Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.9

    MEDIUM
    CVE-2014-5430

    Untrusted search path vulnerability in ABB RobotStudio 5.6x before 5.61.02 and Test Signal Viewer 1.5 allows local users to gain privileges via a Trojan horse DLL that is accessed as a result of incorrect DLL configuration by an optional installation prog... Read more

    Affected Products : robotstudio test_signal_viewer
    • Published: Nov. 07, 2014
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2014-4627

    SQL injection vulnerability in EMC RSA Web Threat Detection 4.x before 4.6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.... Read more

    • Published: Nov. 07, 2014
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2014-3439

    ConsoleServlet in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to write to arbitrary files via unspecified vectors.... Read more

    Affected Products : endpoint_protection_manager
    • Published: Nov. 07, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-3438

    Multiple cross-site scripting (XSS) vulnerabilities in console interface scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : endpoint_protection_manager
    • Published: Nov. 07, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-3437

    The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an en... Read more

    Affected Products : endpoint_protection_manager
    • Published: Nov. 07, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-2179

    The Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to upload files to arbitrary locations via a crafted HTTP request, aka Bug ID CSCuh86998.... Read more

    • Published: Nov. 07, 2014
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-2178

    Cross-site request forgery (CSRF) vulnerability in the administrative web interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to hijack the ... Read more

    • Published: Nov. 07, 2014
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2014-2177

    The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote authenticated users to execute arbitrary commands via a cra... Read more

    • Published: Nov. 07, 2014
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2014-6030

    Multiple SQL injection vulnerabilities in ClassApps SelectSurvey.NET before 4.125.002 allow (1) remote attackers to execute arbitrary SQL commands via the SurveyID parameter to survey/ReviewReadOnlySurvey.aspx or (2) remote authenticated users to execute ... Read more

    Affected Products : selectsurvey.net
    • Published: Nov. 06, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-5451

    Cross-site scripting (XSS) vulnerability in manager/templates/default/header.tpl in MODX Revolution 2.3.1-pl and earlier allows remote attackers to inject arbitrary web script or HTML via the "a" parameter to manager/. NOTE: this issue exists because of ... Read more

    Affected Products : modx_revolution
    • Published: Nov. 06, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-5258

    Directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.... Read more

    Affected Products : webedition_cms
    • Published: Nov. 06, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2014-8670

    Open redirect vulnerability in go.php in vBulletin 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.... Read more

    Affected Products : vbulletin
    • Published: Nov. 06, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-8669

    The SAP Promotion Guidelines (CRM-MKT-MPL-TPM-PPG) module for SAP CRM allows remote attackers to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : customer_relationship_management
    • Published: Nov. 06, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-8668

    SQL injection vulnerability in SAP Contract Accounting allows remote attackers to execute arbitrary SQL commands via unspecified vectors.... Read more

    Affected Products : contract_accounting
    • Published: Nov. 06, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-8667

    Cross-site scripting (XSS) vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    • Published: Nov. 06, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-8666

    The User & Server configuration, InfoView refresh, user rights (BI-BIP-ADM) component in SAP Business Intellignece allows remote attackers to obtain audit event details via unspecified vectors.... Read more

    • Published: Nov. 06, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-8665

    The SAP Business Intelligence Development Workbench allows remote attackers to obtain sensitive information by reading unspecified files.... Read more

    • Published: Nov. 06, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-8664

    SQL injection vulnerability in Product Safety (EHS-SAF) component in SAP Environment, Health, and Safety Management allows remote attackers to execute arbitrary SQL commands via unspecified vectors.... Read more

    Affected Products : environment_health_and_safety
    • Published: Nov. 06, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-8663

    SQL injection vulnerability in Data Basis (BW-WHM-DBA) in SAP NetWeaver Business Warehouse allows remote attackers to execute arbitrary SQL commands via unspecified vectors.... Read more

    Affected Products : netweaver_business_warehouse
    • Published: Nov. 06, 2014
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2014-8662

    Unspecified vulnerability in SAP Payroll Process allows remote attackers to cause a denial of service via vectors related to session handling.... Read more

    Affected Products : payroll_process
    • Published: Nov. 06, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293948 Results