Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2014-6046

    Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyFAQ before 2.8.13 allow remote attackers to hijack the authentication of unspecified users for requests that (1) delete active users by leveraging improper validation of CSRF tokens or tha... Read more

    Affected Products : phpmyfaq
    • Published: Aug. 28, 2018
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2014-6045

    SQL injection vulnerability in phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via vectors involving the restore function.... Read more

    Affected Products : phpmyfaq
    • Published: Aug. 28, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-6039

    ManageEngine EventLog Analyzer version 7 through 9.9 build 9002 has a Credentials Disclosure Vulnerability. Fixed version 10 Build 10000.... Read more

    Affected Products : manageengine_eventlog_analyzer
    • Published: Jan. 13, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-6038

    Zoho ManageEngine EventLog Analyzer versions 7 through 9.9 build 9002 have a database Information Disclosure Vulnerability. Fixed in EventLog Analyzer 10.0 Build 10000.... Read more

    Affected Products : manageengine_eventlog_analyzer
    • Published: Jan. 13, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-6027

    Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.4 allow (1) remote attackers to inject arbitrary web script or HTML by leveraging failure to encode file contents when downloading a torrent file or (2) remote authenticated users to inj... Read more

    Affected Products : torrentflux
    • Published: Jan. 16, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2014-5516

    Cross-site request forgery (CSRF) vulnerability in the Storefront Application in DS Data Systems KonaKart before 7.3.0.0 allows remote attackers to hijack the authentication of administrators for requests that change a user email address via an unspecifie... Read more

    Affected Products : konakart
    • Published: Jan. 03, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2014-5509

    clipedit in the Clipboard module for Perl allows local users to delete arbitrary files via a symlink attack on /tmp/clipedit$$.... Read more

    Affected Products : clipboard
    • Published: Jan. 08, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-5500

    Synacor Zimbra Collaboration before 8.0.8 has XSS.... Read more

    Affected Products : zimbra_collaboration_server
    • Published: Jan. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-5470

    Actual Analyzer through 2014-08-29 allows code execution via shell metacharacters because untrusted input is used for part of the input data passed to an eval operation.... Read more

    Affected Products :
    • Published: Jun. 21, 2024
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-5468

    A File Inclusion vulnerability exists in Railo 4.2.1 and earlier via a specially-crafted URL request to the thumbnail.cfm to specify a malicious PNG file, which could let a remote malicious user obtain sensitive information or execute arbitrary code.... Read more

    Affected Products : railo
    • Published: Feb. 07, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2014-5450

    Zarafa Collaboration Platform 4.1 uses world-readable permissions for /etc/zarafa/license, which allows local users to obtain sensitive information by reading license files.... Read more

    Affected Products : zarafa_collaboration_platform
    • Published: Mar. 19, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-5443

    Seafile Server before 3.1.2 and Server Professional Edition before 3.1.0 allow local users to gain privileges via vectors related to ccnet handling user accounts.... Read more

    Affected Products : seafile_server
    • Published: Mar. 19, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2014-5439

    Multiple Stack-based Buffer Overflow vulnerabilities exists in Sniffit prior to 0.3.7 via a crafted configuration file that will bypass Non-eXecutable bit NX, stack smashing protector SSP, and address space layout randomization ASLR protection mechanisms,... Read more

    Affected Products : debian_linux sniffit
    • Published: Nov. 19, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-5436

    A directory traversal vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to possible information disclosure. Honeywell strongly encourages and recommends ... Read more

    Affected Products : experion_process_knowledge_system
    • Published: Apr. 08, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-5435

    An arbitrary memory write vulnerability exists in the dual_onsrv.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, that could lead to possible remote code execution or denial of service. Honeywell strongl... Read more

    Affected Products : experion_process_knowledge_system
    • Published: Apr. 08, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-5434

    Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 has a default account with hard-coded credentials used with the FTP protocol. Baxter asserts no files can be transferred to or from the WBM u... Read more

    • Published: Mar. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-5433

    An unauthenticated remote attacker may be able to execute commands to view wireless account credentials that are stored in cleartext on Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16, whic... Read more

    • Published: Mar. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-5432

    Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 is remotely accessible via Port 22/SSH without authentication. A remote attacker may be able to make unauthorized configuration changes to th... Read more

    • Published: Mar. 26, 2019
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2014-5431

    Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 contains a hard-coded password, which provides access to basic biomedical information, limited device settings, and network configuration of ... Read more

    • Published: Mar. 26, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-5401

    Hospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Platform software that may allow unauthenticated users to execute arbitrary code on the target system. Hospira has developed a new version of the Me... Read more

    Affected Products : mednet
    • Published: Mar. 26, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292803 Results