Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2014-8356

    The web administrative portal in Zhone zNID 2426A before S3.0.501 allows remote authenticated users to bypass intended access restrictions via a modified server response, related to an insecure direct object reference.... Read more

    Affected Products : znid_2426a_firmware znid_2426a
    • EPSS Score: %1.54
    • Published: Nov. 21, 2019
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-8347

    An Authentication Bypass vulnerability exists in the MatchPasswordData function in DBEngine.dll in Filemaker Pro 13.03 and Filemaker Pro Advanced 12.04, which could let a malicious user obtain elevated privileges.... Read more

    • EPSS Score: %0.55
    • Published: Feb. 11, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-8338

    Cross-site scripting (XSS) vulnerability in vwrooms/js/jsor-jcarousel/examples/special_textscroller.php in the VideoWhisper Webcam plugins for Drupal 7.x allows remote attackers to inject arbitrary web script or HTML via a URL to a crafted SVG file in the... Read more

    Affected Products : webcam
    • EPSS Score: %0.37
    • Published: Jan. 31, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-8337

    Unrestricted file upload vulnerability in includes/classes/uploadify-v2.1.4/uploadify.php in HelpDEZk 1.0.1 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct requ... Read more

    Affected Products : helpdezk
    • EPSS Score: %4.14
    • Published: Jan. 03, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2014-8336

    The "Sql Run Query" panel in WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote attackers to read arbitrary files by leveraging failure to sufficiently limit queries, as demonstrated by use of LOAD_FILE in an INSERT statem... Read more

    Affected Products : wp-dbmanager
    • EPSS Score: %1.23
    • Published: Jan. 05, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-8335

    (1) wp-dbmanager.php and (2) database-manage.php in the WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.... Read more

    Affected Products : wp-dbmanager
    • EPSS Score: %0.11
    • Published: Jan. 05, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2014-8328

    The default configuration in the Dynamic Content Elements (dce) extension before 0.11.5 for TYPO3 allows remote attackers to obtain sensitive installation environment information by reading the update check request.... Read more

    Affected Products : dynamic_content_elements
    • EPSS Score: %0.32
    • Published: Feb. 03, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-8322

    Stack-based buffer overflow in the tcp_test function in aireplay-ng.c in Aircrack-ng before 1.2 RC 1 allows remote attackers to execute arbitrary code via a crafted length parameter value.... Read more

    Affected Products : aircrack-ng
    • EPSS Score: %32.21
    • Published: Jan. 31, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-8321

    Stack-based buffer overflow in the gps_tracker function in airodump-ng.c in Aircrack-ng before 1.2 RC 1 allows local users to execute arbitrary code or gain privileges via unspecified vectors.... Read more

    Affected Products : aircrack-ng
    • EPSS Score: %0.19
    • Published: Jan. 31, 2020
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2014-8271

    Buffer overflow in the Reclaim function in Tianocore EDK2 before SVN 16280 allows physically proximate attackers to gain privileges via a long variable name.... Read more

    Affected Products : edk2
    • EPSS Score: %0.22
    • Published: Feb. 06, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-8184

    A vulnerability was found in liblouis, versions 2.5.x before 2.5.4. A stack-based buffer overflow was found in findTable() in liblouis. An attacker could create a malicious file that would cause applications that use liblouis (such as Orca) to crash, or p... Read more

    Affected Products : liblouis
    • EPSS Score: %0.69
    • Published: Aug. 02, 2019
    • Modified: Nov. 21, 2024

  • 7.4

    HIGH
    CVE-2014-8183

    It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource name can access resources in other organizations.... Read more

    Affected Products : satellite foreman
    • EPSS Score: %0.15
    • Published: Aug. 01, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-8182

    An off-by-one error leading to a crash was discovered in openldap 2.4 when processing DNS SRV messages. If slapd was configured to use the dnssrv backend, an attacker could crash the service with crafted DNS responses.... Read more

    Affected Products : debian_linux openldap
    • EPSS Score: %5.15
    • Published: Jan. 02, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2014-8181

    The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive information to userspace.... Read more

    Affected Products : enterprise_linux enterprise_mrg
    • EPSS Score: %0.23
    • Published: Nov. 06, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-8179

    Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-dig... Read more

    Affected Products : docker opensuse cs_engine
    • EPSS Score: %0.67
    • Published: Dec. 17, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2014-8178

    Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands.... Read more

    Affected Products : docker opensuse cs_engine
    • EPSS Score: %0.14
    • Published: Dec. 17, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2014-8171

    The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of service (deadlock) by spawning new processes within a memory-constrained cgroup.... Read more

    • EPSS Score: %0.05
    • Published: Feb. 09, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2014-8167

    vdsm and vdsclient does not validate certficate hostname from another vdsm which could facilitate a man-in-the-middle attack... Read more

    • EPSS Score: %0.17
    • Published: Nov. 13, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-8166

    The browsing feature in the server in CUPS does not filter ANSI escape sequences from shared printer names, which might allow remote attackers to execute arbitrary code via a crafted printer name.... Read more

    Affected Products : cups
    • EPSS Score: %0.99
    • Published: Jan. 12, 2018
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2014-8164

    A insecure configuration for certificate verification (http.verify_mode = OpenSSL::SSL::VERIFY_NONE) may lead to verification bypass in Red Hat CloudForms 5.x.... Read more

    Affected Products : cloudforms_management_engine
    • EPSS Score: %0.14
    • Published: Jul. 06, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 292495 Results