Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2014-5276

    Multiple cross-site scripting (XSS) vulnerabilities in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to inject arbitrary web script or HTML via (1) an uploaded profile picture or (2) the edit parameter to profiles/index.php.... Read more

    Affected Products : text_chat_rooms text_chat_rooms
    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2014-5275

    Multiple SQL injection vulnerabilities in includes/functions.php in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) password, (2) email, or (3) id parameter.... Read more

    Affected Products : text_chat_rooms
    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2014-3978

    SQL injection vulnerability in TomatoCart 1.1.8.6.1 allows remote authenticated users to execute arbitrary SQL commands via the First Name and Last Name fields in a new address book contact.... Read more

    Affected Products : tomatocart
    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-3830

    Cross-site scripting (XSS) vulnerability in info.php in TomatoCart 1.1.8.6.1 allows remote attackers to inject arbitrary web script or HTML via the faqs_id parameter.... Read more

    Affected Products : tomatocart
    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025

  • 4.6

    MEDIUM
    CVE-2012-5697

    The btinstall installation script in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 uses weak permissions (777) for all files in the frameworkgui/ directory, which allows local users to obtain sensitive information or inject arbitrary Perl ... Read more

    Affected Products : smartphone_pentest_framework
    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2012-5696

    Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 does not properly restrict access to frameworkgui/config, which allows remote attackers to obtain the plaintext database password via a direct request.... Read more

    Affected Products : smartphone_pentest_framework
    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2012-5695

    Multiple cross-site request forgery (CSRF) vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allow remote attackers to hijack the authentication of administrators for requests that conduct (1) shell metacharacter or (... Read more

    Affected Products : smartphone_pentest_framework
    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2012-5694

    Multiple SQL injection vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allow remote attackers to execute arbitrary SQL commands via the (1) agentPhNo, (2) controlPhNo, (3) agentURLPath, (4) agentControlKey, or (5) platform... Read more

    Affected Products : smartphone_pentest_framework
    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-8329

    Schrack Technik microControl with firmware before 1.7.0 (937) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain access data for the ftp and telnet services via a direct request for ZT... Read more

    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-5449

    Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data.... Read more

    Affected Products : webapp webaccess
    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-5448

    Zarafa 5.00 uses world-readable permissions for the files in the log directory, which allows local users to obtain sensitive information by reading the log files.... Read more

    Affected Products : zarafa
    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-5447

    Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0... Read more

    Affected Products : zarafa webapp
    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-5098

    Cross-site scripting (XSS) vulnerability in the Search module before 1.2.2 in Jamroom allows remote attackers to inject arbitrary web script or HTML via the query string to search/results/.... Read more

    Affected Products : search_module
    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-5094

    Status2k allows remote attackers to obtain configuration information via a phpinfo action in a request to status/index.php, which calls the phpinfo function.... Read more

    Affected Products : status2k
    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-2081

    Multiple SQL injection vulnerabilities in the login in web_reports/cgi-bin/InfoStation.cgi in Innovative vtls-Virtua before 2013.2.4 and 2014.x before 2014.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password p... Read more

    Affected Products : vtls-virtua
    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-5866

    Cross-site scripting (XSS) vulnerability in include.php in Achievo 1.4.5 allows remote attackers to inject arbitrary web script or HTML via the field parameter.... Read more

    Affected Products : achievo
    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2012-5865

    SQL injection vulnerability in dispatch.php in Achievo 1.4.5 allows remote authenticated users to execute arbitrary SQL commands via the activityid parameter in a stats action.... Read more

    Affected Products : achievo
    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2012-5701

    Multiple SQL injection vulnerabilities in dotProject before 2.1.7 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search_string or (2) where parameter in a contacts action, (3) dept_id parameter in a departments act... Read more

    Affected Products : dotproject
    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-6308

    Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a render action to oc-admin/index.php.... Read more

    Affected Products : osclass
    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-6280

    Multiple cross-site scripting (XSS) vulnerabilities in OSClass before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) action or (2) nsextt parameter to oc-admin/index.php or the (3) nsextt parameter in an items_reported act... Read more

    Affected Products : osclass
    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 294449 Results