Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2014-7293

    Cross-site scripting (XSS) vulnerability in the logon page in NYU OpenSSO Integration 2.1 and earlier for Ex Libris Patron Directory Services (PDS) allows remote attackers to inject arbitrary web script or HTML via the url parameter.... Read more

    Affected Products : opensso_integration
    • Published: Jan. 02, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-9443

    Cross-site scripting (XSS) vulnerability in the Relevanssi plugin before 3.3.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : relevanssi
    • Published: Jan. 02, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2014-9442

    SQL injection vulnerability in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the q parameter in a promotionProductSearch action to wp-admin/admin-ajax.php... Read more

    Affected Products : cart66_lite
    • Published: Jan. 02, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-9441

    Multiple cross-site request forgery (CSRF) vulnerabilities in the Lightbox Photo Gallery plugin 1.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or... Read more

    Affected Products : lightbox_photo_gallery
    • Published: Jan. 02, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-9440

    SQL injection vulnerability in browse.php in phpMyRecipes 1.2.2 allows remote attackers to execute arbitrary SQL commands via the category parameter.... Read more

    Affected Products : phpmyrecipes
    • Published: Jan. 02, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-9439

    Cross-site scripting (XSS) vulnerability in Easy File Sharing Web Server 6.8 allows remote attackers to inject arbitrary web script or HTML via the username field during registration, which is not properly handled by forum.ghp.... Read more

    Affected Products : easy_file_sharing_web_server
    • Published: Jan. 02, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-9438

    Cross-site request forgery (CSRF) vulnerability in the Moderator Control Panel in vBulletin 4.2.2 allows remote attackers to hijack the authentication of administrators for requests that (1) ban a user via the username parameter in a dobanuser action to m... Read more

    Affected Products : vbulletin
    • Published: Jan. 02, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-9437

    Multiple cross-site request forgery (CSRF) vulnerabilities in the Sliding Social Icons plugin 1.61 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or ... Read more

    Affected Products : sliding_social_icons
    • Published: Jan. 02, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-9436

    Absolute path traversal vulnerability in SysAid On-Premise before 14.4.2 allows remote attackers to read arbitrary files via a \\\\ (four backslashes) in the fileName parameter to getRdsLogFile.... Read more

    Affected Products : sysaid
    • Published: Jan. 02, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2014-9435

    Multiple SQL injection vulnerabilities in Absolut Engine 1.73 allow remote authenticated users to execute arbitrary SQL commands via the (1) sectionID parameter to admin/managersection.php, (2) userID parameter to admin/edituser.php, (3) username paramete... Read more

    Affected Products : absolut_engine
    • Published: Jan. 02, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-9434

    Cross-site scripting (XSS) vulnerability in admin/managerrelated.php in the administrative backend in Absolut Engine 1.73 allows remote authenticated users to inject arbitrary web script or HTML via the title parameter.... Read more

    Affected Products : absolut_engine
    • Published: Jan. 02, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-7417

    Cross-site scripting (XSS) vulnerability in cgi-bin/ipinfo.cgi in IPCop (aka IPCop Firewall) before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING. NOTE: this can be used to bypass the cross-site request forgery... Read more

    Affected Products : ipcop
    • Published: Jan. 02, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2011-5318

    Multiple cross-site request forgery (CSRF) vulnerabilities in diafan.CMS before 5.1 allow remote attackers to hijack the authentication of administrators for requests that (1) modify articles via a save_post action to admin/news/saveNEWS_ID/, (2) modify s... Read more

    Affected Products : diafan.cms
    • Published: Jan. 01, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2011-5317

    Cross-site scripting (XSS) vulnerability in editText.php in WonderCMS before 0.4 allows remote attackers to inject arbitrary web script or HTML via the content parameter.... Read more

    Affected Products : wondercms
    • Published: Jan. 01, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2011-5316

    Cross-site request forgery (CSRF) vulnerability in admin/index.php in Cambio 0.5a nightly r37 allows remote attackers to hijack the authentication of administrators for requests that modify credentials via a user save action.... Read more

    Affected Products : cambio
    • Published: Jan. 01, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2011-5315

    Cross-site request forgery (CSRF) vulnerability in admin/index.php in whCMS 0.115 alpha allows remote attackers to hijack the authentication of administrators for requests that modify credentials via a user save action.... Read more

    Affected Products : whcms
    • Published: Jan. 01, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2011-5314

    templates/default/index.php in Redaxscript 0.3.2 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message.... Read more

    Affected Products : redaxscript
    • Published: Jan. 01, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2011-5313

    Multiple SQL injection vulnerabilities in includes/password.php in Redaxscript 0.3.2 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) password parameter to the password_reset program.... Read more

    Affected Products : redaxscript
    • Published: Jan. 01, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2011-5312

    Multiple cross-site scripting (XSS) vulnerabilities in Gollos 2.8 allow remote attackers to inject arbitrary web script or HTML via the returnurl parameter to (1) register.aspx, (2) publication/info.aspx, or (3) user/add.aspx, or (4) the q parameter to pr... Read more

    Affected Products : gollos
    • Published: Jan. 01, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2011-5311

    Cross-site request forgery (CSRF) vulnerability in pages.php in Wikipad 1.6.0 allows remote attackers to hijack the authentication of administrators for requests that modify pages via the data[text] parameter.... Read more

    Affected Products : wikipad
    • Published: Jan. 01, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 293620 Results