Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2014-2225

    Multiple cross-site request forgery (CSRF) vulnerabilities in Ubiquiti Networks UniFi Controller before 3.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create a new admin user via a request to api/add/admi... Read more

    • Published: Feb. 08, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-2214

    Multiple cross-site scripting (XSS) vulnerabilities in POSH (aka Posh portal or Portaneo) 3.0 through 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) error parameter to /includes/plugins/mobile/scripts/login.php or (2) id p... Read more

    Affected Products : posh
    • Published: Nov. 22, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-2213

    Open redirect vulnerability in the password reset functionality in POSH 3.0 through 3.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to portal/scr_sendmd5.php.... Read more

    Affected Products : posh
    • Published: Nov. 22, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2014-2079

    X File Explorer (aka xfe) might allow local users to bypass intended access restrictions and gain access to arbitrary files by leveraging failure to use directory masks when creating files on Samba and NFS shares.... Read more

    Affected Products : debian_linux x_file_explorer
    • Published: Jul. 16, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2014-2078

    The backend in Open-Xchange (OX) AppSuite 7.4.2 before 7.4.2-rev9 allows remote attackers to obtain sensitive information about user email addresses in opportunistic circumstances by leveraging a failure in e-mail auto configuration for external accounts.... Read more

    Affected Products : open-xchange_appsuite
    • Published: Apr. 10, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-2073

    Stack-based buffer overflow in Dassault Systemes CATIA V5-6R2013 allows remote attackers to execute arbitrary code via a crafted packet, related to "CATV5_Backbone_Bus."... Read more

    Affected Products : catia
    • Published: Apr. 10, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-2072

    Dassault Systemes Catia V5-6R2013: Stack Buffer Overflow due to inadequate boundary checks... Read more

    Affected Products : catia
    • Published: Jan. 08, 2020
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2014-2071

    Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before 6.2.5.61640 and 6.3.x before 6.3.0.61712, when configured to use tunneled and non-tunneled EAP methods in a single policy construct, allows remote authenticated users to gain privileges by advert... Read more

    Affected Products : clearpass
    • Published: Jan. 08, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-2069

    Absolute path traversal vulnerability in Eshtery CMS allows remote attackers to read arbitrary files via a full pathname in the file parameter to FileManager.aspx.... Read more

    Affected Products : eshtery_cms
    • Published: Apr. 16, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-2048

    The user_openid app in ownCloud Server before 5.0.15 allows remote attackers to obtain access by leveraging an insecure OpenID implementation.... Read more

    Affected Products : owncloud
    • Published: Mar. 26, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2014-2032

    Deadwood before 2.3.09, 3.x before 3.2.05, and as used in MaraDNS before 1.4.14 and 2.x before 2.0.09, allow remote attackers to cause a denial of service (out-of-bounds read and crash) by leveraging permission to perform recursive queries against Deadwoo... Read more

    Affected Products : maradns deadwood
    • Published: Mar. 20, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2014-2031

    Deadwood before 2.3.09, 3.x before 3.2.05, and as used in MaraDNS before 1.4.14 and 2.x before 2.0.09, allow remote attackers to cause a denial of service (out-of-bounds read and crash) by leveraging permission to perform recursive queries against Deadwoo... Read more

    Affected Products : maradns deadwood
    • Published: Mar. 20, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-2030

    Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld stri... Read more

    Affected Products : ubuntu_linux imagemagick opensuse
    • Published: Feb. 06, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-2025

    Unrestricted file upload vulnerability in an unspecified third party tool in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to execute arbitrary code by uploading a file with an... Read more

    Affected Products : intrexx
    • Published: Jan. 31, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-2017

    CRLF injection vulnerability in OXID eShop Professional Edition before 4.7.11 and 4.8.x before 4.8.4, Enterprise Edition before 5.0.11 and 5.1.x before 5.1.4, and Community Edition before 4.7.11 and 4.8.x before 4.8.4 allows remote attackers to inject arb... Read more

    Affected Products : eshop
    • Published: Jan. 18, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-1958

    Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-2030.... Read more

    Affected Products : ubuntu_linux imagemagick opensuse
    • Published: Feb. 06, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-1947

    Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of layers in a PSD image, involv... Read more

    • Published: Feb. 17, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-1946

    OpenDocMan 1.2.7 and earlier does not properly validate allowed actions, which allows remote authenticated users to bypass an intended access restrictions and assign administrative privileges to themselves via a crafted request to signup.php.... Read more

    Affected Products : opendocman
    • Published: Apr. 10, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2014-1938

    python-rply before 0.7.4 insecurely creates temporary files.... Read more

    Affected Products : rply
    • Published: Nov. 21, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-1937

    Gamera before 3.4.1 insecurely creates temporary files.... Read more

    Affected Products : gamera
    • Published: Nov. 21, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292763 Results