Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2014-8155

    GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid.... Read more

    Affected Products : gnutls
    • Published: Aug. 14, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-5234

    Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via a folder publication name.... Read more

    Affected Products : open-xchange_appsuite
    • Published: Sep. 17, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-8304

    Cross-site scripting (XSS) vulnerability in In-Portal CMS 5.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the next_template parameter to admin/index.php.... Read more

    Affected Products : in-portal
    • Published: Oct. 16, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-30915

    An issue was discovered in OpenDDS commit b1c534032bb62ad4ae32609778de6b8d6c823a66, allows a local attacker to cause a denial of service and obtain sensitive information via the max_samples parameter within the DataReaderQoS component.... Read more

    Affected Products : opendds
    • Published: Apr. 11, 2024
    • Modified: Jun. 17, 2025

  • 4.3

    MEDIUM
    CVE-2014-5212

    Cross-site scripting (XSS) vulnerability in nds/search/data in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote attackers to inject arbitrary web script or HTML via the rdn parameter.... Read more

    Affected Products : edirectory
    • Published: Dec. 19, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-5216

    Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allow remote attackers to inject arbitrary web script or HTML via (1) the location parameter in a dev.Empty action to nps/servlet/webacc, (2) the error ... Read more

    Affected Products : access_manager access_manager
    • Published: Dec. 23, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2020-36699

    The Quick Page/Post Redirect Plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the qppr_save_quick_redirect_ajax and qppr_delete_quick_redirect functions in versions up to, and including, 5.1.9. This makes it p... Read more

    • Published: Jun. 07, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-5237

    Server-side request forgery (SSRF) vulnerability in the documentconverter component in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allows remote attackers to trigger requests to arbitrary servers and embed arbitrary images v... Read more

    Affected Products : open-xchange_appsuite app_suite
    • Published: Dec. 01, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-5188

    Cross-site scripting (XSS) vulnerability in doemailpassword.tml in Lyris ListManager (LM) 8.95a allows remote attackers to inject arbitrary web script or HTML via the EmailAddr parameter.... Read more

    Affected Products : list_manager
    • Published: Aug. 07, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-5178

    Multiple cross-site scripting (XSS) vulnerabilities in Easy File Sharing (EFS) Web Server 6.8 allow remote authenticated users to inject arbitrary web script or HTML via the content parameter when (1) creating a topic or (2) posting an answer. NOTE: some... Read more

    Affected Products : easy_file_sharing_web_server
    • Published: Aug. 06, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-28151

    Jenkins HTML Publisher Plugin 1.32 and earlier archives invalid symbolic links in report directories on agents and recreates them on the controller, allowing attackers with Item/Configure permission to determine whether a path on the Jenkins controller fi... Read more

    Affected Products : html_publisher
    • Published: Mar. 06, 2024
    • Modified: May. 06, 2025

  • 4.3

    MEDIUM
    CVE-2014-5179

    The freelinking module for Drupal, as used in the Freelinking for Case Tracker module, does not properly check access permissions for (1) nodes or (2) users, which allows remote attackers to obtain sensitive information via a crafted link.... Read more

    • Published: Aug. 06, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-5139

    The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite witho... Read more

    Affected Products : openssl
    • Published: Aug. 13, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2007-2402

    QuickTime for Java in Apple Quicktime before 7.2 does not perform sufficient "access control," which allows remote attackers to obtain sensitive information (screen content) via crafted Java applets.... Read more

    Affected Products : quicktime
    • Published: Jul. 15, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2020-36668

    The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to sensitive information disclosure in versions up to, and including, 1.4.0 due to a lack of proper capability checking on the backup_guard_get_manual_modal function called vi... Read more

    Affected Products : jetbackup
    • Published: Mar. 07, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-42951

    The issue was addressed with improved handling of caches. This issue is fixed in iOS 17.1 and iPadOS 17.1. A user may be unable to delete browsing history items.... Read more

    Affected Products : iphone_os ipad_os ipados
    • Published: Feb. 21, 2024
    • Modified: Dec. 03, 2024

  • 4.3

    MEDIUM
    CVE-2014-8724

    Cross-site scripting (XSS) vulnerability in the W3 Total Cache plugin before 0.9.4.1 for WordPress, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via the "Cache key" in the HTML-Comments, as demonstrated by the... Read more

    Affected Products : w3_total_cache total_cache
    • Published: Dec. 19, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-5147

    Xen 4.4.x, when running a 64-bit kernel on an ARM system, does not properly handle traps from the guest domain that use a different address width, which allows local guest users to cause a denial of service (host crash) via a crafted 32-bit process.... Read more

    Affected Products : xen
    • Published: Aug. 29, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-29977

    Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6 fail to properly validate synced reactions, when shared channels are enabled, which allows a malicious remote to create arbitrary reactions on arbitrary posts... Read more

    Affected Products : mattermost_server mattermost
    • Published: Aug. 01, 2024
    • Modified: Aug. 23, 2024

  • 4.3

    MEDIUM
    CVE-2014-5191

    Cross-site scripting (XSS) vulnerability in the Preview plugin before 4.4.3 in CKEditor allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : ckeditor
    • Published: Aug. 07, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293654 Results