Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2014-2017

    CRLF injection vulnerability in OXID eShop Professional Edition before 4.7.11 and 4.8.x before 4.8.4, Enterprise Edition before 5.0.11 and 5.1.x before 5.1.4, and Community Edition before 4.7.11 and 4.8.x before 4.8.4 allows remote attackers to inject arb... Read more

    Affected Products : eshop
    • Published: Jan. 18, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-1958

    Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-2030.... Read more

    Affected Products : ubuntu_linux imagemagick opensuse
    • Published: Feb. 06, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-1947

    Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of layers in a PSD image, involv... Read more

    • Published: Feb. 17, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-1946

    OpenDocMan 1.2.7 and earlier does not properly validate allowed actions, which allows remote authenticated users to bypass an intended access restrictions and assign administrative privileges to themselves via a crafted request to signup.php.... Read more

    Affected Products : opendocman
    • Published: Apr. 10, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2014-1938

    python-rply before 0.7.4 insecurely creates temporary files.... Read more

    Affected Products : rply
    • Published: Nov. 21, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-1937

    Gamera before 3.4.1 insecurely creates temporary files.... Read more

    Affected Products : gamera
    • Published: Nov. 21, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-1936

    rc before 1.7.1-5 insecurely creates temporary files.... Read more

    Affected Products : debian_linux rc
    • Published: Nov. 21, 2019
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2014-1935

    9base 1:6-6 and 1:6-7 insecurely creates temporary files which results in predictable filenames.... Read more

    Affected Products : debian_linux 9base
    • Published: Nov. 21, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-1925

    SQL injection vulnerability in the MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote authenticated users to execute arbitrar... Read more

    Affected Products : koha
    • Published: Jan. 24, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-1924

    The MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 does not require authentication, which allows remote attackers to conduct SQL inject... Read more

    Affected Products : koha
    • Published: Jan. 24, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-1923

    Multiple directory traversal vulnerabilities in the (1) staff interface help editor (edithelp.pl) or (2) member-picupload.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allow remote attackers to write to a... Read more

    Affected Products : koha
    • Published: Jan. 24, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-1922

    Absolute path traversal vulnerability in tools/pdfViewer.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote attackers to read arbitrary files via unspecified vectors.... Read more

    Affected Products : koha
    • Published: Jan. 24, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2014-1889

    The Group creation process in the Buddypress plugin before 1.9.2 for WordPress allows remote authenticated users to gain control of arbitrary groups by leveraging a missing permissions check.... Read more

    Affected Products : buddypress
    • Published: Apr. 10, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-1867

    suPHP before 0.7.2 source-highlighting feature allows security bypass which could lead to arbitrary code execution... Read more

    Affected Products : suphp
    • Published: Dec. 13, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-1860

    Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities... Read more

    Affected Products : contao contao_cms
    • Published: Jan. 08, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2014-1859

    (1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file.... Read more

    Affected Products : enterprise_linux fedora numpy
    • Published: Jan. 08, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2014-1858

    __init__.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file.... Read more

    Affected Products : numpy
    • Published: Jan. 08, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-1846

    Enlightenment before 0.17.6 might allow local users to gain privileges via vectors involving the gdb method.... Read more

    Affected Products : enlightenment
    • Published: Apr. 27, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-1845

    An unspecified setuid root helper in Enlightenment before 0.17.6 allows local users to gain privileges by leveraging failure to properly sanitize the environment.... Read more

    Affected Products : enlightenment
    • Published: Apr. 27, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-1835

    The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to steal the login credentials by watching the process table.... Read more

    Affected Products : echor
    • Published: Feb. 02, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292849 Results