Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2015-0973

    Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495.... Read more

    Affected Products : libpng mac_os_x solaris
    • EPSS Score: %2.01
    • Published: Jan. 18, 2015
    • Modified: Jun. 09, 2025

  • 3.5

    LOW
    CVE-2015-0862

    Multiple cross-site scripting (XSS) vulnerabilities in the management web UI in the RabbitMQ management plugin before 3.4.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) message details when a message is unqueued, such as... Read more

    Affected Products : rabbitmq_management
    • EPSS Score: %0.18
    • Published: Jan. 18, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2013-7252

    kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack.... Read more

    Affected Products : kde_applications
    • EPSS Score: %0.54
    • Published: Jan. 18, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-0924

    Ceragon FibeAir IP-10 bridges have a default password for the root account, which makes it easier for remote attackers to obtain access via a (1) HTTP, (2) SSH, (3) TELNET, or (4) CLI session.... Read more

    • EPSS Score: %0.48
    • Published: Jan. 17, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-0590

    Cisco WebEx Meeting Center allows remote attackers to activate disabled meeting attributes, and consequently obtain sensitive information, by providing crafted parameters during a meeting-join action, aka Bug ID CSCuo34165.... Read more

    Affected Products : webex_meeting_center
    • EPSS Score: %0.26
    • Published: Jan. 17, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-6197

    IBM Security Network Protection 5.1.x and 5.2.x before 5.2.0.0 FP5 and 5.3.x before 5.3.0.0 FP1 allows remote attackers to conduct clickjacking attacks via unspecified vectors.... Read more

    • EPSS Score: %0.22
    • Published: Jan. 17, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-4835

    IBM ServerGuide before 9.63, UpdateXpress System Packs Installer (UXSPI) before 9.63, and ToolsCenter Suite before 9.63 place credentials in logs, which allows local users to obtain sensitive information by reading a file.... Read more

    • EPSS Score: %0.05
    • Published: Jan. 17, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-3032

    Cross-site scripting (XSS) vulnerability in the Web GUI in IBM Tivoli Netcool/OMNIbus 7.3.0 before 7.3.0.6, 7.3.1 before 7.3.1.7, and 7.4.0 before 7.4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.... Read more

    • EPSS Score: %0.17
    • Published: Jan. 17, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-3019

    IBM BladeCenter SAS Connectivity Module (aka NSSM) and SAS RAID Module (aka RSSM) before 1.3.3.006 allow remote attackers to obtain blade and storage-pool access via a TELNET session.... Read more

    • EPSS Score: %0.22
    • Published: Jan. 17, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2014-3018

    IBM BladeCenter SAS Connectivity Module (aka NSSM) and SAS RAID Module (aka RSSM) before 1.3.3.006 allow remote attackers to cause a denial of service (reboot) via a flood of IP packets.... Read more

    • EPSS Score: %0.72
    • Published: Jan. 17, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-9199

    The Clorius Controls Java web client before 01.00.0009g allows remote attackers to discover credentials by sniffing the network for cleartext-equivalent traffic.... Read more

    Affected Products : java_web_client
    • EPSS Score: %0.47
    • Published: Jan. 17, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-9195

    Phoenix Contact ProConOs and MultiProg do not require authentication, which allows remote attackers to execute arbitrary commands via protocol-compliant traffic.... Read more

    Affected Products : proconos_eclr multiprog
    • EPSS Score: %75.06
    • Published: Jan. 17, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2014-9194

    Arbiter 1094B GPS Substation Clock allows remote attackers to cause a denial of service (disruption) via crafted radio transmissions that spoof GPS satellite broadcasts.... Read more

    Affected Products : 1094b_gps_substation_clock
    • EPSS Score: %0.15
    • Published: Jan. 17, 2015
    • Modified: Jul. 29, 2025

  • 8.5

    HIGH
    CVE-2014-8143

    Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allows remote authenticated users to set the LDB userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequently ga... Read more

    Affected Products : samba
    • EPSS Score: %4.90
    • Published: Jan. 17, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-5419

    GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier use the same RSA private key across different customers' installations, which makes it... Read more

    • EPSS Score: %0.53
    • Published: Jan. 17, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2014-5418

    GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier allow remote attackers to cause a denial of service (resource consumption or reboot) v... Read more

    • EPSS Score: %0.34
    • Published: Jan. 17, 2015
    • Modified: Apr. 12, 2025

  • 6.9

    MEDIUM
    CVE-2014-2355

    The (1) CimView and (2) CimEdit components in GE Proficy HMI/SCADA-CIMPLICITY 8.2 and earlier allow remote attackers to gain privileges via a crafted CIMPLICITY screen (aka .CIM) file.... Read more

    • EPSS Score: %0.13
    • Published: Jan. 17, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-9604

    libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Ut Video data, ... Read more

    Affected Products : ubuntu_linux ffmpeg
    • EPSS Score: %0.52
    • Published: Jan. 16, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-9603

    The vmd_decode function in libavcodec/vmdvideo.c in FFmpeg before 2.5.2 does not validate the relationship between a certain length value and the frame width, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possi... Read more

    Affected Products : ffmpeg
    • EPSS Score: %0.91
    • Published: Jan. 16, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-9602

    libavcodec/xface.h in FFmpeg before 2.5.2 establishes certain digits and words array dimensions that do not satisfy a required mathematical relationship, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly h... Read more

    Affected Products : ffmpeg
    • EPSS Score: %0.46
    • Published: Jan. 16, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291623 Results