Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2014-4156

    Proxmox VE prior to 3.2: 'AccessControl.pm' User Enumeration Vulnerability... Read more

    Affected Products : virtual_environment
    • Published: Jan. 27, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2014-4150

    The scheme48-send-definition function in cmuscheme48.el in Scheme 48 allows local users to write to arbitrary files via a symlink attack on /tmp/s48lose.tmp.... Read more

    Affected Products : scheme48
    • Published: Jul. 20, 2018
    • Modified: Nov. 21, 2024

  • 7.6

    HIGH
    CVE-2014-4145

    Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2810... Read more

    Affected Products : internet_explorer
    • Published: Feb. 08, 2018
    • Modified: Nov. 21, 2024

  • 7.6

    HIGH
    CVE-2014-4112

    Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0304... Read more

    Affected Products : internet_explorer
    • Published: Feb. 08, 2018
    • Modified: Nov. 21, 2024

  • 7.6

    HIGH
    CVE-2014-4066

    Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2787... Read more

    Affected Products : internet_explorer
    • Published: Feb. 08, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2014-4024

    SSL virtual servers in F5 BIG-IP systems 10.x before 10.2.4 HF9, 11.x before 11.2.1 HF12, 11.3.0 before HF10, 11.4.0 before HF8, 11.4.1 before HF5, 11.5.0 before HF5, and 11.5.1 before HF5, when used with third-party Secure Sockets Layer (SSL) accelerator... Read more

    • Published: Mar. 19, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-4019

    ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to read backup files via a direct request for rom-0.... Read more

    Affected Products : zxv10_w300 zxv10_w300_firmware
    • Published: Feb. 20, 2020
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2014-3999

    The Horde_Ldap library before 2.0.6 for Horde allows remote attackers to bypass authentication by leveraging knowledge of the LDAP bind user DN.... Read more

    Affected Products : horde_ldap
    • Published: Apr. 10, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-3990

    The Cart::getProducts method in system/library/cart.php in OpenCart 1.5.6.4 and earlier allows remote attackers to conduct server-side request forgery (SSRF) attacks or possibly conduct XML External Entity (XXE) attacks and execute arbitrary code via a cr... Read more

    Affected Products : opencart
    • Published: Mar. 20, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-3979

    Bytemark Symbiosis allows remote attackers to cause a denial of service via a crafted username, which triggers the firewall to blacklist the IP.... Read more

    Affected Products : symbiosis
    • Published: Jan. 27, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2014-3972

    Directory traversal vulnerability in Apexis APM-J601-WS cameras with firmware before 17.35.2.49 allows remote attackers to read arbitrary files via unspecified vectors.... Read more

    Affected Products : apm-j601-ws_firmware apm-j601-ws
    • Published: Feb. 19, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2014-3919

    A vulnerability exists in Netgear CG3100 devices before 3.9.2421.13.mp3 V0027 via an embed malicious script in an unspecified page, which could let a malicious user obtain sensitive information.... Read more

    Affected Products : cg3100_firmware cg3100
    • Published: Feb. 13, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-3879

    OpenPAM Nummularia 9.2 through 10.0 does not properly handle the error reported when an include directive refers to a policy that does not exist, which causes the loaded policy chain to no be discarded and allows context-dependent attackers to bypass auth... Read more

    Affected Products : freebsd
    • Published: Feb. 18, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-3875

    The addto parameter to fup in Frams' Fast File EXchange (F*EX, aka fex) before fex-2014053 allows remote attackers to conduct cross-site scripting (XSS) attacks... Read more

    Affected Products : fex
    • Published: Nov. 27, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-3868

    Multiple SQL injection vulnerabilities in ZeusCart 4.x.... Read more

    Affected Products : zeuscart
    • Published: Jan. 31, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-3860

    Xilisoft Video Converter Ultimate 7.8.1 build-20140505 has a DLL Hijacking vulnerability... Read more

    Affected Products : video_converter
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2014-3856

    The funced function in fish (aka fish-shell) 1.23.0 before 2.1.1 does not properly create temporary files, which allows local users to gain privileges via a temporary file with a predictable name.... Read more

    Affected Products : fish
    • Published: Jan. 28, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-3827

    Multiple cross-site scripting (XSS) vulnerabilities in the MyBB (aka MyBulletinBoard) before 1.8.4 allow remote authenticated users to inject arbitrary web script or HTML via the title parameter in the (1) edit or (2) add action in the user-users module o... Read more

    Affected Products : mybb
    • Published: Feb. 11, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-3826

    Cross-site scripting (XSS) vulnerability in MyBB before 1.6.13 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter in the edit action of the config-profile_fields module.... Read more

    Affected Products : mybb
    • Published: Feb. 11, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-3809

    Cross-site scripting (XSS) vulnerability in the management interface in Alcatel-Lucent 1830 Photonic Service Switch (PSS) 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the myurl parameter to menu/pop.html.... Read more

    • Published: Jan. 31, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 292870 Results