Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2014-5000

    The login function in lib/lawn.rb in the lawn-login gem 0.0.7 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process.... Read more

    Affected Products : lawn-login
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-4999

    vendor/plugins/dataset/lib/dataset/database/mysql.rb in the kajam gem 1.0.3.rc2 for Ruby places the mysql user password on the (1) mysqldump command line in the capture function and (2) mysql command line in the restore function, which allows local users ... Read more

    Affected Products : kajam
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-4998

    test/tc_database.rb in the lean-ruport gem 0.3.8 for Ruby places the mysql user password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.... Read more

    Affected Products : lean-ruport
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-4997

    lib/commands/setup.rb in the point-cli gem 0.0.1 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process.... Read more

    Affected Products : point-cli
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2014-4996

    lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to write to arbitrary files via a symlink attack on /tmp/my.cnf.#{target_host}.... Read more

    Affected Products : vladtheenterprising
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2014-4995

    Race condition in lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to obtain sensitive information by reading the MySQL root password from a temporary file before it is removed.... Read more

    Affected Products : vladtheenterprising
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2014-4994

    lib/gyazo/client.rb in the gyazo gem 1.0.0 for Ruby allows local users to write to arbitrary files via a symlink attack on a temporary file, related to time-based filenames.... Read more

    Affected Products : gyazo
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-4993

    (1) lib/backup/cli/utility.rb in the backup-agoddard gem 3.0.28 and (2) lib/backup/cli/utility.rb in the backup_checksum gem 3.0.23 for Ruby place credentials on the openssl command line, which allows local users to obtain sensitive information by listing... Read more

    Affected Products : backup-agoddard backup_checksum
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-4992

    lib/cap-strap/helpers.rb in the cap-strap gem 0.1.5 for Ruby places credentials on the useradd command line, which allows local users to obtain sensitive information by listing the process.... Read more

    Affected Products : cap-strap
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-4991

    (1) lib/dataset/database/mysql.rb and (2) lib/dataset/database/postgresql.rb in the codders-dataset gem 1.3.2.1 for Ruby place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.... Read more

    Affected Products : codders-dataset
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-4984

    Déjà Vu Crescendo Sales CRM has remote SQL Injection... Read more

    Affected Products : crescendo_-_sales_crm
    • Published: Jan. 10, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-4982

    LPAR2RRD ≤ 4.53 and ≤ 3.5 has arbitrary command injection on the application server.... Read more

    Affected Products : lpar2rrd
    • Published: Jan. 10, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-4981

    LPAR2RRD in 3.5 and earlier allows remote attackers to execute arbitrary commands due to insufficient input sanitization of the web GUI parameters.... Read more

    Affected Products : lpar2rrd
    • Published: Feb. 17, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-4972

    Unrestricted file upload vulnerability in the Gravity Upload Ajax plugin 1.1 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file u... Read more

    Affected Products : ajax_upload_for_gravity_forms
    • Published: Jan. 08, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-4968

    The WebView class and use of the WebView.addJavascriptInterface method in the Boat Browser application 8.0 and 8.0.1 for Android allow remote attackers to execute arbitrary code via a crafted web site, a related issue to CVE-2012-6636.... Read more

    Affected Products : boat_browser
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-4967

    Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing " src=" clause... Read more

    Affected Products : ansible
    • Published: Feb. 18, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-4966

    Ansible before 1.6.7 does not prevent inventory data with "{{" and "lookup" substrings, and does not prevent remote data with "{{" substrings, which allows remote attackers to execute arbitrary code via (1) crafted lookup('pipe') calls or (2) crafted Jinj... Read more

    Affected Products : ansible
    • Published: Feb. 18, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-4959

    **DISPUTED** SQL injection vulnerability in SQLiteDatabase.java in the SQLi Api in Android allows remote attackers to execute arbitrary SQL commands via the delete method.... Read more

    Affected Products : android
    • Published: Mar. 27, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-4932

    Cross-site scripting (XSS) vulnerability in the Wordfence Security plugin before 5.1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the val parameter to whois.php.... Read more

    Affected Products : wordfence_security
    • Published: Aug. 28, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-4928

    SQL injection vulnerability in Invision Power Board (aka IPB or IP.Board) before 3.4.6 allows remote attackers to execute arbitrary SQL commands via the cId parameter.... Read more

    Affected Products : invision_power_board
    • Published: Mar. 20, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292811 Results