Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2014-9506

    MantisBT before 1.2.18 does not properly check permissions when sending an email that indicates when a monitored issue is related to another issue, which allows remote authenticated users to obtain sensitive information about restricted issues.... Read more

    Affected Products : mantisbt
    • Published: Jan. 04, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-9277

    The wfMangleFlashPolicy function in OutputHandler.php in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7 allows remote attackers to conduct PHP object injection attacks via a crafted string containing <cross-domain... Read more

    Affected Products : mediawiki
    • Published: Jan. 04, 2015
    • Modified: Apr. 12, 2025

  • 5.1

    MEDIUM
    CVE-2014-9276

    Cross-site request forgery (CSRF) vulnerability in the Special:ExpandedTemplates page in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgRawHTML is set to true, allows remote attackers to hijack the authen... Read more

    Affected Products : mediawiki
    • Published: Jan. 04, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2013-2131

    Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service (crash) via format string specifiers to the rrdtool.graph function.... Read more

    Affected Products : rrdtool
    • Published: Jan. 04, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-9464

    SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parent_id variable.... Read more

    Affected Products : microweber cockpit
    • Published: Jan. 03, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2010-5320

    Multiple cross-site request forgery (CSRF) vulnerabilities in MemHT Portal 4.0.1 allow remote attackers to hijack the authentication of administrators for requests that (1) modify settings via a configuration action to admin.php, (2) modify articles via a... Read more

    Affected Products : memht_portal
    • Published: Jan. 03, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2010-5319

    Multiple cross-site request forgery (CSRF) vulnerabilities in Kandidat CMS 1.4.2 allow remote attackers to hijack the authentication of administrators for requests that (1) modify settings via a validate action to admin/settings.php, (2) modify pages via ... Read more

    Affected Products : kandidat_cms
    • Published: Jan. 03, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2010-5318

    The password-reset feature in as/index.php in SweetRice CMS before 0.6.7.1 allows remote attackers to modify the administrator's password by specifying the administrator's e-mail address in the email parameter.... Read more

    Affected Products : sweetrice
    • Published: Jan. 03, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2010-5317

    Multiple SQL injection vulnerabilities in index.php in SweetRice CMS before 0.6.7.1 allow remote attackers to execute arbitrary SQL commands via (1) the file_name parameter in an attachment action, (2) the post parameter in a show_comment action, (3) the ... Read more

    Affected Products : sweetrice
    • Published: Jan. 03, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2010-5316

    Cross-site scripting (XSS) vulnerability in as/index.php in SweetRice CMS before 0.6.7.1 allows remote attackers to inject arbitrary web script or HTML via a top_height cookie.... Read more

    Affected Products : sweetrice
    • Published: Jan. 03, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2010-5315

    Multiple cross-site request forgery (CSRF) vulnerabilities in BEdita before 3.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create categories via a data array to news/saveCategories or (2) modify credentials... Read more

    Affected Products : bedita bedita
    • Published: Jan. 03, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2010-5314

    Cross-site scripting (XSS) vulnerability in controllers/home_controller.php in BEdita before 3.1 allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter to news/index.... Read more

    Affected Products : bedita bedita
    • Published: Jan. 03, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-9427

    sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins with a #... Read more

    Affected Products : php
    • Published: Jan. 03, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-9461

    Directory traversal vulnerability in models/Cart66.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to read arbitrary files via a .. (dot dot) in the member_download action to wp-admin/admin-ajax.php.... Read more

    Affected Products : cart66_lite
    • Published: Jan. 02, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2013-7418

    cgi-bin/iptablesgui.cgi in IPCop (aka IPCop Firewall) before 2.1.5 allows remote authenticated users to execute arbitrary code via shell metacharacters in the TABLE parameter. NOTE: this can be exploited remotely by leveraging a separate cross-site scrip... Read more

    Affected Products : ipcop
    • Published: Jan. 02, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2014-9428

    The batadv_frag_merge_packets function in net/batman-adv/fragmentation.c in the B.A.T.M.A.N. implementation in the Linux kernel through 3.18.1 uses an incorrect length field during a calculation of an amount of memory, which allows remote attackers to cau... Read more

    Affected Products : linux_kernel
    • Published: Jan. 02, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-9460

    Multiple cross-site request forgery (CSRF) vulnerabilities in the WP-ViperGB plugin before 1.3.11 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or c... Read more

    Affected Products : wp-vipergb
    • Published: Jan. 02, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-9459

    Cross-site request forgery (CSRF) vulnerability in the AdminObserver function in e107_admin/users.php in e107 2.0 alpha2 allows remote attackers to hijack the authentication of administrators for requests that add users to the administrator group via the ... Read more

    Affected Products : e107
    • Published: Jan. 02, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-9458

    Heap-based buffer overflow in the GDB debugger module in Hex-Rays IDA Pro before 6.6 cumulative fix 2014-12-24 allows remote GDB servers to have unspecified impact via unknown vectors.... Read more

    Affected Products : ida
    • Published: Jan. 02, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2014-9457

    SQL injection vulnerability in classes/mono_display.class.php in PMB 4.1.3 and earlier allows remote authenticated users to execute arbitrary SQL commands via the id parameter to catalog.php.... Read more

    Affected Products : pmb
    • Published: Jan. 02, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 293614 Results