Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    MEDIUM
    CVE-2014-7936

    Use-after-free vulnerability in the ZoomBubbleView::Close function in browser/ui/views/location_bar/zoom_bubble_view.cc in the Views implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service or possibly have ... Read more

    Affected Products : chrome
    • EPSS Score: %2.33
    • Published: Jan. 22, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-7935

    Use-after-free vulnerability in browser/speech/tts_message_filter.cc in the Speech implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving utt... Read more

    Affected Products : chrome
    • EPSS Score: %2.13
    • Published: Jan. 22, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-7934

    Use-after-free vulnerability in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to unexpected absence of docu... Read more

    Affected Products : chrome
    • EPSS Score: %2.91
    • Published: Jan. 22, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-7933

    Use-after-free vulnerability in the matroska_read_seek function in libavformat/matroskadec.c in FFmpeg before 2.5.1, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impa... Read more

    Affected Products : chrome ffmpeg
    • EPSS Score: %5.94
    • Published: Jan. 22, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-7932

    Use-after-free vulnerability in the Element::detach function in core/dom/Element.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other ... Read more

    Affected Products : chrome
    • EPSS Score: %2.47
    • Published: Jan. 22, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-7931

    factory.cc in Google V8, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code that triggers improper maintenance of bac... Read more

    Affected Products : chrome
    • EPSS Score: %3.16
    • Published: Jan. 22, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-7930

    Use-after-free vulnerability in core/events/TreeScopeEventContext.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via craf... Read more

    Affected Products : chrome
    • EPSS Score: %2.47
    • Published: Jan. 22, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-7929

    Use-after-free vulnerability in the HTMLScriptElement::didMoveToNewDocument function in core/html/HTMLScriptElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service ... Read more

    Affected Products : chrome
    • EPSS Score: %2.47
    • Published: Jan. 22, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-7928

    hydrogen.cc in Google V8, as used Google Chrome before 40.0.2214.91, does not properly handle arrays with holes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScrip... Read more

    Affected Products : chrome
    • EPSS Score: %3.16
    • Published: Jan. 22, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-7927

    The SimplifiedLowering::DoLoadBuffer function in compiler/simplified-lowering.cc in Google V8, as used in Google Chrome before 40.0.2214.91, does not properly choose an integer data type, which allows remote attackers to cause a denial of service (memory ... Read more

    Affected Products : chrome
    • EPSS Score: %3.16
    • Published: Jan. 22, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-7926

    The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecifie... Read more

    • EPSS Score: %2.28
    • Published: Jan. 22, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-7925

    Use-after-free vulnerability in the WebAudio implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an audio-rendering ... Read more

    Affected Products : chrome
    • EPSS Score: %3.19
    • Published: Jan. 22, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-7924

    Use-after-free vulnerability in the IndexedDB implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering duplicate BLOB references, related to content/br... Read more

    Affected Products : chrome
    • EPSS Score: %3.00
    • Published: Jan. 22, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-7923

    The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecifie... Read more

    • EPSS Score: %2.28
    • Published: Jan. 22, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-1312

    The Dealer Portal in SAP ERP does not properly restrict access, which allows remote attackers to obtain sensitive information, gain privileges, and possibly have other unspecified impact via unknown vectors, aka SAP Note 2000401. NOTE: the provenance of ... Read more

    Affected Products : enterprise_resource_planning
    • EPSS Score: %0.46
    • Published: Jan. 22, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-1311

    The Extended Application Services (XS) in SAP HANA allows remote attackers to inject arbitrary ABAP code via unspecified vectors, aka SAP Note 2098906. NOTE: the provenance of this information is unknown; the details are obtained solely from third party ... Read more

    • EPSS Score: %1.70
    • Published: Jan. 22, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-1310

    SQL injection vulnerability in SAP Adaptive Server Enterprise (Sybase ASE) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Note 2113333. NOTE: the provenance of this information is unknown; the details are obtai... Read more

    • EPSS Score: %0.31
    • Published: Jan. 22, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-1309

    XML external entity vulnerability in the Extended Computer Aided Test Tool (eCATT) in SAP NetWeaver AS ABAP 7.31 and earlier allows remote attackers to access arbitrary files via a crafted XML request, related to ECATT_DISPLAY_XMLSTRING_REMOTE, aka SAP No... Read more

    Affected Products : netweaver_abap
    • EPSS Score: %0.66
    • Published: Jan. 22, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-1175

    Cross-site scripting (XSS) vulnerability in blocklayered-ajax.php in the blocklayered module in PrestaShop 1.6.0.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the layered_price_slider parameter.... Read more

    Affected Products : prestashop
    • EPSS Score: %0.26
    • Published: Jan. 22, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-1306

    The newsletter posting area in the web interface in Sympa 6.0.x before 6.0.10 and 6.1.x before 6.1.24 allows remote attackers to read arbitrary files via unspecified vectors.... Read more

    Affected Products : sympa
    • EPSS Score: %0.58
    • Published: Jan. 22, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291058 Results