Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2014-8592

    Unspecified vulnerability in SAP Host Agent, as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via a crafted request.... Read more

    Affected Products : netweaver
    • Published: Nov. 04, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-8591

    Unspecified vulnerability in SAP Internet Communication Manager (ICM), as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via unknown vectors.... Read more

    Affected Products : netweaver
    • Published: Nov. 04, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-8590

    XML external entity (XXE) vulnerability in the Web Service Navigator in SAP NetWeaver Application Server (AS) Java allows remote attackers to access arbitrary files via a crafted request.... Read more

    Affected Products : netweaver_java_application_server
    • Published: Nov. 04, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-8589

    Integer overflow in SAP Network Interface Router (SAProuter) 40.4 allows remote attackers to cause a denial of service (resource consumption) via crafted requests.... Read more

    Affected Products : network_interface_router
    • Published: Nov. 04, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-8588

    SQL injection vulnerability in metadata.xsjs in SAP HANA 1.00.60.379371 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.... Read more

    Affected Products : hana hana
    • Published: Nov. 04, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-8587

    SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors.... Read more

    • Published: Nov. 04, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-8586

    SQL injection vulnerability in the CP Multi View Event Calendar plugin 1.01 for WordPress allows remote attackers to execute arbitrary SQL commands via the calid parameter.... Read more

    • Published: Nov. 04, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-8585

    Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the fname parameter to (1) views/file_download.php or (2) file_download.php.... Read more

    • Published: Nov. 04, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-8584

    Cross-site scripting (XSS) vulnerability in the Web Dorado Spider Video Player (aka WordPress Video Player) plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : web-dorado_spider_video_player
    • Published: Nov. 04, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-8339

    SQL injection vulnerability in midroll.php in Nuevolab Nuevoplayer for ClipShare 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ch parameter.... Read more

    Affected Products : clipshare nuevoplayer
    • Published: Nov. 04, 2014
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2014-7176

    SQL injection vulnerability in Enalean Tuleap before 7.5.99.4 allows remote authenticated users to execute arbitrary SQL commands via the lobal_txt parameter to plugins/docman.... Read more

    Affected Products : tuleap
    • Published: Nov. 04, 2014
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2014-5387

    Multiple SQL injection vulnerabilities in EllisLab ExpressionEngine before 2.9.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) column_filter or (2) category[] parameter to system/index.php or the (3) tbl_sort[0][] paramete... Read more

    Affected Products : expressionengine expressionengine
    • Published: Nov. 04, 2014
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2013-7057

    Cross-site request forgery (CSRF) vulnerability in Axway SecureTransport 5.1 SP2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that upload arbitrary files via a crafted request to api/v1.0/files/.... Read more

    Affected Products : securetransport
    • Published: Nov. 04, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-4311

    Epicor Enterprise 7.4 before FS74SP6_HotfixTL054181 allows attackers to obtain the (1) Database Connection and (2) E-mail Connection passwords by reading HTML source code of the database connection and email settings page.... Read more

    Affected Products : epicor_enterprise
    • Published: Nov. 04, 2014
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2014-0204

    OpenStack Identity (Keystone) before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges that are assigned to a group with the same ID.... Read more

    Affected Products : keystone
    • Published: Nov. 03, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2013-0336

    The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c in the directory server (dirsrv) in FreeIPA before 3.2.0 allows remote attackers to cause a denial of service (crash) via a connection request without a username/dn, rel... Read more

    Affected Products : freeipa
    • Published: Nov. 03, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-7228

    Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, 3.x through 3.2.5, and 3.3.0 through 3.3.4; Akeeba Backup for Joomla! Professional 3.0.0 through 4.0.2; Backup Professional for WordPress 1.0.b1 through 1.1.3; Solo 1.0.b1 through 1.1.... Read more

    Affected Products : joomla\!
    • Published: Nov. 03, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-0490

    The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote attackers to execute arbitrary code via a crafted package.... Read more

    Affected Products : linux_kernel advanced_package_tool apt
    • Published: Nov. 03, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-0489

    APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package.... Read more

    Affected Products : advanced_package_tool apt
    • Published: Nov. 03, 2014
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-0488

    APT before 1.0.9 does not "invalidate repository data" when moving from an unauthenticated to authenticated state, which allows remote attackers to have unspecified impact via crafted repository data.... Read more

    Affected Products : advanced_package_tool apt
    • Published: Nov. 03, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 294519 Results