Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2014-9504

    The OG Subgroups module, when used with the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal, allows remote attackers to access child groups via vectors related to membership inheritance.... Read more

    Affected Products : open_atrium
    • Published: Feb. 01, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2014-9503

    The Discussions sub module in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allows remote authenticated users with "access content" permissions to modify arbitrary nodes by leveraging improper access checks on unspecified ajax callbacks.... Read more

    Affected Products : open_atrium
    • Published: Feb. 01, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-9502

    Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified sub modules in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allow remote attackers to hijack the authentication of unknown victims via vectors related to menu callbacks... Read more

    Affected Products : open_atrium
    • Published: Feb. 01, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2014-9485

    Directory traversal vulnerability in the do_extract_currentfile function in miniunz.c in miniunzip in minizip before 1.1-5 might allow remote attackers to write to arbitrary files via a crafted entry in a ZIP archive.... Read more

    Affected Products : minizip
    • Published: Jan. 16, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2014-9482

    Use-after-free vulnerability in dwarfdump in libdwarf 20130126 through 20140805 might allow remote attackers to cause a denial of service (program crash) via a crafted ELF file.... Read more

    Affected Products : libdwarf
    • Published: Jan. 16, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2014-9481

    The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML.... Read more

    Affected Products : mediawiki
    • Published: Jan. 27, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-9470

    Cross-site scripting (XSS) vulnerability in the loadForm function in Frontend/Modules/Search/Actions/Index.php in Fork CMS before 3.8.4 allows remote attackers to inject arbitrary web script or HTML via the q_widget parameter to en/search.... Read more

    Affected Products : fork_cms
    • Published: Feb. 08, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-9405

    A Cross-Site Scripting (XSS) vulnerability exists in the description field of an Download RSS item or Contacts in Freebox OS Web interface 3.0.2, which allows malicious users to execute arbitrary code.... Read more

    Affected Products : freebox_os
    • Published: Jan. 06, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-9390

    Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all version... Read more

    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2014-9382

    Freebox OS Web interface 3.0.2 has CSRF which can allow VPN user account creation... Read more

    Affected Products : freebox_os
    • Published: Jan. 13, 2020
    • Modified: Nov. 21, 2024

  • 8.6

    HIGH
    CVE-2014-9356

    Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or (2) build in a Dockerfile.... Read more

    Affected Products : docker moby
    • Published: Dec. 02, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-9320

    SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and consequently gain SYSTEM privileges via vectors involving CORBA calls, aka SAP Note 2039905.... Read more

    Affected Products : businessobjects_edge
    • Published: Aug. 09, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-9211

    ClickDesk version 4.3 and below has persistent cross site scripting... Read more

    Affected Products : clickdesk
    • Published: Jan. 14, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-9189

    Multiple stack-based buffer overflow vulnerabilities were found in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules that could lead to possible remote code execution, dynamic memor... Read more

    Affected Products : experion_process_knowledge_system
    • Published: Mar. 25, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-9187

    Multiple heap-based buffer overflow vulnerabilities exist in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules, which could lead to possible remote code execution or denial of servi... Read more

    Affected Products : experion_process_knowledge_system
    • Published: Mar. 25, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-9186

    A file inclusion vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to accepting an arbitrary file into the function, and potential information disclosure... Read more

    Affected Products : experion_process_knowledge_system
    • Published: Apr. 08, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2014-9127

    Open-School Community Edition 2.2 does not properly restrict access to the export functionality, which allows remote authenticated users to obtain sensitive information via the r parameter with the value export to index.php.... Read more

    Affected Products : open-school
    • Published: Feb. 08, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-9126

    Multiple cross-site scripting (XSS) vulnerabilities in Open-School Community Edition 2.2 allow remote attackers to inject arbitrary web script or HTML via the YII_CSRF_TOKEN HTTP cookie or the StudentDocument, StudentCategories, StudentPreviousDatas param... Read more

    Affected Products : open-school
    • Published: Feb. 08, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-9014

    Directory traversal vulnerability in the ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin before 2.4.1 for WordPress allows remote authenticated users to download arbitrary files via a .. (dot dot) in the file parameter.... Read more

    Affected Products : wpmarketplace
    • Published: Nov. 06, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-9013

    The ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin 2.4.0 for WordPress allows remote authenticated users to create arbitrary users and gain admin privileges via a request to wpmp_pp_ajax_call with an execution target of wp_i... Read more

    Affected Products : wpmarketplace
    • Published: Nov. 06, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292885 Results