Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2014-7959

    SQL injection vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tableprefix parameter.... Read more

    Affected Products : bulletproof_security
    • Published: Nov. 06, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-7958

    Cross-site scripting (XSS) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dbhost parameter.... Read more

    Affected Products : bulletproof_security
    • Published: Nov. 06, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-5257

    Multiple cross-site scripting (XSS) vulnerabilities in Forma Lms before 1.2.1 p01 allow remote attackers to inject arbitrary web script or HTML via the (1) id_custom parameter in an amanmenu request or (2) id_game parameter in an alms/games/edit request t... Read more

    Affected Products : formalms
    • Published: Nov. 06, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-4664

    Cross-site scripting (XSS) vulnerability in the Wordfence Security plugin before 5.1.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the whoisval parameter on the WordfenceWhois page to wp-admin/admin.php.... Read more

    Affected Products : wordfence_security
    • Published: Nov. 06, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-0995

    The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the Trace Pattern.... Read more

    Affected Products : netweaver
    • Published: Nov. 06, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-8622

    Cross-site scripting (XSS) vulnerability in compfight-search.php in the Compfight plugin 1.4 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the search-value parameter.... Read more

    Affected Products : compfight
    • Published: Nov. 05, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-8549

    libavcodec/on2avc.c in FFmpeg before 2.4.2 does not constrain the number of channels to at most 2, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted On2 data.... Read more

    Affected Products : ffmpeg
    • Published: Nov. 05, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-8548

    Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Quicktime Graphics (aka SMC) video data.... Read more

    Affected Products : ubuntu_linux ffmpeg
    • Published: Nov. 05, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-8547

    libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute image heights, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted GIF data.... Read more

    Affected Products : ubuntu_linux ffmpeg
    • Published: Nov. 05, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-8546

    Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Cinepak video data.... Read more

    Affected Products : ffmpeg
    • Published: Nov. 05, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-8545

    libavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the monochrome-black format without verifying that the bits-per-pixel value is 1, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impac... Read more

    Affected Products : ffmpeg
    • Published: Nov. 05, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-8544

    libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bits-per-pixel fields, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted TIFF data.... Read more

    Affected Products : ubuntu_linux ffmpeg
    • Published: Nov. 05, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-8543

    libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all lines of HHV Intra blocks during validation of image height, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via ... Read more

    Affected Products : ubuntu_linux ffmpeg
    • Published: Nov. 05, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-8542

    libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID during enforcement of alignment, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted JV data.... Read more

    Affected Products : ubuntu_linux debian_linux ffmpeg
    • Published: Nov. 05, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-8541

    libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension differences, and not bits-per-pixel differences, when determining whether an image size has changed, which allows remote attackers to cause a denial of service (out-of-bounds access) or... Read more

    Affected Products : ubuntu_linux ffmpeg
    • Published: Nov. 05, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-8326

    Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table ... Read more

    Affected Products : phpmyadmin opensuse
    • Published: Nov. 05, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-5417

    Cross-site scripting (XSS) vulnerability in Meinberg NTP Server firmware on LANTIME M-Series devices 6.15.019 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    • Published: Nov. 05, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-5408

    Cross-site scripting (XSS) vulnerability in the login script in the Wind Farm Portal on Nordex Control 2 (NC2) SCADA devices 15 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter.... Read more

    • Published: Nov. 05, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-4834

    IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application crash) via a crafted XM... Read more

    Affected Products : websphere_commerce
    • Published: Nov. 05, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-4810

    IBM Cognos Mobile 10.1.1 before FP3 IF1, 10.2.0 before FP2 IF1, and 10.2.1 before FP4 IF1 preserves a session between the Cognos Mobile server and the Cognos Business Intelligence server after a logoff action on a mobile device, which makes it easier for ... Read more

    Affected Products : cognos_mobile
    • Published: Nov. 05, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293695 Results