Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2014-2901

    wolfssl before 3.2.0 does not properly issue certificates for a server's hostname.... Read more

    Affected Products : wolfssl
    • Published: Nov. 21, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-2898

    wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact via multiple calls to the CyaSSL_read function which triggers an out-of-bounds read when an error occurs, related to not checking the return code and MAC verification failure.... Read more

    Affected Products : wolfssl
    • Published: Jan. 28, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-2897

    The SSL 3 HMAC functionality in wolfSSL CyaSSL 2.5.0 before 2.9.4 does not check the padding length when verification fails, which allows remote attackers to have unspecified impact via a crafted HMAC, which triggers an out-of-bounds read.... Read more

    Affected Products : wolfssl
    • Published: Jan. 28, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-2896

    The DoAlert function in the (1) TLS and (2) DTLS implementations in wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact and vectors, which trigger memory corruption or an out-of-bounds read.... Read more

    Affected Products : wolfssl
    • Published: Jan. 28, 2020
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2014-2885

    Multiple integer overflows in TrueCrypt 7.1a allow local users to (1) obtain sensitive information via vectors involving a crafted item->OriginalLength value in the MainThreadProc function in EncryptedIoQueue.c or (2) cause a denial of service (memory con... Read more

    Affected Products : truecrypt
    • Published: Mar. 19, 2018
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2014-2884

    The ProcessVolumeDeviceControlIrp function in Ntdriver.c in TrueCrypt 7.1a allows local users to bypass access restrictions and obtain sensitive information about arbitrary files via a (1) TC_IOCTL_OPEN_TEST or (2) TC_IOCTL_GET_SYSTEM_DRIVE_CONFIG IOCTL c... Read more

    Affected Products : truecrypt
    • Published: Mar. 19, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-2875

    The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated based on OS time, which allows remote attackers to hijack arbitrary sessions via a brute force attack. NOTE: CVE-2014-10399 and CVE-2014-10400 were SPLIT from th... Read more

    Affected Products : cgilua
    • Published: Feb. 06, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-2843

    Cross-site scripting (XSS) vulnerability in infoware MapSuite MapAPI 1.0.x before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : mapsuite
    • Published: Jan. 31, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-2727

    The STARTTLS implementation in MailMarshal before 7.2 allows plaintext command injection.... Read more

    Affected Products : mailmarshal
    • Published: Feb. 19, 2020
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2014-2723

    In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and ... Read more

    • Published: Mar. 19, 2020
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2014-2722

    In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and ... Read more

    • Published: Mar. 19, 2020
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2014-2721

    In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and ... Read more

    • Published: Mar. 19, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-2686

    Ansible prior to 1.5.4 mishandles the evaluation of some strings.... Read more

    Affected Products : ansible
    • Published: Jan. 09, 2020
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2014-2680

    The update process in Xmind 3.4.1 and earlier allow remote attackers to execute arbitrary code via a man-in-the-middle attack.... Read more

    Affected Products : xmind
    • Published: Jan. 21, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2014-2675

    Cross-site request forgery (CSRF) vulnerability in inc/AdminPage.php in the WP HTML Sitemap plugin 1.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete the sitemap via a request to the wp-html-s... Read more

    Affected Products : wp-html-sitemap
    • Published: Mar. 19, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-2674

    Directory traversal vulnerability in the Ajax Pagination (twitter Style) plugin 1.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the loop parameter in an ajax_navigation action to wp-admin/admin-ajax.php.... Read more

    Affected Products : ajax-pagination
    • Published: Mar. 19, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-2652

    SQL injection vulnerability in OpenScape Deployment Service (DLS) before 6.x and 7.x before R1.11.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.... Read more

    Affected Products : openscape_deployment_service
    • Published: Mar. 19, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-2651

    Unify OpenStage/OpenScape Desk Phone IP SIP before V3 R3.11.0 has an authentication bypass in the default mode of the Workpoint Interface... Read more

    • Published: Jan. 09, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-2650

    Unify OpenStage / OpenScape Desk Phone IP before V3 R3.11.0 SIP has an OS command injection vulnerability in the web based management interface... Read more

    • Published: Jan. 09, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-2595

    Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.... Read more

    Affected Products : web_application_firewall
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 293354 Results