Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2013-4754

    Multiple cross-site scripting (XSS) vulnerabilities in Owl Intranet Knowledgebase 1.10 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Search field to browse.php or (2) the Title field to prefs.php.... Read more

    Affected Products : intranet_knowledgebase
    • Published: Dec. 26, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-4753

    Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.11.9 and earlier allow remote authenticated users to inject arbitrary web script or HTML via (1) the Search field in an inbox action to messaging/messagebox.php, (2) the "First name" field... Read more

    Affected Products : claroline
    • Published: Dec. 26, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2011-3623

    Multiple stack-based buffer overflows in VideoLAN VLC media player before 1.0.2 allow remote attackers to execute arbitrary code via (1) a crafted ASF file, related to the ASF_ObjectDumpDebug function in modules/demux/asf/libasf.c; (2) a crafted AVI file,... Read more

    Affected Products : vlc_media_player
    • Published: Dec. 26, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2010-2062

    Integer underflow in the real_get_rdt_chunk function in real.c, as used in modules/access/rtsp/real.c in VideoLAN VLC media player before 1.0.1 and stream/realrtsp/real.c in MPlayer before r29447, allows remote attackers to execute arbitrary code via a cr... Read more

    Affected Products : vlc_media_player
    • Published: Dec. 26, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2010-1445

    Heap-based buffer overflow in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted byte stream in an RTMP session.... Read more

    Affected Products : vlc_media_player
    • Published: Dec. 26, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2010-1444

    The ZIP archive decompressor in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted archive.... Read more

    Affected Products : vlc_media_player
    • Published: Dec. 26, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2010-1443

    The parse_track_node function in modules/demux/playlist/xspf.c in the XSPF playlist parser in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty locatio... Read more

    Affected Products : vlc_media_player
    • Published: Dec. 26, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2010-1442

    VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) AVI, (2) ASF, or (3) Matroska (aka MKV) demux... Read more

    Affected Products : vlc_media_player
    • Published: Dec. 26, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2010-1441

    Multiple heap-based buffer overflows in VideoLAN VLC media player before 1.0.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) A/52, (2) DTS, or (3) MPEG Audio... Read more

    Affected Products : vlc_media_player
    • Published: Dec. 26, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2011-3592

    Multiple cross-site scripting (XSS) vulnerabilities in the PMA_unInlineEditRow function in js/sql.js in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a (1) database name, (2) table name, or (3) c... Read more

    Affected Products : phpmyadmin
    • Published: Dec. 26, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2011-3591

    Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted row that triggers an improperly constructed confirmation message after inline-editin... Read more

    Affected Products : phpmyadmin
    • Published: Dec. 26, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2011-1798

    rendering/svg/RenderSVGText.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 does not properly perform a cast of an unspecified variable during an attempt to handle a block child, which allows remote attackers to cause a denial of service (app... Read more

    Affected Products : chrome
    • Published: Dec. 26, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2011-1796

    Use-after-free vulnerability in the FrameView::calculateScrollbarModesForLayout function in page/FrameView.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly ha... Read more

    Affected Products : chrome
    • Published: Dec. 26, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2011-1795

    Integer underflow in the HTMLFormElement::removeFormElement function in html/HTMLFormElement.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified... Read more

    Affected Products : chrome
    • Published: Dec. 26, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2011-1794

    Integer overflow in the FilterEffect::copyImageBytes function in platform/graphics/filters/FilterEffect.cpp in the SVG filter implementation in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (app... Read more

    Affected Products : chrome
    • Published: Dec. 26, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2011-1793

    rendering/svg/RenderSVGResourceFilter.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted SVG document that leads to ... Read more

    Affected Products : chrome
    • Published: Dec. 26, 2014
    • Modified: Apr. 12, 2025

  • 4.9

    MEDIUM
    CVE-2014-9420

    The rock_continue function in fs/isofs/rock.c in the Linux kernel through 3.18.1 does not restrict the number of Rock Ridge continuation entries, which allows local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted... Read more

    Affected Products : linux_kernel
    • Published: Dec. 26, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-9419

    The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR... Read more

    Affected Products : linux_kernel
    • Published: Dec. 26, 2014
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2014-7300

    GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by... Read more

    • Published: Dec. 25, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-2217

    Absolute path traversal vulnerability in the RadAsyncUpload control in the RadControls in Telerik UI for ASP.NET AJAX before Q3 2012 SP2 allows remote attackers to write to arbitrary files, and consequently execute arbitrary code, via a full pathname in t... Read more

    • Published: Dec. 25, 2014
    • Modified: Jun. 30, 2025
Showing 20 of 293666 Results