Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2013-6919

    The default configuration of phpThumb before 1.7.12 has a false value for the disable_debug option, which allows remote attackers to conduct Server-Side Request Forgery (SSRF) attacks via the src parameter.... Read more

    Affected Products : phpthumb
    • Published: Dec. 27, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2013-6241

    The Birthday widget in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14, in certain user-id sharing scenarios, does not properly construct a SQL statement for next-year birthdays, which allows remote authenti... Read more

    Affected Products : open-xchange_appsuite
    • Published: Dec. 27, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2013-6227

    Unrestricted file upload vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) before 5.0.4 allows remote attackers to execute arbitrary code by uploading an executable file, and then accessing this fil... Read more

    Affected Products : pydio ajaxplorer
    • Published: Dec. 27, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2013-6043

    The login function in Softaculous Webuzo before 2.1.4 provides different error messages for invalid authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of requests.... Read more

    Affected Products : webuzo
    • Published: Dec. 27, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2013-6041

    index.php in Softaculous Webuzo before 2.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in a SOFTCookies sid cookie within a login action.... Read more

    Affected Products : webuzo
    • Published: Dec. 27, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2013-5958

    The Security component in Symfony 2.0.x before 2.0.25, 2.1.x before 2.1.13, 2.2.x before 2.2.9, and 2.3.x before 2.3.6 allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, ... Read more

    Affected Products : symfony
    • Published: Dec. 27, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2013-4793

    The update function in umbraco.webservices/templates/templateService.cs in the TemplateService component in Umbraco CMS before 6.0.4 does not require authentication, which allows remote attackers to execute arbitrary ASP.NET code via a crafted SOAP reques... Read more

    Affected Products : umbraco_cms
    • Published: Dec. 27, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-9188

    Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-8514. NOTE: this may be ... Read more

    Affected Products : proclima
    • Published: Dec. 27, 2014
    • Modified: Jul. 24, 2025

  • 7.5

    HIGH
    CVE-2014-8514

    Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-9188. NOTE: this may be ... Read more

    Affected Products : proclima
    • Published: Dec. 27, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-8513

    Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8514 and CVE-2014-9188. NOTE: this may be ... Read more

    Affected Products : proclima
    • Published: Dec. 27, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-8512

    Buffer overflow in an ActiveX control in Atx45.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8511. NOTE: this may be clarified later base... Read more

    Affected Products : proclima
    • Published: Dec. 27, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-8511

    Buffer overflow in an ActiveX control in Atx45.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8512. NOTE: this may be clarified later base... Read more

    Affected Products : proclima proclima
    • Published: Dec. 27, 2014
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2014-0748

    apinit on Cray devices with CLE before 4.2.UP02 and 5.x before 5.1.UP00 does not use alpsauth data to validate the UID in a launch message, which allows local users to gain privileges via a modified aprun program, aka ID FN5912.... Read more

    Affected Products : cray_linux_environment
    • Published: Dec. 27, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-4769

    The cloud controller (aka CLC) component in Eucalyptus 3.3.x and 3.4.x before 3.4.2, when the dns.recursive.enabled setting is used, allows remote attackers to cause a denial of service (traffic amplification) via spoofed DNS queries.... Read more

    Affected Products : eucalyptus
    • Published: Dec. 26, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-4754

    Multiple cross-site scripting (XSS) vulnerabilities in Owl Intranet Knowledgebase 1.10 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Search field to browse.php or (2) the Title field to prefs.php.... Read more

    Affected Products : intranet_knowledgebase
    • Published: Dec. 26, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-4753

    Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.11.9 and earlier allow remote authenticated users to inject arbitrary web script or HTML via (1) the Search field in an inbox action to messaging/messagebox.php, (2) the "First name" field... Read more

    Affected Products : claroline
    • Published: Dec. 26, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2011-3623

    Multiple stack-based buffer overflows in VideoLAN VLC media player before 1.0.2 allow remote attackers to execute arbitrary code via (1) a crafted ASF file, related to the ASF_ObjectDumpDebug function in modules/demux/asf/libasf.c; (2) a crafted AVI file,... Read more

    Affected Products : vlc_media_player
    • Published: Dec. 26, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2010-2062

    Integer underflow in the real_get_rdt_chunk function in real.c, as used in modules/access/rtsp/real.c in VideoLAN VLC media player before 1.0.1 and stream/realrtsp/real.c in MPlayer before r29447, allows remote attackers to execute arbitrary code via a cr... Read more

    Affected Products : vlc_media_player
    • Published: Dec. 26, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2010-1445

    Heap-based buffer overflow in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted byte stream in an RTMP session.... Read more

    Affected Products : vlc_media_player
    • Published: Dec. 26, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2010-1444

    The ZIP archive decompressor in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted archive.... Read more

    Affected Products : vlc_media_player
    • Published: Dec. 26, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293620 Results