Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2014-7932

    Use-after-free vulnerability in the Element::detach function in core/dom/Element.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other ... Read more

    Affected Products : chrome
    • EPSS Score: %2.47
    • Published: Jan. 22, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-7931

    factory.cc in Google V8, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code that triggers improper maintenance of bac... Read more

    Affected Products : chrome
    • EPSS Score: %3.16
    • Published: Jan. 22, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-7930

    Use-after-free vulnerability in core/events/TreeScopeEventContext.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via craf... Read more

    Affected Products : chrome
    • EPSS Score: %2.47
    • Published: Jan. 22, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-7929

    Use-after-free vulnerability in the HTMLScriptElement::didMoveToNewDocument function in core/html/HTMLScriptElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service ... Read more

    Affected Products : chrome
    • EPSS Score: %2.47
    • Published: Jan. 22, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-7928

    hydrogen.cc in Google V8, as used Google Chrome before 40.0.2214.91, does not properly handle arrays with holes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScrip... Read more

    Affected Products : chrome
    • EPSS Score: %3.16
    • Published: Jan. 22, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-7927

    The SimplifiedLowering::DoLoadBuffer function in compiler/simplified-lowering.cc in Google V8, as used in Google Chrome before 40.0.2214.91, does not properly choose an integer data type, which allows remote attackers to cause a denial of service (memory ... Read more

    Affected Products : chrome
    • EPSS Score: %3.16
    • Published: Jan. 22, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-7926

    The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecifie... Read more

    • EPSS Score: %2.28
    • Published: Jan. 22, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-7925

    Use-after-free vulnerability in the WebAudio implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an audio-rendering ... Read more

    Affected Products : chrome
    • EPSS Score: %3.19
    • Published: Jan. 22, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-7924

    Use-after-free vulnerability in the IndexedDB implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering duplicate BLOB references, related to content/br... Read more

    Affected Products : chrome
    • EPSS Score: %3.00
    • Published: Jan. 22, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-7923

    The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecifie... Read more

    • EPSS Score: %2.28
    • Published: Jan. 22, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-1312

    The Dealer Portal in SAP ERP does not properly restrict access, which allows remote attackers to obtain sensitive information, gain privileges, and possibly have other unspecified impact via unknown vectors, aka SAP Note 2000401. NOTE: the provenance of ... Read more

    Affected Products : enterprise_resource_planning
    • EPSS Score: %0.46
    • Published: Jan. 22, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-1311

    The Extended Application Services (XS) in SAP HANA allows remote attackers to inject arbitrary ABAP code via unspecified vectors, aka SAP Note 2098906. NOTE: the provenance of this information is unknown; the details are obtained solely from third party ... Read more

    • EPSS Score: %1.70
    • Published: Jan. 22, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-1310

    SQL injection vulnerability in SAP Adaptive Server Enterprise (Sybase ASE) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Note 2113333. NOTE: the provenance of this information is unknown; the details are obtai... Read more

    • EPSS Score: %0.31
    • Published: Jan. 22, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-1309

    XML external entity vulnerability in the Extended Computer Aided Test Tool (eCATT) in SAP NetWeaver AS ABAP 7.31 and earlier allows remote attackers to access arbitrary files via a crafted XML request, related to ECATT_DISPLAY_XMLSTRING_REMOTE, aka SAP No... Read more

    Affected Products : netweaver_abap
    • EPSS Score: %0.66
    • Published: Jan. 22, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-1175

    Cross-site scripting (XSS) vulnerability in blocklayered-ajax.php in the blocklayered module in PrestaShop 1.6.0.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the layered_price_slider parameter.... Read more

    Affected Products : prestashop
    • EPSS Score: %0.26
    • Published: Jan. 22, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-1306

    The newsletter posting area in the web interface in Sympa 6.0.x before 6.0.10 and 6.1.x before 6.1.24 allows remote attackers to read arbitrary files via unspecified vectors.... Read more

    Affected Products : sympa
    • EPSS Score: %0.58
    • Published: Jan. 22, 2015
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2015-0925

    The client in iPass Open Mobile before 2.4.5 on Windows allows remote authenticated users to execute arbitrary code via a DLL pathname in a crafted Unicode string that is improperly handled by a subprocess reached through a named pipe, as demonstrated by ... Read more

    Affected Products : ipass_open_mobile
    • EPSS Score: %65.65
    • Published: Jan. 22, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-8008

    Absolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows remote authenticated users to read arbitrary files via a full pathname in an API command, aka Bug ID CSCur49414.... Read more

    Affected Products : unified_communications_manager
    • EPSS Score: %8.32
    • Published: Jan. 22, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-0437

    Unspecified vulnerability in Oracle Java SE 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.... Read more

    Affected Products : jdk jre suse_linux_enterprise_desktop
    • EPSS Score: %1.77
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-0436

    Unspecified vulnerability in the Oracle iLearning component in Oracle iLearning 6.0 and 6.1 allows remote attackers to affect confidentiality via unknown vectors related to Login.... Read more

    Affected Products : ilearning
    • EPSS Score: %0.41
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291014 Results