Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2014-10021

    Unrestricted file upload vulnerability in UploadHandler.php in the WP Symposium plugin 14.11 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the fi... Read more

    Affected Products : wp_symposium wp_symposium
    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-10020

    SQL injection vulnerability in login.php in Simple e-document 1.31 allows remote attackers to execute arbitrary SQL commands via the username parameter.... Read more

    Affected Products : simple_e-document
    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-10019

    Multiple cross-site request forgery (CSRF) vulnerabilities in webconfig/wlan/country.html/country in the Teracom T2-B-Gawv1.4U10Y-BI modem allow remote attackers to hijack the authentication of administrators for requests that (1) change the SSID or (2) c... Read more

    Affected Products : t2-b-gawv1.4u10y-bi
    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-10018

    Cross-site scripting (XSS) vulnerability in webconfig/wlan/country.html/country in the Teracom T2-B-Gawv1.4U10Y-BI modem allows remote attackers to inject arbitrary web script or HTML via the essid parameter.... Read more

    Affected Products : t2-b-gawv1.4u10y-bi
    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-10017

    Multiple SQL injection vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) changeSort or (2) switch parameter in the usces_itemedit page to wp-admin/admin.php.... Read more

    Affected Products : e-commerce
    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-10016

    Multiple cross-site scripting (XSS) vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow remote attackers to inject arbitrary web script or HTML via (1) unspecified vectors related to purchase_limit or the (2) name, (3) intl, (4) no... Read more

    Affected Products : e-commerce
    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-10015

    SQL injection vulnerability in load-calendar.php in PHPJabbers Event Booking Calendar 2.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter.... Read more

    Affected Products : event_booking_calendar
    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-10014

    Multiple cross-site request forgery (CSRF) vulnerabilities in PHPJabbers Event Booking Calendar 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) change the username and password of the administrator via an up... Read more

    Affected Products : event_booking_calendar
    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-10013

    SQL injection vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the keywordphrase parameter in a dosearch action.... Read more

    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-10012

    Cross-site scripting (XSS) vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI.... Read more

    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-10011

    Stack-based buffer overflow in UltraCamLib in the UltraCam ActiveX Control (UltraCamX.ocx) for the TRENDnet SecurView camera TV-IP422WN allows remote attackers to execute arbitrary code via a long string to the (1) CGI_ParamSet, (2) OpenFileDlg, (3) SnapF... Read more

    Affected Products : tv-ip422w tv-ip422wn
    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-10010

    Directory traversal vulnerability in PHPJabbers Appointment Scheduler 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter in a pjActionDownload action to the pjBackup controller.... Read more

    Affected Products : appointment_scheduler
    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-10009

    Multiple cross-site scripting (XSS) vulnerabilities in Stark CRM 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, or (3) notes parameter to the client page; (4) insu_name or (5) price parameter to th... Read more

    Affected Products : stark_crm
    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-10008

    Multiple cross-site request forgery (CSRF) vulnerabilities in Stark CRM 1.0 allow remote attackers to hijack the authentication of administrators for requests that add (1) an administrator via a crafted request to the admin page, (2) an agent via a crafte... Read more

    Affected Products : stark_crm
    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-10007

    Multiple cross-site scripting (XSS) vulnerabilities in Maian Weblog 4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, or (3) subject parameter in a contact action to index.php.... Read more

    Affected Products : maian_weblog
    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-10006

    Multiple cross-site request forgery (CSRF) vulnerabilities in Maian Uploader 4.0 allow remote attackers to hijack the authentication of unspecified users for requests that conduct cross-site scripting (XSS) attacks via the width parameter to (1) uploader/... Read more

    Affected Products : maian_uploader
    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-10005

    Maian Uploader 4.0 allows remote attackers to obtain sensitive information via a request without the height parameter to load_flv.js.php, which reveals the installation path in an error message.... Read more

    Affected Products : maian_uploader
    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-10004

    SQL injection vulnerability in admin/data_files/move.php in Maian Uploader 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.... Read more

    Affected Products : maian_uploader
    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-10003

    Multiple cross-site scripting (XSS) vulnerabilities in Maian Uploader 4.0 allow remote attackers to inject arbitrary web script or HTML via the width parameter to (1) uploader/admin/js/load_flv.js.php or (2) uploader/js/load_flv.js.php.... Read more

    Affected Products : maian_uploader
    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-10002

    Unspecified vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to obtain sensitive information via unknown vectors.... Read more

    Affected Products : teamcity
    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 293612 Results