Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    MEDIUM
    CVE-2015-0232

    The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via cr... Read more

    Affected Products : php
    • EPSS Score: %54.80
    • Published: Jan. 27, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-0231

    Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that le... Read more

    Affected Products : php
    • EPSS Score: %86.24
    • Published: Jan. 27, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-9650

    CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions.... Read more

    Affected Products : rabbitmq rabbitmq_server
    • EPSS Score: %0.47
    • Published: Jan. 27, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-9649

    Cross-site scripting (XSS) vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the path info to api/, which is not properly handled in an error message.... Read more

    Affected Products : rabbitmq rabbitmq_server
    • EPSS Score: %0.32
    • Published: Jan. 27, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-9648

    components/navigation_interception/intercept_navigation_resource_throttle.cc in Google Chrome before 40.0.2214.91 on Android does not properly restrict use of intent: URLs to open an application after navigation to a web site, which allows remote attacker... Read more

    Affected Products : chrome
    • EPSS Score: %0.58
    • Published: Jan. 27, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-9647

    Use-after-free vulnerability in PDFium, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/src/fpdfview.cpp and fpdfsd... Read more

    Affected Products : chrome
    • EPSS Score: %0.83
    • Published: Jan. 27, 2015
    • Modified: Apr. 12, 2025

  • 4.6

    MEDIUM
    CVE-2014-9646

    Unquoted Windows search path vulnerability in the GoogleChromeDistribution::DoPostUninstallOperations function in installer/util/google_chrome_distribution.cc in the uninstall-survey feature in Google Chrome before 40.0.2214.91 allows local users to gain ... Read more

    Affected Products : chrome
    • EPSS Score: %0.03
    • Published: Jan. 27, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-9198

    The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an FTP session.... Read more

    • EPSS Score: %0.68
    • Published: Jan. 27, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2014-9197

    The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct r... Read more

    • EPSS Score: %0.29
    • Published: Jan. 27, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-1308

    kde-workspace 4.2.0 and plasma-workspace before 5.1.95 allows remote attackers to obtain input events, and consequently obtain passwords, by leveraging access to the X server when the screen is locked.... Read more

    Affected Products : plasma-workspace kde-workspace
    • EPSS Score: %0.42
    • Published: Jan. 26, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-1307

    plasma-workspace before 5.1.95 allows remote attackers to obtain passwords via a Trojan horse Look and Feel package.... Read more

    Affected Products : plasma-workspace
    • EPSS Score: %0.26
    • Published: Jan. 26, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-1179

    Multiple cross-site scripting (XSS) vulnerabilities in data_point_details.shtm in Mango Automation 2.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dpid, (2) dpxid, or (3) pid parameter.... Read more

    Affected Products : scada-lts mango_automation
    • EPSS Score: %0.33
    • Published: Jan. 26, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-1178

    Multiple cross-site scripting (XSS) vulnerabilities in cart.php in X-Cart 5.1.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) product_id or (2) category_id parameter.... Read more

    Affected Products : x-cart
    • EPSS Score: %0.25
    • Published: Jan. 26, 2015
    • Modified: Apr. 12, 2025

  • 6.0

    MEDIUM
    CVE-2014-9573

    SQL injection vulnerability in manage_user_page.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote administrators with FILE privileges to execute arbitrary SQL commands via the MANTIS_MANAGE_USERS_COOKIE cookie.... Read more

    Affected Products : mantisbt
    • EPSS Score: %0.40
    • Published: Jan. 26, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-9572

    MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 does not properly restrict access to /*/install.php, which allows remote attackers to obtain database credentials via the install parameter with the value 4.... Read more

    Affected Products : mantisbt
    • EPSS Score: %0.92
    • Published: Jan. 26, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-9571

    Cross-site scripting (XSS) vulnerability in admin/install.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote attackers to inject arbitrary web script or HTML via the (1) admin_username or (2) admin_password parameter.... Read more

    Affected Products : mantisbt
    • EPSS Score: %0.44
    • Published: Jan. 26, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-8158

    Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image.... Read more

    • EPSS Score: %5.90
    • Published: Jan. 26, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-8157

    Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow.... Read more

    • EPSS Score: %5.90
    • Published: Jan. 26, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2014-8148

    The default D-Bus access control rule in Midgard2 10.05.7.1 allows local users to send arbitrary method calls or signals to any process on the system bus and possibly execute arbitrary code with root privileges.... Read more

    Affected Products : opensuse midgard2
    • EPSS Score: %0.07
    • Published: Jan. 26, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-0311

    Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the... Read more

    • Actively Exploited
    • EPSS Score: %92.74
    • Published: Jan. 23, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291002 Results