Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    MEDIUM
    CVE-2014-100025

    Cross-site request forgery (CSRF) vulnerability in index.php/user_data/insert_user in Savsoft Quiz allows remote attackers to hijack the authentication of administrators for requests that create an administrator account via a crafted request.... Read more

    Affected Products : savsoft_quiz
    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-100024

    Cross-site scripting (XSS) vulnerability in Seo Panel before 3.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : seo_panel
    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-100023

    Multiple cross-site scripting (XSS) vulnerabilities in question.php in the mTouch Quiz before 3.0.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the quiz parameter to wp-admin/edit.php.... Read more

    Affected Products : mtouch_quiz
    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-100022

    SQL injection vulnerability in question.php in the mTouch Quiz before 3.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the quiz parameter to wp-admin/edit.php.... Read more

    Affected Products : mtouch_quiz
    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-100021

    Cross-site scripting (XSS) vulnerability in symfony/web/index.php/pim/viewEmployeeList in OrangeHRM before 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the empsearch[employee_name][empId] parameter.... Read more

    Affected Products : orangehrm
    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-100020

    SQL injection vulnerability in ChangeEmail.php in iTechClassifieds 3.03.057 allows remote attackers to execute arbitrary SQL commands via the PreviewNum parameter. NOTE: the CatID parameter is already covered by CVE-2008-0685.... Read more

    Affected Products : itechclassifieds
    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-100019

    SQL injection vulnerability in the LTree converter in Pomm before 1.1.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.... Read more

    Affected Products : pomm
    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-100018

    Cross-site scripting (XSS) vulnerability in the Unconfirmed plugin before 1.2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter in the unconfirmed page to wp-admin/network/users.php.... Read more

    Affected Products : unconfirmed
    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-100017

    Cross-site scripting (XSS) vulnerability in canned_opr.php in PhpOnlineChat 3.0 allows remote attackers to inject arbitrary web script or HTML via the message field.... Read more

    Affected Products : phponlinechat
    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-100016

    Cross-site scripting (XSS) vulnerability in photocrati-gallery/ecomm-sizes.php in the Photocrati theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the prod_id parameter.... Read more

    Affected Products : photocrati
    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 6.4

    MEDIUM
    CVE-2014-100015

    Directory traversal vulnerability in pdmwService.exe in SolidWorks Workgroup PDM 2014 allows remote attackers to write to arbitrary files via a .. (dot dot) in the filename in a file upload.... Read more

    Affected Products : product_data_management
    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-100014

    Multiple stack-based buffer overflows in pdmwService.exe in SolidWorks Workgroup PDM 2014 SP2 allow remote attackers to execute arbitrary code via a long string in a (1) 2001, (2) 2002, or (3) 2003 opcode to port 3000.... Read more

    Affected Products : product_data_management
    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-100013

    Multiple cross-site scripting (XSS) vulnerabilities in clientResponse 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Subject or (2) Message field.... Read more

    Affected Products : clientresponse
    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-100012

    SQL injection vulnerability in /app in Sendy 1.1.8.4 allows remote attackers to execute arbitrary SQL commands via the i parameter.... Read more

    Affected Products : sendy
    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-100011

    SQL injection vulnerability in /send-to in Sendy 1.1.9.1 allows remote attackers to execute arbitrary SQL commands via the c parameter.... Read more

    Affected Products : sendy
    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2014-10030

    Open redirect vulnerability in forums/login.php in FluxBB before 1.4.13 and 1.5.x before 1.5.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter.... Read more

    Affected Products : fluxbb
    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-10029

    SQL injection vulnerability in profile.php in FluxBB before 1.4.13 and 1.5.x before 1.5.7 allows remote attackers to execute arbitrary SQL commands via the req_new_email parameter.... Read more

    Affected Products : fluxbb
    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-10028

    Cross-site scripting (XSS) vulnerability in D-Link DAP-1360 router with firmware 2.5.4 and later allows remote attackers to inject arbitrary web script or HTML via the res_buf parameter to index.cgi when res_config_id is set to 41.... Read more

    Affected Products : dap-1360_firmware dap-1360
    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-10027

    Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP-1360 router with firmware 2.5.4 and earlier allow remote attackers to hijack the authentication of unspecified users for requests that (1) change the MAC filter restrict mode, (2) ad... Read more

    Affected Products : dap-1360_firmware dap-1360
    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-10026

    index.cgi in D-Link DAP-1360 with firmware 2.5.4 and earlier allows remote attackers to bypass authentication and obtain sensitive information by setting the client_login cookie to admin.... Read more

    Affected Products : dap-1360_firmware dap-1360
    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 293616 Results