Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2014-3445

    backup.php in HandsomeWeb SOS Webpages before 1.1.12 does not require knowledge of the cleartext password, which allows remote attackers to bypass authentication by leveraging knowledge of the administrator password hash.... Read more

    Affected Products : sos_webpages
    • Published: Jan. 28, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-3413

    The MySQL server in Juniper Networks Junos Space before 13.3R1.8 has an unspecified account with a hardcoded password, which allows remote attackers to obtain sensitive information and consequently obtain administrative control by leveraging database acce... Read more

    Affected Products : junos_space junos_space
    • Published: Apr. 05, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-3244

    XML external entity (XXE) vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.... Read more

    Affected Products : sugarcrm
    • Published: Feb. 01, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2014-3230

    The libwww-perl LWP::Protocol::https module 6.04 through 6.06 for Perl, when using IO::Socket::SSL as the SSL socket class, allows attackers to disable server certificate validation via the (1) HTTPS_CA_DIR or (2) HTTPS_CA_FILE environment variable.... Read more

    Affected Products : \
    • Published: Jan. 28, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-3219

    fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER.... Read more

    Affected Products : fedora fish
    • Published: Feb. 09, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-3208

    A Denial of Service vulnerability exists in askpop3d 0.7.7 in free (pszQuery),... Read more

    Affected Products : askpop3d
    • Published: Feb. 13, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-3206

    Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php.... Read more

    • Published: Feb. 23, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-3205

    backupmgt/pre_connect_check.php in Seagate BlackArmor NAS contains a hard-coded password of '!~@##$$%FREDESWWSED' for a backdoor user.... Read more

    • Published: Feb. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2014-3180

    In kernel/compat.c in the Linux kernel before 3.17, as used in Google Chrome OS and other products, there is a possible out-of-bounds read. restart_syscall uses uninitialized data when restarting compat_sys_nanosleep. NOTE: this is disputed because the co... Read more

    Affected Products : linux_kernel chrome_os
    • Published: Nov. 06, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-3136

    Cross-site request forgery (CSRF) vulnerability in D-Link DWR-113 (Rev. Ax) with firmware before 2.03b02 allows remote attackers to hijack the authentication of administrators for requests that change the admin password via unspecified vectors.... Read more

    Affected Products : dwr-113_firmware dwr-113
    • Published: Dec. 27, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-3119

    Multiple SQL injection vulnerabilities in web2Project 3.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search_string parameter in the contacts module to index.php or allow remote attackers to execute arbitrary... Read more

    Affected Products : web2project
    • Published: Jan. 31, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-3114

    The EZPZ One Click Backup (ezpz-one-click-backup) plugin 12.03.10 and earlier for WordPress allows remote attackers to execute arbitrary commands via the cmd parameter to functions/ezpz-archive-cmd.php.... Read more

    Affected Products : ezpz-one-click-backup
    • Published: Apr. 10, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-3005

    XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an X... Read more

    Affected Products : fedora zabbix
    • Published: Feb. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-2914

    fish (aka fish-shell) 2.0.0 before 2.1.1 does not restrict access to the configuration service (aka fish_config), which allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by set_prompt.... Read more

    Affected Products : fish
    • Published: Jan. 28, 2020
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2014-2906

    The psub function in fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly create temporary files, which allows local users to execute arbitrary commands via a temporary file with a predictable name.... Read more

    Affected Products : fish
    • Published: Jan. 28, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-2904

    wolfssl before 3.2.0 has a server certificate that is not properly authorized for server authentication.... Read more

    Affected Products : wolfssl
    • Published: Nov. 21, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-2902

    wolfssl before 3.2.0 does not properly authorize CA certificate for signing other certificates.... Read more

    Affected Products : wolfssl
    • Published: Nov. 21, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-2901

    wolfssl before 3.2.0 does not properly issue certificates for a server's hostname.... Read more

    Affected Products : wolfssl
    • Published: Nov. 21, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-2898

    wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact via multiple calls to the CyaSSL_read function which triggers an out-of-bounds read when an error occurs, related to not checking the return code and MAC verification failure.... Read more

    Affected Products : wolfssl
    • Published: Jan. 28, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-2897

    The SSL 3 HMAC functionality in wolfSSL CyaSSL 2.5.0 before 2.9.4 does not check the padding length when verification fails, which allows remote attackers to have unspecified impact via a crafted HMAC, which triggers an out-of-bounds read.... Read more

    Affected Products : wolfssl
    • Published: Jan. 28, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 292797 Results