deny/index.php.... Read more

    Affected Products : netsweeper
    • EPSS Score: %9.36
    • Published: Feb. 19, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-9614

    The Web Panel in Netsweeper before 4.0.5 has a default password of branding for the branding account, which makes it easier for remote attackers to obtain access via a request to webadmin/.... Read more

    Affected Products : netsweeper
    • EPSS Score: %69.54
    • Published: Feb. 19, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-9613

    Multiple SQL injection vulnerabilities in Netsweeper before 2.6.29.10 allow remote attackers to execute arbitrary SQL commands via the (1) login parameter to webadmin/auth/verification.php or (2) dpid parameter to webadmin/deny/index.php.... Read more

    Affected Products : netsweeper
    • EPSS Score: %3.98
    • Published: Feb. 19, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-9612

    SQL injection vulnerability in remotereporter/load_logfiles.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to execute arbitrary SQL commands via the server parameter.... Read more

    Affected Products : netsweeper
    • EPSS Score: %4.41
    • Published: Feb. 19, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2014-9609

    Directory traversal vulnerability in webadmin/reporter/view_server_log.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to list directory contents via a .. (dot dot) in the log parameter in a stats action... Read more

    Affected Products : netsweeper
    • EPSS Score: %33.79
    • Published: Feb. 19, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-9608

    Cross-site scripting (XSS) vulnerability in webadmin/policy/group_table_ajax.php/ in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.... Read more

    Affected Products : netsweeper
    • EPSS Score: %25.74
    • Published: Feb. 19, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-9607

    Cross-site scripting (XSS) vulnerability in remotereporter/load_logfiles.php in Netsweeper 4.0.3 and 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter.... Read more

    Affected Products : netsweeper
    • EPSS Score: %9.41
    • Published: Feb. 19, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-9606

    Multiple cross-site scripting (XSS) vulnerabilities in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) server parameter to remotereporter/load_logfiles.php, (2)... Read more

    Affected Products : netsweeper
    • EPSS Score: %9.41
    • Published: Feb. 19, 2020
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2014-9563

    CRLF injection vulnerability in the web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allows remote authenticated users to modify the root password and consequently access th... Read more

    • EPSS Score: %0.17
    • Published: Apr. 12, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-9530

    A vulnerability exists in nw.js before 0.11.3 when calling nw methods from normal frames, which has an unspecified impact.... Read more

    Affected Products : nw
    • EPSS Score: %0.43
    • Published: Feb. 07, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-9504

    The OG Subgroups module, when used with the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal, allows remote attackers to access child groups via vectors related to membership inheritance.... Read more

    Affected Products : open_atrium
    • EPSS Score: %0.27
    • Published: Feb. 01, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2014-9503

    The Discussions sub module in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allows remote authenticated users with "access content" permissions to modify arbitrary nodes by leveraging improper access checks on unspecified ajax callbacks.... Read more

    Affected Products : open_atrium
    • EPSS Score: %0.21
    • Published: Feb. 01, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-9502

    Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified sub modules in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allow remote attackers to hijack the authentication of unknown victims via vectors related to menu callbacks... Read more

    Affected Products : open_atrium
    • EPSS Score: %0.16
    • Published: Feb. 01, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2014-9485

    Directory traversal vulnerability in the do_extract_currentfile function in miniunz.c in miniunzip in minizip before 1.1-5 might allow remote attackers to write to arbitrary files via a crafted entry in a ZIP archive.... Read more

    Affected Products : minizip
    • EPSS Score: %1.73
    • Published: Jan. 16, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292508 Results