Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2014-100007

    Cross-site scripting (XSS) vulnerability in the HK Exif Tags plugin before 1.12 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via an EXIF tag. NOTE: some of these details are obtained from third party information.... Read more

    Affected Products : hk_exif_tags
    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-100006

    Multiple cross-site scripting (XSS) vulnerabilities in modules_v3/googlemap/wt_v3_street_view.php in webtrees before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) map, (2) streetview, or (3) reset parameter.... Read more

    Affected Products : webtrees
    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2014-100005

    Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) e... Read more

    Affected Products : dir-600_firmware dir-600
    • Actively Exploited
    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-100004

    Cross-site scripting (XSS) vulnerability in Sitecore CMS before 7.0 Update-4 (rev. 140120) allows remote attackers to inject arbitrary web script or HTML via the xmlcontrol parameter to the default URI. NOTE: some of these details are obtained from third... Read more

    Affected Products : cms
    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-100003

    SQL injection vulnerability in includes/ym-download_functions.include.php in the Code Futures YourMembers plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the ym_download_id parameter to the default URI.... Read more

    Affected Products : yourmembers
    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-100002

    Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the attach parameter to WorkOrder.do in the file attachment for a new ticket.... Read more

    Affected Products : manageengine_supportcenter_plus
    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-100001

    Cross-site request forgery (CSRF) vulnerability in the SEO Plugin LiveOptim plugin before 1.1.4-free for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. NO... Read more

    Affected Products : seo_plugin_liveoptim
    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2013-2604

    RealNetworks GameHouse RealArcade Installer (aka ActiveMARK Game Installer) 2.6.0.481 and 3.0.7 uses weak permissions (Create Files/Write Data) for the GameHouse Games directory tree, which allows local users to gain privileges via a Trojan horse DLL in a... Read more

    Affected Products : realarcade_installer
    • Published: Jan. 12, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2013-2603

    The RACInstaller.StateCtrl.1 ActiveX control in InstallerDlg.dll in RealNetworks GameHouse RealArcade Installer 2.6.0.481 performs unexpected type conversions for invalid parameter types, which allows remote attackers to execute arbitrary code or cause a ... Read more

    Affected Products : realarcade_installer
    • Published: Jan. 12, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2013-7420

    Buffer overflow in Hancom Office 2010 SE allows remote attackers to execute arbitrary via a long string in the Text attribute in a TEXTART XML element in an HML file.... Read more

    Affected Products : hancom_office_2010_se
    • Published: Jan. 12, 2015
    • Modified: Apr. 12, 2025

  • 4.9

    MEDIUM
    CVE-2014-6268

    The evtchn_fifo_set_pending function in Xen 4.4.x allows local guest users to cause a denial of service (host crash) via vectors involving an uninitialized FIFO-based event channel control block when (1) binding or (2) moving an event to a different VCPU.... Read more

    Affected Products : xen
    • Published: Jan. 12, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-2839

    SQL injection vulnerability in the GD Star Rating plugin 19.22 for WordPress allows remote administrators to execute arbitrary SQL commands via the s parameter in the gd-star-rating-stats page to wp-admin/admin.php.... Read more

    Affected Products : gd_star_rating
    • Published: Jan. 12, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-2838

    Multiple cross-site request forgery (CSRF) vulnerabilities in the GD Star Rating plugin 19.22 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct (1) SQL injection attacks via the s parameter in th... Read more

    Affected Products : gd_star_rating
    • Published: Jan. 12, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-9495

    Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image.... Read more

    Affected Products : libpng mac_os_x
    • Published: Jan. 10, 2015
    • Modified: Jun. 09, 2025

  • 5.0

    MEDIUM
    CVE-2015-0582

    The High Availability (HA) subsystem in Cisco NX-OS on MDS 9000 devices allows remote attackers to cause a denial of service via crafted traffic, aka Bug ID CSCuo09129.... Read more

    Affected Products : nx-os mds_9000
    • Published: Jan. 10, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-0564

    Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet that is imp... Read more

    • Published: Jan. 10, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-0563

    epan/dissectors/packet-smtp.c in the SMTP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 uses an incorrect length value for certain string-append operations, which allows remote attackers to cause a denial of service (application cr... Read more

    Affected Products : wireshark opensuse
    • Published: Jan. 10, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-0562

    Multiple use-after-free vulnerabilities in epan/dissectors/packet-dec-dnart.c in the DEC DNA Routing Protocol dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via... Read more

    Affected Products : wireshark
    • Published: Jan. 10, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-0561

    asn1/lpp/lpp.cnf in the LPP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not validate a certain index value, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a... Read more

    Affected Products : wireshark opensuse solaris
    • Published: Jan. 10, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-0560

    The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not initialize certain data structures, which allows remote attackers to cause a denial... Read more

    Affected Products : wireshark opensuse
    • Published: Jan. 10, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 293608 Results