Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2014-8514

    Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-9188. NOTE: this may be ... Read more

    Affected Products : proclima
    • Published: Dec. 27, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-8513

    Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8514 and CVE-2014-9188. NOTE: this may be ... Read more

    Affected Products : proclima
    • Published: Dec. 27, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-8512

    Buffer overflow in an ActiveX control in Atx45.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8511. NOTE: this may be clarified later base... Read more

    Affected Products : proclima
    • Published: Dec. 27, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-8511

    Buffer overflow in an ActiveX control in Atx45.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8512. NOTE: this may be clarified later base... Read more

    Affected Products : proclima proclima
    • Published: Dec. 27, 2014
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2014-0748

    apinit on Cray devices with CLE before 4.2.UP02 and 5.x before 5.1.UP00 does not use alpsauth data to validate the UID in a launch message, which allows local users to gain privileges via a modified aprun program, aka ID FN5912.... Read more

    Affected Products : cray_linux_environment
    • Published: Dec. 27, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-4769

    The cloud controller (aka CLC) component in Eucalyptus 3.3.x and 3.4.x before 3.4.2, when the dns.recursive.enabled setting is used, allows remote attackers to cause a denial of service (traffic amplification) via spoofed DNS queries.... Read more

    Affected Products : eucalyptus
    • Published: Dec. 26, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-4754

    Multiple cross-site scripting (XSS) vulnerabilities in Owl Intranet Knowledgebase 1.10 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Search field to browse.php or (2) the Title field to prefs.php.... Read more

    Affected Products : intranet_knowledgebase
    • Published: Dec. 26, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-4753

    Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.11.9 and earlier allow remote authenticated users to inject arbitrary web script or HTML via (1) the Search field in an inbox action to messaging/messagebox.php, (2) the "First name" field... Read more

    Affected Products : claroline
    • Published: Dec. 26, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2011-3623

    Multiple stack-based buffer overflows in VideoLAN VLC media player before 1.0.2 allow remote attackers to execute arbitrary code via (1) a crafted ASF file, related to the ASF_ObjectDumpDebug function in modules/demux/asf/libasf.c; (2) a crafted AVI file,... Read more

    Affected Products : vlc_media_player
    • Published: Dec. 26, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2010-2062

    Integer underflow in the real_get_rdt_chunk function in real.c, as used in modules/access/rtsp/real.c in VideoLAN VLC media player before 1.0.1 and stream/realrtsp/real.c in MPlayer before r29447, allows remote attackers to execute arbitrary code via a cr... Read more

    Affected Products : vlc_media_player
    • Published: Dec. 26, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2010-1445

    Heap-based buffer overflow in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted byte stream in an RTMP session.... Read more

    Affected Products : vlc_media_player
    • Published: Dec. 26, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2010-1444

    The ZIP archive decompressor in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted archive.... Read more

    Affected Products : vlc_media_player
    • Published: Dec. 26, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2010-1443

    The parse_track_node function in modules/demux/playlist/xspf.c in the XSPF playlist parser in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty locatio... Read more

    Affected Products : vlc_media_player
    • Published: Dec. 26, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2010-1442

    VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) AVI, (2) ASF, or (3) Matroska (aka MKV) demux... Read more

    Affected Products : vlc_media_player
    • Published: Dec. 26, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2010-1441

    Multiple heap-based buffer overflows in VideoLAN VLC media player before 1.0.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) A/52, (2) DTS, or (3) MPEG Audio... Read more

    Affected Products : vlc_media_player
    • Published: Dec. 26, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2011-3592

    Multiple cross-site scripting (XSS) vulnerabilities in the PMA_unInlineEditRow function in js/sql.js in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a (1) database name, (2) table name, or (3) c... Read more

    Affected Products : phpmyadmin
    • Published: Dec. 26, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2011-3591

    Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted row that triggers an improperly constructed confirmation message after inline-editin... Read more

    Affected Products : phpmyadmin
    • Published: Dec. 26, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2011-1798

    rendering/svg/RenderSVGText.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 does not properly perform a cast of an unspecified variable during an attempt to handle a block child, which allows remote attackers to cause a denial of service (app... Read more

    Affected Products : chrome
    • Published: Dec. 26, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2011-1796

    Use-after-free vulnerability in the FrameView::calculateScrollbarModesForLayout function in page/FrameView.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly ha... Read more

    Affected Products : chrome
    • Published: Dec. 26, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2011-1795

    Integer underflow in the HTMLFormElement::removeFormElement function in html/HTMLFormElement.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified... Read more

    Affected Products : chrome
    • Published: Dec. 26, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293612 Results