Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2014-3764

    Cross-site scripting (XSS) vulnerability in the web-based device management interface in Palo Alto Networks PAN-OS before 5.0.15, 5.1.x before 5.1.10, and 6.0.x before 6.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified ve... Read more

    Affected Products : pan-os
    • Published: Jan. 06, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-3628

    Cross-site scripting (XSS) vulnerability in the Admin UI Plugin / Stats page in Apache Solr 4.x before 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the fieldvaluecache object.... Read more

    Affected Products : solr
    • Published: Jan. 06, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-9526

    Multiple cross-site scripting (XSS) vulnerabilities in concrete5 5.7.2.1, 5.7.2, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gName parameter in single_pages/dashboard/users/groups/bulkupdate.php or (2) instance_id... Read more

    Affected Products : concrete_cms concrete5
    • Published: Jan. 05, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-9525

    Multiple cross-site request forgery (CSRF) vulnerabilities in the Timed Popup (wp-timed-popup) plugin 1.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vect... Read more

    Affected Products : timed_popup
    • Published: Jan. 05, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-9524

    Multiple cross-site request forgery (CSRF) vulnerabilities in the Facebook Like Box (cardoza-facebook-like-box) plugin before 2.8.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin set... Read more

    Affected Products : facebook_like_box
    • Published: Jan. 05, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-9523

    Multiple cross-site request forgery (CSRF) vulnerabilities in the Our Team Showcase (our-team-enhanced) plugin before 1.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via ... Read more

    Affected Products : our_team_showcase
    • Published: Jan. 05, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-9522

    Multiple cross-site scripting (XSS) vulnerabilities in CMS Papoo Light 6.0.0 (Rev 4701) allow remote attackers to inject arbitrary web script or HTML via the (1) author field to guestbook.php or (2) username field to account.php.... Read more

    Affected Products : cms_papoo_light
    • Published: Jan. 05, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-9521

    Unrestricted file upload vulnerability in uploadScript.php in InfiniteWP Admin Panel before 2.4.4, when the allWPFiles query parameter is set, allows remote attackers to execute arbitrary code by uploading a file with a double extension, then accessing it... Read more

    Affected Products : infinitewp infinitewp_admin_panel
    • Published: Jan. 05, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-9520

    SQL injection vulnerability in execute.php in InfiniteWP Admin Panel before 2.4.4 allows remote attackers to execute arbitrary SQL commands via the historyID parameter.... Read more

    Affected Products : infinitewp infinitewp_admin_panel
    • Published: Jan. 05, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-9519

    SQL injection vulnerability in login.php in InfiniteWP Admin Panel before 2.4.3 allows remote attackers to execute arbitrary SQL commands via the email parameter.... Read more

    Affected Products : infinitewp infinitewp_admin_panel
    • Published: Jan. 05, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-9518

    Cross-site scripting (XSS) vulnerability in login.cgi in D-Link router DIR-655 (rev Bx) with firmware before 2.12b01 allows remote attackers to inject arbitrary web script or HTML via the html_response_page parameter.... Read more

    Affected Products : dir-655_firmware dir-655
    • Published: Jan. 05, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-9517

    Cross-site scripting (XSS) vulnerability in D-link IP camera DCS-2103 with firmware before 1.20 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to vb.htm.... Read more

    Affected Products : dcs-2103_firmware dcs-2103
    • Published: Jan. 05, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-9516

    Cross-site scripting (XSS) vulnerability in Social Microblogging PRO 1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI, related to the "Web Site" input in the Profile section.... Read more

    Affected Products : social_microblogging_pro
    • Published: Jan. 05, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-9389

    Directory traversal vulnerability in Sonatype Nexus OSS and Pro before 2.11.1-01 allows remote attackers to read or write to arbitrary files via unspecified vectors.... Read more

    Affected Products : nexus
    • Published: Jan. 05, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-8085

    Unrestricted file upload vulnerability in the CWebContact::doModel method in oc-includes/osclass/controller/contact.php in OSClass before 3.4.3 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing ... Read more

    Affected Products : osclass
    • Published: Jan. 05, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-8084

    Directory traversal vulnerability in oc-includes/osclass/controller/ajax.php in OSClass before 3.4.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ajaxfile parameter in a custom action.... Read more

    Affected Products : osclass
    • Published: Jan. 05, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-8083

    SQL injection vulnerability in the Search::setJsonAlert method in OSClass before 3.4.3 allows remote attackers to execute arbitrary SQL commands via the alert parameter in a search alert subscription action.... Read more

    Affected Products : osclass
    • Published: Jan. 05, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-2598

    Cross-site request forgery (CSRF) vulnerability in the Quick Page/Post Redirect plugin before 5.0.5 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the q... Read more

    Affected Products : quick_page\/post_redirect
    • Published: Jan. 05, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-1679

    Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite before 7.2.2-rev31, 7.4.0 before 7.4.0-rev27, and 7.4.1 before 7.4.1-rev17 allows remote attackers to inject arbitrary web script or HTML via the header in an attached SVG file.... Read more

    Affected Products : open-xchange_appsuite
    • Published: Jan. 05, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-9509

    The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set to all or cached, allows remote attackers to have an unspecified impact (possibly resource consump... Read more

    Affected Products : typo3
    • Published: Jan. 04, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 294356 Results