Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2014-2208

    CRLF injection vulnerability in the LightProcess protocol implementation in hphp/util/light-process.cpp in Facebook HipHop Virtual Machine (HHVM) before 2.4.2 allows remote attackers to execute arbitrary commands by entering a \n (newline) character befor... Read more

    Affected Products : hiphop_virtual_machine
    • Published: Dec. 28, 2014
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2012-1415

    Cross-site request forgery (CSRF) vulnerability in lib/logout.php in DFLabs PTK 1.0.5 and earlier allows remote attackers to hijack the authentication of administrators or investigators for requests that trigger a logout.... Read more

    Affected Products : ptk
    • Published: Dec. 28, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-1303

    Multiple cross-site scripting (XSS) vulnerabilities in amCharts Flash 1 allow remote attackers to inject arbitrary web script or HTML via the (1) data_file or (2) settings_file parameter to ampie.swf; the message element in the chart_data parameter to (3)... Read more

    Affected Products : flash
    • Published: Dec. 28, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-1302

    Multiple cross-site scripting (XSS) vulnerabilities in amMap 2.6.3 allow remote attackers to inject arbitrary web script or HTML via the (1) data_file or (2) settings_file parameter to ammap.swf, or (3) the data_file parameter to amtimeline.swf.... Read more

    Affected Products : ammap
    • Published: Dec. 28, 2014
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2011-4722

    Directory traversal vulnerability in the TFTP Server 1.0.0.24 in Ipswitch WhatsUp Gold allows remote attackers to read arbitrary files via a .. (dot dot) in the Filename field of an RRQ operation.... Read more

    Affected Products : tftp_server
    • Published: Dec. 28, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2010-5075

    Integer overflow in aswFW.sys 5.0.594.0 in Avast! Internet Security 5.0 Korean Trial allows local users to cause a denial of service (memory corruption and panic) via a crafted IOCTL_ASWFW_COMM_PIDINFO_RESULTS DeviceIoControl request to \\.\aswFW.... Read more

    Affected Products : avast\!_internet_security
    • Published: Dec. 28, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2013-4663

    git_http_controller.rb in the redmine_git_hosting plugin for Redmine allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the service parameter to info/refs, related to the get_info_refs function or (2) the reqfile argumen... Read more

    Affected Products : redmine_git_hosting_plugin
    • Published: Dec. 28, 2014
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2012-1203

    Cross-site request forgery (CSRF) vulnerability in starnet/index.php in SyndeoCMS 3.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that add user accounts via a save_user action.... Read more

    Affected Products : syndeocms
    • Published: Dec. 28, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2011-4720

    Hillstone HS TFTP Server 1.3.2 allows remote attackers to cause a denial of service (daemon crash) via a long filename in a (1) RRQ or (2) WRQ operation.... Read more

    Affected Products : hs_tftp_server
    • Published: Dec. 28, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-6919

    The default configuration of phpThumb before 1.7.12 has a false value for the disable_debug option, which allows remote attackers to conduct Server-Side Request Forgery (SSRF) attacks via the src parameter.... Read more

    Affected Products : phpthumb
    • Published: Dec. 27, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2013-6241

    The Birthday widget in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14, in certain user-id sharing scenarios, does not properly construct a SQL statement for next-year birthdays, which allows remote authenti... Read more

    Affected Products : open-xchange_appsuite
    • Published: Dec. 27, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2013-6227

    Unrestricted file upload vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) before 5.0.4 allows remote attackers to execute arbitrary code by uploading an executable file, and then accessing this fil... Read more

    Affected Products : pydio ajaxplorer
    • Published: Dec. 27, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2013-6043

    The login function in Softaculous Webuzo before 2.1.4 provides different error messages for invalid authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of requests.... Read more

    Affected Products : webuzo
    • Published: Dec. 27, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2013-6041

    index.php in Softaculous Webuzo before 2.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in a SOFTCookies sid cookie within a login action.... Read more

    Affected Products : webuzo
    • Published: Dec. 27, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2013-5958

    The Security component in Symfony 2.0.x before 2.0.25, 2.1.x before 2.1.13, 2.2.x before 2.2.9, and 2.3.x before 2.3.6 allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, ... Read more

    Affected Products : symfony
    • Published: Dec. 27, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2013-4793

    The update function in umbraco.webservices/templates/templateService.cs in the TemplateService component in Umbraco CMS before 6.0.4 does not require authentication, which allows remote attackers to execute arbitrary ASP.NET code via a crafted SOAP reques... Read more

    Affected Products : umbraco_cms
    • Published: Dec. 27, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-9188

    Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-8514. NOTE: this may be ... Read more

    Affected Products : proclima
    • Published: Dec. 27, 2014
    • Modified: Jul. 24, 2025

  • 7.5

    HIGH
    CVE-2014-8514

    Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-9188. NOTE: this may be ... Read more

    Affected Products : proclima
    • Published: Dec. 27, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-8513

    Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8514 and CVE-2014-9188. NOTE: this may be ... Read more

    Affected Products : proclima
    • Published: Dec. 27, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-8512

    Buffer overflow in an ActiveX control in Atx45.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8511. NOTE: this may be clarified later base... Read more

    Affected Products : proclima
    • Published: Dec. 27, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293609 Results