Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2014-3743

    Multiple cross-site scripting (XSS) vulnerabilities in the Marked module before 0.3.1 for Node.js allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) gfm codeblocks (language) or (2) javascript url's.... Read more

    Affected Products : marked
    • EPSS Score: %0.58
    • Published: Jan. 06, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-3719

    Multiple SQL injection vulnerabilities in cgi-bin/review_m.cgi in Ex Libris ALEPH 500 (Integrated library management system) 18.1 and 20 allow remote attackers to execute arbitrary SQL commands via the (1) find, (2) lib, or (3) sid parameter.... Read more

    Affected Products : aleph_500
    • EPSS Score: %1.24
    • Published: Jan. 30, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-3718

    Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/tag_m.cgi in Ex Libris ALEPH 500 (Integrated library management system) 18.1 and 20 allow remote attackers to inject arbitrary web script or HTML via the (1) find, (2) lib, or (3) sid paramete... Read more

    Affected Products : aleph_500
    • EPSS Score: %0.37
    • Published: Jan. 30, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2014-3701

    eDeploy has tmp file race condition flaws... Read more

    Affected Products : jboss_enterprise_web_server edeploy
    • EPSS Score: %0.45
    • Published: Dec. 15, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-3700

    eDeploy through at least 2014-10-14 has remote code execution due to eval() of untrusted data... Read more

    Affected Products : jboss_enterprise_web_server edeploy
    • EPSS Score: %3.14
    • Published: Nov. 21, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-3699

    eDeploy has RCE via cPickle deserialization of untrusted data... Read more

    Affected Products : jboss_enterprise_web_server edeploy
    • EPSS Score: %0.99
    • Published: Dec. 15, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-3656

    JBoss KeyCloak: XSS in login-status-iframe.html... Read more

    Affected Products : jboss_keycloak
    • EPSS Score: %0.34
    • Published: Dec. 10, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-3655

    JBoss KeyCloak is vulnerable to soft token deletion via CSRF... Read more

    • EPSS Score: %0.18
    • Published: Nov. 13, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-3652

    JBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect URL.... Read more

    Affected Products : keycloak jboss_keycloak
    • EPSS Score: %0.22
    • Published: Dec. 15, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-3650

    Multiple persistent cross-site scripting (XSS) flaws were found in the way Aerogear handled certain user-supplied content. A remote attacker could use these flaws to compromise the application with specially crafted input.... Read more

    Affected Products : jboss_aerogear
    • EPSS Score: %0.16
    • Published: Jul. 01, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-3649

    JBoss AeroGear has reflected XSS via the password field... Read more

    Affected Products : jboss_aerogear
    • EPSS Score: %0.34
    • Published: Nov. 04, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-3648

    The simplepush server iterates through the application installations and pushes a notification to the server provided by deviceToken. But this is user controlled. If a bogus applications is registered with bad deviceTokens, one can generate endless except... Read more

    Affected Products : jboss_aerogear
    • EPSS Score: %0.32
    • Published: Jul. 01, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-3643

    jersey: XXE via parameter entities not disabled by the jersey SAX parser... Read more

    Affected Products : jersey
    • EPSS Score: %0.42
    • Published: Dec. 15, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-3626

    The Grails Resource Plugin often has to exchange URIs for resources with other internal components. Those other components will decode any URI passed to them. To protect against directory traversal the Grails Resource Plugin did the following: normalized ... Read more

    Affected Products : resources
    • EPSS Score: %1.03
    • Published: Mar. 19, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-3622

    Use-after-free vulnerability in the add_post_var function in the Posthandler component in PHP 5.6.x before 5.6.1 might allow remote attackers to execute arbitrary code by leveraging a third-party filter extension that accesses a certain ksep value.... Read more

    Affected Products : php
    • EPSS Score: %2.34
    • Published: Feb. 19, 2020
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2014-3607

    DefaultHostnameVerifier in Ldaptive (formerly vt-ldap) does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers ... Read more

    Affected Products : ldaptive vt-ldap
    • EPSS Score: %0.21
    • Published: Jan. 08, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2014-3603

    The (1) HttpResource and (2) FileBackedHttpResource implementations in Shibboleth Identity Provider (IdP) before 2.4.1 and OpenSAML Java 2.6.2 do not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName... Read more

    Affected Products : identity_provider opensaml_java
    • EPSS Score: %0.11
    • Published: Apr. 04, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2014-3599

    HornetQ REST is vulnerable to XML External Entity due to insecure configuration of RestEasy... Read more

    Affected Products : hornetq
    • EPSS Score: %0.38
    • Published: Nov. 12, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-3592

    OpenShift Origin: Improperly validated team names could allow stored XSS attacks... Read more

    Affected Products : openshift_origin
    • EPSS Score: %0.34
    • Published: Nov. 13, 2019
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2014-3591

    Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuatio... Read more

    Affected Products : debian_linux libgcrypt gnupg
    • EPSS Score: %0.14
    • Published: Nov. 29, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292512 Results