Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2014-8363

    SQL injection vulnerability in ss_handler.php in the WordPress Spreadsheet (wpSS) plugin 0.62 for WordPress allows remote attackers to execute arbitrary SQL commands via the ss_id parameter.... Read more

    Affected Products : wordpress_spreadsheet
    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-5169

    Cross-site scripting (XSS) vulnerability in the Date module before 7.x-2.8 for Drupal allows remote authenticated users with the permission to create a date field to inject arbitrary web script or HTML via the date field title.... Read more

    Affected Products : date
    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-5026

    Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a (1) Graph Tree Title in a delete or (2) edit action; (3) CDEF Name, (4) Data Input Method... Read more

    Affected Products : debian_linux opensuse cacti
    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-5025

    Cross-site scripting (XSS) vulnerability in data_sources.php in Cacti 0.8.8b allows remote authenticated users with console access to inject arbitrary web script or HTML via the name_cache parameter in a ds_edit action.... Read more

    Affected Products : debian_linux opensuse cacti
    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-3564

    Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related t... Read more

    Affected Products : ubuntu_linux debian_linux gpgme
    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-8331

    Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3236 before E3276sTCPU-V200R002B470D13SP00C00 and E3276sWebUI-V100R007B100D03SP01C03 and E3276 before E3236sTCPU-V200R002B146D41SP00C00 and E3236sWebUI-V100R007B100D03SP01C03 all... Read more

    Affected Products : e3236_firmware e3276_firmware
    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-8330

    Cross-site scripting (XSS) vulnerability in EspoCRM allows remote authenticated users to inject arbitrary web script or HTML via the Name field in a new account.... Read more

    Affected Products : espocrm
    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-5276

    Multiple cross-site scripting (XSS) vulnerabilities in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to inject arbitrary web script or HTML via (1) an uploaded profile picture or (2) the edit parameter to profiles/index.php.... Read more

    Affected Products : text_chat_rooms text_chat_rooms
    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2014-5275

    Multiple SQL injection vulnerabilities in includes/functions.php in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) password, (2) email, or (3) id parameter.... Read more

    Affected Products : text_chat_rooms
    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2014-3978

    SQL injection vulnerability in TomatoCart 1.1.8.6.1 allows remote authenticated users to execute arbitrary SQL commands via the First Name and Last Name fields in a new address book contact.... Read more

    Affected Products : tomatocart
    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-3830

    Cross-site scripting (XSS) vulnerability in info.php in TomatoCart 1.1.8.6.1 allows remote attackers to inject arbitrary web script or HTML via the faqs_id parameter.... Read more

    Affected Products : tomatocart
    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025

  • 4.6

    MEDIUM
    CVE-2012-5697

    The btinstall installation script in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 uses weak permissions (777) for all files in the frameworkgui/ directory, which allows local users to obtain sensitive information or inject arbitrary Perl ... Read more

    Affected Products : smartphone_pentest_framework
    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2012-5696

    Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 does not properly restrict access to frameworkgui/config, which allows remote attackers to obtain the plaintext database password via a direct request.... Read more

    Affected Products : smartphone_pentest_framework
    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2012-5695

    Multiple cross-site request forgery (CSRF) vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allow remote attackers to hijack the authentication of administrators for requests that conduct (1) shell metacharacter or (... Read more

    Affected Products : smartphone_pentest_framework
    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2012-5694

    Multiple SQL injection vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allow remote attackers to execute arbitrary SQL commands via the (1) agentPhNo, (2) controlPhNo, (3) agentURLPath, (4) agentControlKey, or (5) platform... Read more

    Affected Products : smartphone_pentest_framework
    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-8329

    Schrack Technik microControl with firmware before 1.7.0 (937) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain access data for the ftp and telnet services via a direct request for ZT... Read more

    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-5449

    Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data.... Read more

    Affected Products : webapp webaccess
    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-5448

    Zarafa 5.00 uses world-readable permissions for the files in the log directory, which allows local users to obtain sensitive information by reading the log files.... Read more

    Affected Products : zarafa
    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-5447

    Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0... Read more

    Affected Products : zarafa webapp
    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-5098

    Cross-site scripting (XSS) vulnerability in the Search module before 1.2.2 in Jamroom allows remote attackers to inject arbitrary web script or HTML via the query string to search/results/.... Read more

    Affected Products : search_module
    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 294516 Results