Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2015-0552

    Directory traversal vulnerability in the gcab_folder_extract function in libgcab/gcab-folder.c in gcab 0.4 allows remote attackers to write to arbitrary files via crafted path in a CAB file, as demonstrated by "\tmp\moo."... Read more

    Affected Products : opensuse gcab
    • EPSS Score: %1.00
    • Published: Jan. 15, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2014-9595

    Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Spool System, aka SAP Note ... Read more

    Affected Products : sap_kernel sap_kernel
    • EPSS Score: %1.68
    • Published: Jan. 15, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2014-9594

    Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the ABAP VM, aka SAP Note 20597... Read more

    Affected Products : sap_kernel sap_kernel
    • EPSS Score: %1.68
    • Published: Jan. 15, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-9593

    Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to obtain private keys via a listSslCerts API call.... Read more

    Affected Products : cloudstack
    • EPSS Score: %2.70
    • Published: Jan. 15, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-9587

    Multiple cross-site request forgery (CSRF) vulnerabilities in Roundcube Webmail before 1.0.4 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to (1) address book operations or the (2) ACL or (3) Manag... Read more

    Affected Products : webmail roundcube_webmail
    • EPSS Score: %3.58
    • Published: Jan. 15, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-9570

    Multiple cross-site scripting (XSS) vulnerabilities in the MyWebsiteAdvisor Simple Security plugin 1.1.5 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) datefilter parameter in the access_log page to wp-... Read more

    Affected Products : simple_security
    • EPSS Score: %0.24
    • Published: Jan. 15, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-9561

    Cross-site scripting (XSS) vulnerability in redir_last_post_list.php in SoftBB 0.1.3 allows remote attackers to inject arbitrary web script or HTML via the post parameter.... Read more

    Affected Products : softbb
    • EPSS Score: %0.26
    • Published: Jan. 15, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-9560

    SQL injection vulnerability in redir_last_post_list.php in SoftBB 0.1.3 allows remote attackers to execute arbitrary SQL commands via the post parameter.... Read more

    Affected Products : softbb
    • EPSS Score: %0.52
    • Published: Jan. 15, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2014-9308

    Unrestricted file upload vulnerability in inc/amfphp/administration/banneruploaderscript.php in the WP EasyCart (aka WordPress Shopping Cart) plugin before 3.0.9 allows remote authenticated users to execute arbitrary code by uploading a file with an execu... Read more

    Affected Products : wp_easycart wp-easycart
    • EPSS Score: %82.90
    • Published: Jan. 15, 2015
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2014-8870

    Open redirect vulnerability in mobiquo/smartbanner/welcome.php in the Tapatalk (com.tapatalk.wbb4) plugin before 1.1.2 for Woltlab Burning Board 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in... Read more

    Affected Products : tapatalk
    • EPSS Score: %0.25
    • Published: Jan. 15, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-8869

    Multiple cross-site scripting (XSS) vulnerabilities in mobiquo/smartbanner/welcome.php in the Tapatalk (com.tapatalk.wbb4) plugin 1.x before 1.1.2 for Woltlab Burning Board 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) app_... Read more

    Affected Products : tapatalk
    • EPSS Score: %0.38
    • Published: Jan. 15, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-8738

    The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (invalid write, segmentation fault, and crash) via a crafted extended name table in an archive.... Read more

    • EPSS Score: %5.94
    • Published: Jan. 15, 2015
    • Modified: Apr. 12, 2025

  • 4.6

    MEDIUM
    CVE-2014-8398

    Multiple untrusted search path vulnerabilities in Corel FastFlick allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) igfxcmrt32.dll, (2) ipl.dll, (3) MSPStyleLib.dll, (4) uFioUtil.dll, (5) uhDSPlay.dll, (6... Read more

    Affected Products : fastflick
    • EPSS Score: %7.89
    • Published: Jan. 15, 2015
    • Modified: Apr. 12, 2025

  • 4.6

    MEDIUM
    CVE-2014-8397

    Untrusted search path vulnerability in Corel VideoStudio PRO X7 or FastFlick allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse u32ZLib.dll file that is located in the same folder as the file being processed.... Read more

    Affected Products : fastflick videostudio_pro
    • EPSS Score: %7.89
    • Published: Jan. 15, 2015
    • Modified: Apr. 12, 2025

  • 4.6

    MEDIUM
    CVE-2014-8396

    Untrusted search path vulnerability in Corel PDF Fusion allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse quserex.dll file that is located in the same folder as the file being processed.... Read more

    Affected Products : pdf_fusion
    • EPSS Score: %7.89
    • Published: Jan. 15, 2015
    • Modified: Apr. 12, 2025

  • 4.6

    MEDIUM
    CVE-2014-8395

    Untrusted search path vulnerability in Corel Painter 2015 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wacommt.dll file that is located in the same folder as the file being processed.... Read more

    Affected Products : painter
    • EPSS Score: %7.89
    • Published: Jan. 15, 2015
    • Modified: Apr. 12, 2025

  • 4.6

    MEDIUM
    CVE-2014-8394

    Multiple untrusted search path vulnerabilities in Corel CAD 2014 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) FxManagedCommands_3.08_9.tx or (2) TD_Mgd_3.08_9.dll file in the current working director... Read more

    Affected Products : corelcad
    • EPSS Score: %7.89
    • Published: Jan. 15, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-8153

    The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using radvd 2.0+, allows remote authenticated users to cause a denial of service (blocked router update processing) by creating eight routers and assigning an ipv6 non-provider subnet to eac... Read more

    Affected Products : neutron router_advertisement_daemon
    • EPSS Score: %0.71
    • Published: Jan. 15, 2015
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2014-8151

    The darwinssl_connect_step1 function in lib/vtls/curl_darwinssl.c in libcurl 7.31.0 through 7.39.0, when using the DarwinSSL (aka SecureTransport) back-end for TLS, does not check if a cached TLS session validated the certificate when reusing the session,... Read more

    Affected Products : curl mac_os_x libcurl
    • EPSS Score: %0.42
    • Published: Jan. 15, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-8150

    CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL.... Read more

    Affected Products : ubuntu_linux debian_linux curl libcurl
    • EPSS Score: %2.15
    • Published: Jan. 15, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291618 Results