Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2014-5083

    A Command Execution vulnerability exists in Sphider before 1.3.6 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5083 pertains to instances of fwrite in Sphider.... Read more

    Affected Products : sphider
    • Published: Feb. 10, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-5081

    sphider prior to 1.3.6, sphider-pro prior to 3.2, and sphider-plus prior to 3.2 allow authentication bypass... Read more

    Affected Products : sphider sphider-plus sphider_pro
    • Published: Jan. 10, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-5072

    Cross-site request forgery (CSRF) vulnerability in WP Security Audit Log plugin before 1.2.5 for WordPress allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.... Read more

    Affected Products : wp_security_audit_log
    • Published: Apr. 06, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-5071

    SQL injection vulnerability in the checkPassword function in Symmetricom s350i 2.70.15 allows remote attackers to execute arbitrary SQL commands via vectors involving a username.... Read more

    Affected Products : s350i_firmware s350i
    • Published: Jan. 08, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-5070

    Symmetricom s350i 2.70.15 allows remote authenticated users to gain privileges via vectors related to pushing unauthenticated users to the login page.... Read more

    Affected Products : s350i_firmware s350i
    • Published: Jan. 11, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-5069

    Cross-site scripting (XSS) vulnerability in Symmetricom s350i 2.70.15 allows remote attackers to inject arbitrary web script or HTML via vectors involving system logs.... Read more

    Affected Products : s350i_firmware s350i
    • Published: Jan. 08, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-5068

    Directory traversal vulnerability in the web application in Symmetricom s350i 2.70.15 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash) or (2) ..\ (dot dot forward slash) before a file name.... Read more

    Affected Products : s350i_firmware s350i
    • Published: Jan. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-5044

    Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service (Fortran application crash) via vectors related to array allocation.... Read more

    Affected Products : libgfortran
    • Published: Mar. 07, 2018
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2014-5039

    Cross-site scripting (XSS) vulnerability in Eucalyptus Management Console (EMC) 4.0.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : eucalyptus_management_console
    • Published: Jan. 31, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-5034

    Cross-site request forgery (CSRF) vulnerability in the Brute Force Login Protection module 1.3 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that have unknown impact via a crafted request to the brute... Read more

    Affected Products : brute_force_login_protection
    • Published: Apr. 06, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2014-5028

    The Original File and Patched File resources in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information from repository files by leveraging knowledge ... Read more

    Affected Products : review_board
    • Published: Mar. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-5014

    The WordPress Flash Uploader plugin before 3.1.3 for WordPress allows remote attackers to execute arbitrary commands via vectors related to invalid characters in image_magic_path.... Read more

    Affected Products : wordpress_flash_uploader
    • Published: Apr. 25, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-5013

    DOMPDF before 0.6.2 allows remote code execution, a related issue to CVE-2014-2383.... Read more

    Affected Products : dompdf
    • Published: Jan. 10, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2014-5012

    DOMPDF before 0.6.2 allows denial of service.... Read more

    Affected Products : dompdf
    • Published: Jan. 10, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2014-5011

    DOMPDF before 0.6.2 allows Information Disclosure.... Read more

    Affected Products : dompdf
    • Published: Jan. 10, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-5007

    Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90055 allows remote attackers to write to and execute arbitrary files as... Read more

    • Published: Jan. 17, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-5004

    lib/brbackup.rb in the brbackup gem 0.1.1 for Ruby places the database password on the mysql command line, which allows local users to obtain sensitive information by listing the process.... Read more

    Affected Products : brbackup
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2014-5003

    chef/travis-cookbooks/ci_environment/perlbrew/recipes/default.rb in the ciborg gem 3.0.0 for Ruby allows local users to write to arbitrary files and gain privileges via a symlink attack on /tmp/perlbrew-installer.... Read more

    Affected Products : ciborg
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-5002

    The lynx gem before 1.0.0 for Ruby places the configured password on command lines, which allows local users to obtain sensitive information by listing processes.... Read more

    Affected Products : lynx
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-5001

    lib/ksymfony1.rb in the kcapifony gem 2.1.6 for Ruby places database user passwords on the (1) mysqldump, (2) pg_dump, (3) mysql, and (4) psql command lines, which allows local users to obtain sensitive information by listing the processes.... Read more

    Affected Products : kcapifony
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292811 Results