2014 CVEs
9002 CVEs published in 2014. 275 critical, 481 high. Browse by vendor, severity, or with PoCs.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2014-125112 | Critical | 9.8 | 2026-03-26 | Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution. Plack::Middleware::Session::Cookie versions through 0.21 has a… |
CVE-2014-125117 | Critical | 9.8 | 2025-07-25 | A stack-based buffer overflow vulnerability in the my_cgi.cgi component of certain D-Link devices, including the DSP-W215 version 1.02, can be exploited via a… |
CVE-2014-7210 | Critical | 9.8 | 2025-06-26 | pdns specific as packaged in Debian in version before 3.3.1-1 creates a too privileged MySQL user. It was discovered that the maintainer scripts of pdns-backen… |
CVE-2014-0468 | Critical | 9.8 | 2025-06-26 | Vulnerability in fusionforge in the shipped Apache configuration, where the web server may execute scripts that the users would have uploaded in their raw SCM… |
CVE-2014-5470 | Critical | 9.8 | 2024-06-21 | Actual Analyzer through 2014-08-29 allows code execution via shell metacharacters because untrusted input is used for part of the input data passed to an eval… |
CVE-2014-125106 | Critical | 9.8 | 2023-06-17 | Nanopb before 0.3.1 allows size_t overflows in pb_dec_bytes and pb_dec_string. |
CVE-2014-125026 | Critical | 9.8 | 2022-12-27 | LZ4 bindings use a deprecated C API that is vulnerable to memory corruption, which could lead to arbitrary code execution if called with untrusted user input. |
CVE-2014-0156 | Critical | 9.8 | 2022-06-30 | Awesome spawn contains OS command injection vulnerability, which allows execution of additional commands passed to Awesome spawn as arguments. If untrusted inp… |
CVE-2014-9320 | Critical | 9.8 | 2021-08-09 | SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and consequently gain SYSTEM privileges via vect… |
CVE-2014-8945 | Critical | 9.8 | 2020-06-01 | admin.php?page=projects in Lexiglot through 2014-11-20 allows command injection via username and password fields. |
CVE-2014-8941 | Critical | 9.8 | 2020-06-01 | Lexiglot through 2014-11-20 allows SQL injection via an admin.php?page=users&from_id= or admin.php?page=history&limit= URI. |
CVE-2014-7175 | Critical | 9.8 | 2020-06-01 | FarLinX X25 Gateway through 2014-09-25 allows attackers to write arbitrary data to fsUI.xyz via fsSaveUIPersistence.php. |
CVE-2014-7173 | Critical | 9.8 | 2020-06-01 | FarLinX X25 Gateway through 2014-09-25 allows command injection via shell metacharacters to sysSaveMonitorData.php, fsx25MonProxy.php, syseditdate.php, iframeu… |
CVE-2014-1634 | Critical | 9.8 | 2020-03-09 | SQL Injection exists in Advanced Newsletter Magento extension before 2.3.5 via the /store/advancednewsletter/index/subscribeajax/an_category_id/ PATH_INFO. |
CVE-2014-4650 | Critical | 9.8 | 2020-02-20 | The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attacke… |
CVE-2014-4657 | Critical | 9.8 | 2020-02-20 | The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted… |
CVE-2014-3484 | Critical | 9.8 | 2020-02-20 | Multiple stack-based buffer overflows in the __dn_expand function in network/dn_expand.c in musl libc 1.1x before 1.1.2 and 0.9.13 through 1.0.3 allow remote a… |
CVE-2014-4678 | Critical | 9.8 | 2020-02-20 | The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted… |
CVE-2014-9614 | Critical | 9.8 | 2020-02-19 | The Web Panel in Netsweeper before 4.0.5 has a default password of branding for the branding account, which makes it easier for remote attackers to obtain acce… |
CVE-2014-9613 | Critical | 9.8 | 2020-02-19 | Multiple SQL injection vulnerabilities in Netsweeper before 2.6.29.10 allow remote attackers to execute arbitrary SQL commands via the (1) login parameter to w… |