Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2014-9320

    SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and consequently gain SYSTEM privileges via vectors involving CORBA calls, aka SAP Note 2039905.... Read more

    Affected Products : businessobjects_edge
    • Published: Aug. 09, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-9211

    ClickDesk version 4.3 and below has persistent cross site scripting... Read more

    Affected Products : clickdesk
    • Published: Jan. 14, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-9189

    Multiple stack-based buffer overflow vulnerabilities were found in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules that could lead to possible remote code execution, dynamic memor... Read more

    Affected Products : experion_process_knowledge_system
    • Published: Mar. 25, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-9187

    Multiple heap-based buffer overflow vulnerabilities exist in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules, which could lead to possible remote code execution or denial of servi... Read more

    Affected Products : experion_process_knowledge_system
    • Published: Mar. 25, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-9186

    A file inclusion vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to accepting an arbitrary file into the function, and potential information disclosure... Read more

    Affected Products : experion_process_knowledge_system
    • Published: Apr. 08, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2014-9127

    Open-School Community Edition 2.2 does not properly restrict access to the export functionality, which allows remote authenticated users to obtain sensitive information via the r parameter with the value export to index.php.... Read more

    Affected Products : open-school
    • Published: Feb. 08, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-9126

    Multiple cross-site scripting (XSS) vulnerabilities in Open-School Community Edition 2.2 allow remote attackers to inject arbitrary web script or HTML via the YII_CSRF_TOKEN HTTP cookie or the StudentDocument, StudentCategories, StudentPreviousDatas param... Read more

    Affected Products : open-school
    • Published: Feb. 08, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-9014

    Directory traversal vulnerability in the ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin before 2.4.1 for WordPress allows remote authenticated users to download arbitrary files via a .. (dot dot) in the file parameter.... Read more

    Affected Products : wpmarketplace
    • Published: Nov. 06, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-9013

    The ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin 2.4.0 for WordPress allows remote authenticated users to create arbitrary users and gain admin privileges via a request to wpmp_pp_ajax_call with an execution target of wp_i... Read more

    Affected Products : wpmarketplace
    • Published: Nov. 06, 2019
    • Modified: Nov. 21, 2024

  • 7.6

    HIGH
    CVE-2014-8985

    Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2810... Read more

    Affected Products : internet_explorer
    • Published: Feb. 08, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-8945

    admin.php?page=projects in Lexiglot through 2014-11-20 allows command injection via username and password fields.... Read more

    Affected Products : lexiglot
    • Published: Jun. 01, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-8944

    Lexiglot through 2014-11-20 allows XSS (Reflected) via the username, or XSS (Stored) via the admin.php?page=config install_name, intro_message, or new_file_content parameter.... Read more

    Affected Products : lexiglot
    • Published: Jun. 01, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-8943

    Lexiglot through 2014-11-20 allows SSRF via the admin.php?page=projects svn_url parameter.... Read more

    Affected Products : lexiglot
    • Published: Jun. 01, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-8942

    Lexiglot through 2014-11-20 allows CSRF.... Read more

    Affected Products : lexiglot
    • Published: Jun. 01, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-8941

    Lexiglot through 2014-11-20 allows SQL injection via an admin.php?page=users&from_id= or admin.php?page=history&limit= URI.... Read more

    Affected Products : lexiglot
    • Published: Jun. 01, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2014-8940

    Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information (names and details of projects) by visiting the /update.log URI.... Read more

    Affected Products : lexiglot
    • Published: Jun. 01, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2014-8939

    Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information (full path) via an include/smarty/plugins/modifier.date_format.php request if PHP has a non-recommended configuration that produces warning messages.... Read more

    Affected Products : lexiglot
    • Published: Jun. 01, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-8938

    Lexiglot through 2014-11-20 allows local users to obtain sensitive information by listing a process because the username and password are on the command line.... Read more

    Affected Products : lexiglot
    • Published: Jun. 01, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-8937

    Lexiglot through 2014-11-20 allows denial of service because api/update.php launches svn update operations that use a great deal of resources.... Read more

    Affected Products : lexiglot
    • Published: Jun. 01, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-8888

    The remote administration interface in D-Link DIR-815 devices with firmware before 2.03.B02 allows remote attackers to execute arbitrary commands via vectors related to an "HTTP command injection issue."... Read more

    Affected Products : dir-815_firmware dir-815
    • Published: Apr. 12, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292894 Results