Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.9

    MEDIUM
    CVE-2014-6112

    IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 make it easier for remote attackers to obtain sensitive information by leveraging su... Read more

    • EPSS Score: %0.25
    • Published: Apr. 20, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-6111

    IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 store encrypted user credentials and the keystore password in cleartext in configura... Read more

    • EPSS Score: %0.04
    • Published: Apr. 20, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2014-6109

    IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 allow remote authenticated users to bypass intended access restrictions and obtain s... Read more

    • EPSS Score: %0.12
    • Published: Apr. 20, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2014-6108

    IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 might allow man-in-the-middle attackers to obtain sensitive information by leveragin... Read more

    • EPSS Score: %0.20
    • Published: Apr. 20, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-6071

    jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.... Read more

    • EPSS Score: %1.47
    • Published: Jan. 16, 2018
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2014-6059

    WordPress Advanced Access Manager Plugin before 2.8.2 has an Arbitrary File Overwrite Vulnerability... Read more

    Affected Products : advanced_access_manager
    • EPSS Score: %1.10
    • Published: Jan. 13, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2014-6050

    phpMyFAQ before 2.8.13 allows remote attackers to bypass the CAPTCHA protection mechanism by replaying the request.... Read more

    Affected Products : phpmyfaq
    • EPSS Score: %4.91
    • Published: Aug. 28, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2014-6049

    phpMyFAQ before 2.8.13 allows remote authenticated users with admin privileges to bypass authorization via a crafted instance ID parameter.... Read more

    Affected Products : phpmyfaq
    • EPSS Score: %1.24
    • Published: Aug. 28, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2014-6048

    phpMyFAQ before 2.8.13 allows remote attackers to read arbitrary attachments via a direct request.... Read more

    Affected Products : phpmyfaq
    • EPSS Score: %6.05
    • Published: Aug. 28, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2014-6047

    phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to read arbitrary attachments by leveraging incorrect "download an attachment" permission checks.... Read more

    Affected Products : phpmyfaq
    • EPSS Score: %4.67
    • Published: Aug. 28, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-6046

    Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyFAQ before 2.8.13 allow remote attackers to hijack the authentication of unspecified users for requests that (1) delete active users by leveraging improper validation of CSRF tokens or tha... Read more

    Affected Products : phpmyfaq
    • EPSS Score: %0.25
    • Published: Aug. 28, 2018
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2014-6045

    SQL injection vulnerability in phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via vectors involving the restore function.... Read more

    Affected Products : phpmyfaq
    • EPSS Score: %0.39
    • Published: Aug. 28, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-6039

    ManageEngine EventLog Analyzer version 7 through 9.9 build 9002 has a Credentials Disclosure Vulnerability. Fixed version 10 Build 10000.... Read more

    Affected Products : manageengine_eventlog_analyzer
    • EPSS Score: %83.63
    • Published: Jan. 13, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-6038

    Zoho ManageEngine EventLog Analyzer versions 7 through 9.9 build 9002 have a database Information Disclosure Vulnerability. Fixed in EventLog Analyzer 10.0 Build 10000.... Read more

    Affected Products : manageengine_eventlog_analyzer
    • EPSS Score: %83.79
    • Published: Jan. 13, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-6027

    Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.4 allow (1) remote attackers to inject arbitrary web script or HTML by leveraging failure to encode file contents when downloading a torrent file or (2) remote authenticated users to inj... Read more

    Affected Products : torrentflux
    • EPSS Score: %0.34
    • Published: Jan. 16, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2014-5516

    Cross-site request forgery (CSRF) vulnerability in the Storefront Application in DS Data Systems KonaKart before 7.3.0.0 allows remote attackers to hijack the authentication of administrators for requests that change a user email address via an unspecifie... Read more

    Affected Products : konakart
    • EPSS Score: %0.15
    • Published: Jan. 03, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2014-5509

    clipedit in the Clipboard module for Perl allows local users to delete arbitrary files via a symlink attack on /tmp/clipedit$$.... Read more

    Affected Products : clipboard
    • EPSS Score: %0.06
    • Published: Jan. 08, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-5500

    Synacor Zimbra Collaboration before 8.0.8 has XSS.... Read more

    Affected Products : zimbra_collaboration_server
    • EPSS Score: %0.71
    • Published: Jan. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-5470

    Actual Analyzer through 2014-08-29 allows code execution via shell metacharacters because untrusted input is used for part of the input data passed to an eval operation.... Read more

    Affected Products :
    • Published: Jun. 21, 2024
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-5468

    A File Inclusion vulnerability exists in Railo 4.2.1 and earlier via a specially-crafted URL request to the thumbnail.cfm to specify a malicious PNG file, which could let a remote malicious user obtain sensitive information or execute arbitrary code.... Read more

    Affected Products : railo
    • EPSS Score: %65.26
    • Published: Feb. 07, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 292517 Results