Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.6

    CRITICAL
    CVE-2014-5039

    Cross-site scripting (XSS) vulnerability in Eucalyptus Management Console (EMC) 4.0.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : eucalyptus_management_console
    • Published: Jan. 31, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-5034

    Cross-site request forgery (CSRF) vulnerability in the Brute Force Login Protection module 1.3 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that have unknown impact via a crafted request to the brute... Read more

    Affected Products : brute_force_login_protection
    • Published: Apr. 06, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2014-5028

    The Original File and Patched File resources in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information from repository files by leveraging knowledge ... Read more

    Affected Products : review_board
    • Published: Mar. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-5014

    The WordPress Flash Uploader plugin before 3.1.3 for WordPress allows remote attackers to execute arbitrary commands via vectors related to invalid characters in image_magic_path.... Read more

    Affected Products : wordpress_flash_uploader
    • Published: Apr. 25, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-5013

    DOMPDF before 0.6.2 allows remote code execution, a related issue to CVE-2014-2383.... Read more

    Affected Products : dompdf
    • Published: Jan. 10, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2014-5012

    DOMPDF before 0.6.2 allows denial of service.... Read more

    Affected Products : dompdf
    • Published: Jan. 10, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2014-5011

    DOMPDF before 0.6.2 allows Information Disclosure.... Read more

    Affected Products : dompdf
    • Published: Jan. 10, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-5007

    Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90055 allows remote attackers to write to and execute arbitrary files as... Read more

    • Published: Jan. 17, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-5004

    lib/brbackup.rb in the brbackup gem 0.1.1 for Ruby places the database password on the mysql command line, which allows local users to obtain sensitive information by listing the process.... Read more

    Affected Products : brbackup
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2014-5003

    chef/travis-cookbooks/ci_environment/perlbrew/recipes/default.rb in the ciborg gem 3.0.0 for Ruby allows local users to write to arbitrary files and gain privileges via a symlink attack on /tmp/perlbrew-installer.... Read more

    Affected Products : ciborg
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-5002

    The lynx gem before 1.0.0 for Ruby places the configured password on command lines, which allows local users to obtain sensitive information by listing processes.... Read more

    Affected Products : lynx
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-5001

    lib/ksymfony1.rb in the kcapifony gem 2.1.6 for Ruby places database user passwords on the (1) mysqldump, (2) pg_dump, (3) mysql, and (4) psql command lines, which allows local users to obtain sensitive information by listing the processes.... Read more

    Affected Products : kcapifony
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-5000

    The login function in lib/lawn.rb in the lawn-login gem 0.0.7 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process.... Read more

    Affected Products : lawn-login
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-4999

    vendor/plugins/dataset/lib/dataset/database/mysql.rb in the kajam gem 1.0.3.rc2 for Ruby places the mysql user password on the (1) mysqldump command line in the capture function and (2) mysql command line in the restore function, which allows local users ... Read more

    Affected Products : kajam
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-4998

    test/tc_database.rb in the lean-ruport gem 0.3.8 for Ruby places the mysql user password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.... Read more

    Affected Products : lean-ruport
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-4997

    lib/commands/setup.rb in the point-cli gem 0.0.1 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process.... Read more

    Affected Products : point-cli
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2014-4996

    lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to write to arbitrary files via a symlink attack on /tmp/my.cnf.#{target_host}.... Read more

    Affected Products : vladtheenterprising
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2014-4995

    Race condition in lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to obtain sensitive information by reading the MySQL root password from a temporary file before it is removed.... Read more

    Affected Products : vladtheenterprising
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2014-4994

    lib/gyazo/client.rb in the gyazo gem 1.0.0 for Ruby allows local users to write to arbitrary files via a symlink attack on a temporary file, related to time-based filenames.... Read more

    Affected Products : gyazo
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-4993

    (1) lib/backup/cli/utility.rb in the backup-agoddard gem 3.0.28 and (2) lib/backup/cli/utility.rb in the backup_checksum gem 3.0.23 for Ruby place credentials on the openssl command line, which allows local users to obtain sensitive information by listing... Read more

    Affected Products : backup-agoddard backup_checksum
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293259 Results