Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2014-2217

    Absolute path traversal vulnerability in the RadAsyncUpload control in the RadControls in Telerik UI for ASP.NET AJAX before Q3 2012 SP2 allows remote attackers to write to arbitrary files, and consequently execute arbitrary code, via a full pathname in t... Read more

    • Published: Dec. 25, 2014
    • Modified: Jun. 30, 2025

  • 5.0

    MEDIUM
    CVE-2014-1449

    The Maxthon Cloud Browser application before 4.1.6.2000 for Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses the history API.... Read more

    Affected Products : maxthon_cloud_browser
    • Published: Dec. 25, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2014-7193

    The Crumb plugin before 3.0.0 for Node.js does not properly restrict token access in situations where a hapi route handler has CORS enabled, which allows remote attackers to obtain sensitive information, and potentially obtain the ability to spoof request... Read more

    Affected Products : hapi_crumb crumb
    • Published: Dec. 25, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-3971

    The CmdAuthenticate::_authenticateX509 function in db/commands/authentication_commands.cpp in mongod in MongoDB 2.6.x before 2.6.2 allows remote attackers to cause a denial of service (daemon crash) by attempting authentication with an invalid X.509 clien... Read more

    Affected Products : mongodb
    • Published: Dec. 25, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-9418

    The eSpace Meeting ActiveX control (eSpaceStatusCtrl.dll) in Huawei eSpace Desktop before V200R001C03 allows local users to cause a denial of service (memory overflow) via unspecified vectors.... Read more

    Affected Products : espace_desktop
    • Published: Dec. 24, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-9417

    The Meeting component in Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted image.... Read more

    Affected Products : espace_desktop
    • Published: Dec. 24, 2014
    • Modified: Apr. 12, 2025

  • 4.4

    MEDIUM
    CVE-2014-9416

    Multiple untrusted search path vulnerabilities in Huawei eSpace Desktop before V200R003C00 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc71enu.dll, (2) mfc71loc.dll, (3) tcapi.dll, or (4) airpcap.d... Read more

    Affected Products : espace_desktop
    • Published: Dec. 24, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2014-9415

    Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted QES file.... Read more

    Affected Products : espace_desktop
    • Published: Dec. 24, 2014
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-9414

    The W3 Total Cache plugin before 0.9.4.1 for WordPress does not properly handle empty nonces, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and hijack the authentication of administrators for requests that change the m... Read more

    Affected Products : w3_total_cache total_cache
    • Published: Dec. 24, 2014
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-9413

    Multiple cross-site request forgery (CSRF) vulnerabilities in the IP Ban (simple-ip-ban) plugin 1.2.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the ... Read more

    Affected Products : ip_ban
    • Published: Dec. 24, 2014
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-9334

    Multiple cross-site request forgery (CSRF) vulnerabilities in the Bird Feeder plugin 1.2.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) user or... Read more

    Affected Products : bird_feeder
    • Published: Dec. 24, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-9223

    Multiple buffer overflows in AllegroSoft RomPager, as used in Huawei Home Gateway products and other vendors and products, allow remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors related to authorizat... Read more

    Affected Products : rompager
    • Published: Dec. 24, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-9222

    AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows remote attackers to gain privileges via a crafted cookie that triggers memory corruption, aka the "Misfortune Cookie" vulnerability.... Read more

    Affected Products : rompager
    • Published: Dec. 24, 2014
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2014-8810

    SQL injection vulnerability in ajax/mail_functions.php in the WP Symposium plugin before 14.11 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tray parameter in a getMailMessage action.... Read more

    Affected Products : wp_symposium wp_symposium
    • Published: Dec. 24, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-8809

    Multiple cross-site scripting (XSS) vulnerabilities in the WP Symposium plugin before 14.11 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter in an addComment action to ajax/profile_functions.php, (2) c... Read more

    Affected Products : wp_symposium wp_symposium
    • Published: Dec. 24, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-8138

    Heap-based buffer overflow in the jp2_decode function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 file.... Read more

    Affected Products : enterprise_linux jasper
    • Published: Dec. 24, 2014
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-8137

    Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file.... Read more

    Affected Products : enterprise_linux jasper
    • Published: Dec. 24, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2004-2771

    The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address.... Read more

    Affected Products : enterprise_linux linux bsd_mailx mailx
    • Published: Dec. 24, 2014
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2014-4322

    drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain offset, length, and base values within an ioctl call, w... Read more

    Affected Products : linux_kernel
    • Published: Dec. 24, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-6188

    Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x before 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x before 7.5.0.3, and 8.0.x before 8.0.0.2 allow remote authenticated users to inject arbitrary we... Read more

    • Published: Dec. 24, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293647 Results