Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2010-1443

    The parse_track_node function in modules/demux/playlist/xspf.c in the XSPF playlist parser in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty locatio... Read more

    Affected Products : vlc_media_player
    • Published: Dec. 26, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2010-1442

    VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) AVI, (2) ASF, or (3) Matroska (aka MKV) demux... Read more

    Affected Products : vlc_media_player
    • Published: Dec. 26, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2010-1441

    Multiple heap-based buffer overflows in VideoLAN VLC media player before 1.0.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) A/52, (2) DTS, or (3) MPEG Audio... Read more

    Affected Products : vlc_media_player
    • Published: Dec. 26, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2011-3592

    Multiple cross-site scripting (XSS) vulnerabilities in the PMA_unInlineEditRow function in js/sql.js in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a (1) database name, (2) table name, or (3) c... Read more

    Affected Products : phpmyadmin
    • Published: Dec. 26, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2011-3591

    Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted row that triggers an improperly constructed confirmation message after inline-editin... Read more

    Affected Products : phpmyadmin
    • Published: Dec. 26, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2011-1798

    rendering/svg/RenderSVGText.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 does not properly perform a cast of an unspecified variable during an attempt to handle a block child, which allows remote attackers to cause a denial of service (app... Read more

    Affected Products : chrome
    • Published: Dec. 26, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2011-1796

    Use-after-free vulnerability in the FrameView::calculateScrollbarModesForLayout function in page/FrameView.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly ha... Read more

    Affected Products : chrome
    • Published: Dec. 26, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2011-1795

    Integer underflow in the HTMLFormElement::removeFormElement function in html/HTMLFormElement.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified... Read more

    Affected Products : chrome
    • Published: Dec. 26, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2011-1794

    Integer overflow in the FilterEffect::copyImageBytes function in platform/graphics/filters/FilterEffect.cpp in the SVG filter implementation in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (app... Read more

    Affected Products : chrome
    • Published: Dec. 26, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2011-1793

    rendering/svg/RenderSVGResourceFilter.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted SVG document that leads to ... Read more

    Affected Products : chrome
    • Published: Dec. 26, 2014
    • Modified: Apr. 12, 2025

  • 4.9

    MEDIUM
    CVE-2014-9420

    The rock_continue function in fs/isofs/rock.c in the Linux kernel through 3.18.1 does not restrict the number of Rock Ridge continuation entries, which allows local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted... Read more

    Affected Products : linux_kernel
    • Published: Dec. 26, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-9419

    The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR... Read more

    Affected Products : linux_kernel
    • Published: Dec. 26, 2014
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2014-7300

    GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by... Read more

    • Published: Dec. 25, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-2217

    Absolute path traversal vulnerability in the RadAsyncUpload control in the RadControls in Telerik UI for ASP.NET AJAX before Q3 2012 SP2 allows remote attackers to write to arbitrary files, and consequently execute arbitrary code, via a full pathname in t... Read more

    • Published: Dec. 25, 2014
    • Modified: Jun. 30, 2025

  • 5.0

    MEDIUM
    CVE-2014-1449

    The Maxthon Cloud Browser application before 4.1.6.2000 for Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses the history API.... Read more

    Affected Products : maxthon_cloud_browser
    • Published: Dec. 25, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2014-7193

    The Crumb plugin before 3.0.0 for Node.js does not properly restrict token access in situations where a hapi route handler has CORS enabled, which allows remote attackers to obtain sensitive information, and potentially obtain the ability to spoof request... Read more

    Affected Products : hapi_crumb crumb
    • Published: Dec. 25, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-3971

    The CmdAuthenticate::_authenticateX509 function in db/commands/authentication_commands.cpp in mongod in MongoDB 2.6.x before 2.6.2 allows remote attackers to cause a denial of service (daemon crash) by attempting authentication with an invalid X.509 clien... Read more

    Affected Products : mongodb
    • Published: Dec. 25, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-9418

    The eSpace Meeting ActiveX control (eSpaceStatusCtrl.dll) in Huawei eSpace Desktop before V200R001C03 allows local users to cause a denial of service (memory overflow) via unspecified vectors.... Read more

    Affected Products : espace_desktop
    • Published: Dec. 24, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-9417

    The Meeting component in Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted image.... Read more

    Affected Products : espace_desktop
    • Published: Dec. 24, 2014
    • Modified: Apr. 12, 2025

  • 4.4

    MEDIUM
    CVE-2014-9416

    Multiple untrusted search path vulnerabilities in Huawei eSpace Desktop before V200R003C00 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc71enu.dll, (2) mfc71loc.dll, (3) tcapi.dll, or (4) airpcap.d... Read more

    Affected Products : espace_desktop
    • Published: Dec. 24, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293620 Results