Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2014-5209

    An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information.... Read more

    • EPSS Score: %0.53
    • Published: Jan. 08, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-5170

    The Storage API module 7.x before 7.x-1.6 for Drupal might allow remote attackers to execute arbitrary code by leveraging failure to update .htaccess file contents after SA-CORE-2013-003.... Read more

    Affected Products : storage_api
    • EPSS Score: %8.27
    • Published: Mar. 29, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-5140

    The bindReplace function in the query factory in includes/classes/database.php in Loaded Commerce 7 does not properly handle : (colon) characters, which allows remote authenticated users to conduct SQL injection attacks via the First name and Last name fi... Read more

    Affected Products : loaded7
    • EPSS Score: %1.10
    • Published: Jan. 03, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-5138

    Innovative Interfaces Sierra Library Services Platform 1.2_3 does not properly handle query strings with multiple instances of the same parameter, which allows remote attackers to bypass parameter validation via unspecified vectors, possibly related to th... Read more

    Affected Products : sierra
    • EPSS Score: %0.39
    • Published: Jan. 14, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-5132

    Avolve Software ProjectDox 8.1 allows remote attackers to enumerate users via vectors related to email addresses.... Read more

    Affected Products : projectdox
    • EPSS Score: %0.20
    • Published: Mar. 27, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2014-5131

    Avolve Software ProjectDox 8.1 makes it easier for remote authenticated users to obtain sensitive information by leveraging ciphertext reuse.... Read more

    Affected Products : projectdox
    • EPSS Score: %0.98
    • Published: Mar. 27, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2014-5130

    Avolve Software ProjectDox 8.1 allows remote authenticated users to obtain sensitive information from other users via vectors involving a direct access token.... Read more

    Affected Products : projectdox
    • EPSS Score: %0.98
    • Published: Mar. 27, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2014-5118

    Trusted Boot (tboot) before 1.8.2 has a 'loader.c' Security Bypass Vulnerability... Read more

    Affected Products : enterprise_linux fedora trusted_boot
    • EPSS Score: %0.05
    • Published: Nov. 18, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-5093

    Status2k does not remove the install directory allowing credential reset.... Read more

    Affected Products : status2k
    • EPSS Score: %12.19
    • Published: Jan. 10, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-5092

    Status2k allows Remote Command Execution in admin/options/editpl.php.... Read more

    Affected Products : status2k
    • EPSS Score: %5.51
    • Published: Jan. 10, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-5091

    A vulnerability exits in Status2K 2.5 Server Monitoring Software via the multies parameter to includes/functions.php, which could let a malicious user execute arbitrary PHP code.... Read more

    Affected Products : status2k
    • EPSS Score: %46.94
    • Published: Feb. 07, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-5087

    A vulnerability exists in Sphider Search Engine prior to 1.3.6 due to exec calls in admin/spiderfuncs.php, which could let a remote malicious user execute arbitrary code.... Read more

    Affected Products : sphider sphider-plus sphider_pro
    • EPSS Score: %15.84
    • Published: Feb. 07, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-5086

    A Command Execution vulnerability exists in Sphider Pro, and Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5086 pertains to instances of fwrite in Sphider ... Read more

    Affected Products : sphider sphider-plus sphider_pro
    • EPSS Score: %6.70
    • Published: Feb. 10, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-5085

    A Command Execution vulnerability exists in Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5085 pertains to instances of fwrite in Sphider Plus, but do not ... Read more

    Affected Products : sphider-plus
    • EPSS Score: %6.68
    • Published: Feb. 10, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-5084

    A Command Execution vulnerability exists in Sphider Pro 3.2 due to insufficient sanitization of fwrite, which could let a remote malicious user execute arbitrary code. CVE-2014-5084 pertains to instances of fwrite in Sphider Pro only, but do not exist in ... Read more

    Affected Products : sphider_pro
    • EPSS Score: %6.72
    • Published: Feb. 10, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-5083

    A Command Execution vulnerability exists in Sphider before 1.3.6 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5083 pertains to instances of fwrite in Sphider.... Read more

    Affected Products : sphider
    • EPSS Score: %6.68
    • Published: Feb. 10, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-5081

    sphider prior to 1.3.6, sphider-pro prior to 3.2, and sphider-plus prior to 3.2 allow authentication bypass... Read more

    Affected Products : sphider sphider-plus sphider_pro
    • EPSS Score: %6.28
    • Published: Jan. 10, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-5072

    Cross-site request forgery (CSRF) vulnerability in WP Security Audit Log plugin before 1.2.5 for WordPress allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.... Read more

    Affected Products : wp_security_audit_log
    • EPSS Score: %0.12
    • Published: Apr. 06, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-5071

    SQL injection vulnerability in the checkPassword function in Symmetricom s350i 2.70.15 allows remote attackers to execute arbitrary SQL commands via vectors involving a username.... Read more

    Affected Products : s350i_firmware s350i
    • EPSS Score: %0.42
    • Published: Jan. 08, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-5070

    Symmetricom s350i 2.70.15 allows remote authenticated users to gain privileges via vectors related to pushing unauthenticated users to the login page.... Read more

    Affected Products : s350i_firmware s350i
    • EPSS Score: %0.58
    • Published: Jan. 11, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292510 Results