Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    MEDIUM
    CVE-2014-4476

    WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application cras... Read more

    Affected Products : itunes iphone_os tvos safari
    • EPSS Score: %0.91
    • Published: Jan. 30, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-4467

    WebKit, as used in Apple iOS before 8.1.3, does not properly determine scrollbar boundaries during the rendering of FRAME elements, which allows remote attackers to spoof the UI via a crafted web site.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.20
    • Published: Jan. 30, 2015
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2015-1044

    vmware-authd (aka the Authorization process) in VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allows attackers to cause a host OS denial of service via unspecified vectors.... Read more

    Affected Products : player workstation esxi
    • EPSS Score: %0.28
    • Published: Jan. 29, 2015
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2015-1043

    The Host Guest File System (HGFS) in VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, and VMware Fusion 6.x before 6.0.5 and 7.x before 7.0.1 allows guest OS users to cause a guest OS denial of service via unspecified vectors.... Read more

    Affected Products : player workstation fusion
    • EPSS Score: %0.20
    • Published: Jan. 29, 2015
    • Modified: Apr. 12, 2025

  • 6.4

    MEDIUM
    CVE-2014-8370

    VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, VMware Fusion 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allow host OS users to gain host OS privileges or cause a denial of service (arbitrary write to a file) by modifying a c... Read more

    Affected Products : player workstation esxi fusion
    • EPSS Score: %1.04
    • Published: Jan. 29, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-1424

    Cross-site request forgery (CSRF) vulnerability in Gecko CMS 2.2 and 2.3 allows remote attackers to hijack the authentication of administrators for requests that add an administrator user via a newuser request to admin/index.php.... Read more

    Affected Products : gecko_cms
    • EPSS Score: %0.56
    • Published: Jan. 29, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-1423

    Multiple SQL injection vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote administrators to execute arbitrary SQL commands via the (1) jak_delete_log[] or (2) ssp parameter to admin/index.php.... Read more

    Affected Products : gecko_cms
    • EPSS Score: %0.88
    • Published: Jan. 29, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-1422

    Multiple cross-site scripting (XSS) vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) horder[], (2) jak_catid, (3) jak_content, (4) jak_css, (5) jak_delete_log[], (6) jak_email, (7) jak_extf... Read more

    Affected Products : gecko_cms
    • EPSS Score: %7.02
    • Published: Jan. 29, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-0236

    libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface.... Read more

    • EPSS Score: %0.42
    • Published: Jan. 29, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-8895

    IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote attackers to bypass intended access restrictions and read the image files of arbitrary users via a crafted URL.... Read more

    Affected Products : tririga_application_platform
    • EPSS Score: %0.21
    • Published: Jan. 29, 2015
    • Modified: Apr. 12, 2025

  • 4.9

    MEDIUM
    CVE-2014-8894

    Open redirect vulnerability in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the out parameter.... Read more

    Affected Products : tririga_application_platform
    • EPSS Score: %0.18
    • Published: Jan. 29, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-8893

    Multiple cross-site scripting (XSS) vulnerabilities in (1) mainpage.jsp and (2) GetImageServlet.img in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allow remote authenticated users to inject arbitrary web script... Read more

    Affected Products : tririga_application_platform
    • EPSS Score: %0.19
    • Published: Jan. 29, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-0586

    The Network-Based Application Recognition (NBAR) protocol implementation in Cisco IOS 15.3(100)M and earlier on Cisco 2900 Integrated Services Router (aka Cisco Internet Router) devices allows remote attackers to cause a denial of service (NBAR process ha... Read more

    Affected Products : ios 2900_integrated_service_router
    • EPSS Score: %1.09
    • Published: Jan. 28, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-0581

    The XML parser in Cisco Prime Service Catalog before 10.1 allows remote authenticated users to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, as de... Read more

    Affected Products : prime_service_catalog
    • EPSS Score: %0.48
    • Published: Jan. 28, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-0312

    Double free vulnerability in Adobe Flash Player before 13.0.0.264 and 14.x through 16.x before 16.0.0.296 on Windows and OS X and before 11.2.202.440 on Linux allows attackers to execute arbitrary code via unspecified vectors.... Read more

    • EPSS Score: %6.26
    • Published: Jan. 28, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2014-8920

    Buffer overflow in the Data Transfer Program in IBM i Access 5770-XE1 5R4, 6.1, and 7.1 on Windows allows local users to gain privileges via unspecified vectors.... Read more

    Affected Products : i_access
    • EPSS Score: %0.05
    • Published: Jan. 28, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-8917

    Multiple cross-site scripting (XSS) vulnerabilities in (1) dojox/form/resources/uploader.swf (aka upload.swf), (2) dojox/form/resources/fileuploader.swf (aka fileupload.swf), (3) dojox/av/resources/audio.swf, and (4) dojox/av/resources/video.swf in the IB... Read more

    • EPSS Score: %0.45
    • Published: Jan. 28, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-0235

    Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 functio... Read more

    • EPSS Score: %85.84
    • Published: Jan. 28, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-1419

    Unspecified vulnerability in vsftpd 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing.... Read more

    Affected Products : opensuse vsftpd vsftpd
    • EPSS Score: %35.29
    • Published: Jan. 28, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-1376

    pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate hostnames, which allows remote authenticated users to write to arbitrary files via an upload URL with a host other than pixabay.com.... Read more

    Affected Products : pixabay_images
    • EPSS Score: %70.51
    • Published: Jan. 28, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291002 Results