Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2014-9476

    MediaWiki 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote attackers to bypass CORS restrictions in $wgCrossSiteAJAXdomains via a domain that has a partial match to an allowed origin, as demonstrated by "http://en.wikipedi... Read more

    Affected Products : mediawiki
    • Published: Jan. 16, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-9475

    Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.19.23, 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote authenticated users to inject arbitrary web script or HTML via a wikitext message.... Read more

    Affected Products : mediawiki
    • Published: Jan. 16, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-9471

    The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date command.... Read more

    Affected Products : ubuntu_linux coreutils
    • Published: Jan. 16, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2014-7814

    SQL injection vulnerability in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 allows remote authenticated users to execute arbitrary SQL commands via a crafted REST API request to an SQL filter.... Read more

    Affected Products : cloudforms_3.1_management_engine
    • Published: Jan. 16, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2014-6386

    Juniper Junos 11.4 before 11.4R8, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R9, 12.3R2 before 12.3R2-S3, 12.3 before 12.3R3, 13.1 before 13.1R4, and 13.2 before 13.2R1 a... Read more

    Affected Products : junos junos
    • Published: Jan. 16, 2015
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2014-6385

    Juniper Junos 11.4 before 11.4R13, 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D15, 12.2 before 12.2R9, 12.3R7 before 12.3R7-S1, 12.3 before 12.3R8, 13.1 before 13.1R5, 13.2 before 13.2R6, 13.3 before 13.3R4, 14.1 before... Read more

    Affected Products : junos junos
    • Published: Jan. 16, 2015
    • Modified: Apr. 12, 2025

  • 6.9

    MEDIUM
    CVE-2014-6384

    Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D25, 12.1X47 before 12.1X47-D15, 12.3 before 12.3R9, 13.1 before 13.1R4-S3, 13.2 before 13.2R6, 13.3 before 13.3R5, 14.1 before 14.1R3, and 14.2 before 14.2R1 does not properly handle double... Read more

    Affected Products : junos junos
    • Published: Jan. 16, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-6383

    The stateless firewall in Juniper Junos 13.3R3, 14.1R1, and 14.1R2, when using Trio-based PFE modules, does not properly match ports, which might allow remote attackers to bypass firewall rule.... Read more

    Affected Products : junos junos
    • Published: Jan. 16, 2015
    • Modified: Apr. 12, 2025

  • 7.1

    HIGH
    CVE-2014-6382

    The Juniper MX Series routers with Junos 13.3R3 through 13.3Rx before 13.3R6, 14.1 before 14.1R4, 14.1X50 before 14.1X50-D70, and 14.2 before 14.2R2, when configured as a broadband edge (BBE) router, allows remote attackers to cause a denial of service (j... Read more

    Affected Products : junos mx10 mx104 mx2010 mx2020 mx240 mx40 mx480 mx80 mx960 +1 more products
    • Published: Jan. 16, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-3692

    The customization template in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 uses a default password for the root account when a password is not specified for a new image, which allows remote attackers to gain privileges.... Read more

    Affected Products : cloudforms_3.1_management_engine
    • Published: Jan. 16, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2014-1949

    GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-screensaver, and other applications, allows physically proximate attackers to bypass the lock screen by pressing the menu button.... Read more

    Affected Products : gtk linux_mint ubuntu
    • Published: Jan. 16, 2015
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2015-1060

    Open redirect vulnerability in lib/Cake/Controller/Controller.php in AdaptCMS 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header.... Read more

    Affected Products : adaptcms adaptcms
    • Published: Jan. 16, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-1059

    Unrestricted file upload vulnerability in admin/files/add in AdaptCMS 3.0.3 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in /app/webroot/upload... Read more

    Affected Products : adaptcms adaptcms
    • Published: Jan. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-1058

    Multiple cross-site scripting (XSS) vulnerabilities in AdaptCMS 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) data[Category][title] parameter to admin/categories/add, (2) data[Field][title] parameter to admin/fields/ajax_... Read more

    Affected Products : adaptcms adaptcms
    • Published: Jan. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-1057

    Cross-site scripting (XSS) vulnerability in usersettings.php in e107 2.0.0 allows remote attackers to inject arbitrary web script or HTML via the "Real Name" value.... Read more

    Affected Products : e107
    • Published: Jan. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-1056

    Cross-site scripting (XSS) vulnerability in Brother MFC-J4410DW printer with firmware before L allows remote attackers to inject arbitrary web script or HTML via the url parameter to general/status.html and possibly other pages.... Read more

    Affected Products : mfc-j4410dw_firmware mfc-j4410dw
    • Published: Jan. 16, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-1055

    SQL injection vulnerability in the Photo Gallery plugin 1.2.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the order_by parameter in a GalleryBox action to wp-admin/admin-ajax.php.... Read more

    Affected Products : photo_gallery
    • Published: Jan. 16, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-1054

    Cross-site scripting (XSS) vulnerability in the Games feature in Crea8Social 2.0 allows remote authenticated users to inject arbitrary web script or HTML via the Game Content field in Add Game.... Read more

    Affected Products : crea8social
    • Published: Jan. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-1053

    Cross-site scripting (XSS) vulnerability in the administrative backend in Croogo before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the path parameter to admin/file_manager/file_manager/editfile.... Read more

    Affected Products : croogo
    • Published: Jan. 16, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2014-9600

    Untrusted search path vulnerability in Macroplant iExplorer 3.6.3.0 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse itunesmobiledevice.dll.... Read more

    Affected Products : iexplorer
    • Published: Jan. 16, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 293592 Results