Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2014-2885

    Multiple integer overflows in TrueCrypt 7.1a allow local users to (1) obtain sensitive information via vectors involving a crafted item->OriginalLength value in the MainThreadProc function in EncryptedIoQueue.c or (2) cause a denial of service (memory con... Read more

    Affected Products : truecrypt
    • Published: Mar. 19, 2018
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2014-2884

    The ProcessVolumeDeviceControlIrp function in Ntdriver.c in TrueCrypt 7.1a allows local users to bypass access restrictions and obtain sensitive information about arbitrary files via a (1) TC_IOCTL_OPEN_TEST or (2) TC_IOCTL_GET_SYSTEM_DRIVE_CONFIG IOCTL c... Read more

    Affected Products : truecrypt
    • Published: Mar. 19, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-2875

    The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated based on OS time, which allows remote attackers to hijack arbitrary sessions via a brute force attack. NOTE: CVE-2014-10399 and CVE-2014-10400 were SPLIT from th... Read more

    Affected Products : cgilua
    • Published: Feb. 06, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-2843

    Cross-site scripting (XSS) vulnerability in infoware MapSuite MapAPI 1.0.x before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : mapsuite
    • Published: Jan. 31, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-2727

    The STARTTLS implementation in MailMarshal before 7.2 allows plaintext command injection.... Read more

    Affected Products : mailmarshal
    • Published: Feb. 19, 2020
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2014-2723

    In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and ... Read more

    • Published: Mar. 19, 2020
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2014-2722

    In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and ... Read more

    • Published: Mar. 19, 2020
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2014-2721

    In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and ... Read more

    • Published: Mar. 19, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-2686

    Ansible prior to 1.5.4 mishandles the evaluation of some strings.... Read more

    Affected Products : ansible
    • Published: Jan. 09, 2020
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2014-2680

    The update process in Xmind 3.4.1 and earlier allow remote attackers to execute arbitrary code via a man-in-the-middle attack.... Read more

    Affected Products : xmind
    • Published: Jan. 21, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2014-2675

    Cross-site request forgery (CSRF) vulnerability in inc/AdminPage.php in the WP HTML Sitemap plugin 1.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete the sitemap via a request to the wp-html-s... Read more

    Affected Products : wp-html-sitemap
    • Published: Mar. 19, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-2674

    Directory traversal vulnerability in the Ajax Pagination (twitter Style) plugin 1.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the loop parameter in an ajax_navigation action to wp-admin/admin-ajax.php.... Read more

    Affected Products : ajax-pagination
    • Published: Mar. 19, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-2652

    SQL injection vulnerability in OpenScape Deployment Service (DLS) before 6.x and 7.x before R1.11.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.... Read more

    Affected Products : openscape_deployment_service
    • Published: Mar. 19, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-2651

    Unify OpenStage/OpenScape Desk Phone IP SIP before V3 R3.11.0 has an authentication bypass in the default mode of the Workpoint Interface... Read more

    • Published: Jan. 09, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-2650

    Unify OpenStage / OpenScape Desk Phone IP before V3 R3.11.0 SIP has an OS command injection vulnerability in the web based management interface... Read more

    • Published: Jan. 09, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-2595

    Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.... Read more

    Affected Products : web_application_firewall
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-2592

    Unrestricted file upload vulnerability in Aruba Web Management portal allows remote attackers to execute arbitrary code by uploading a file with an executable extension.... Read more

    Affected Products : web_management_portal
    • Published: Mar. 09, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-2581

    Smb4K before 1.1.1 allows remote attackers to obtain credentials via vectors related to the cuid option in the "Additional options" line edit.... Read more

    Affected Products : fedora smb4k
    • Published: Jan. 28, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-2560

    The PhonerLite phone before 2.15 provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue.... Read more

    Affected Products : phonerlite
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-2552

    Brookins Consulting (BC) Collected Information Export extension for eZ Publish 1.1.0 does not properly restrict access, which allows remote attackers to gain access to sensitive data.... Read more

    Affected Products : collected_information_export
    • Published: Apr. 27, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293350 Results