Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2014-5212

    Cross-site scripting (XSS) vulnerability in nds/search/data in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote attackers to inject arbitrary web script or HTML via the rdn parameter.... Read more

    Affected Products : edirectory
    • Published: Dec. 19, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-9408

    Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.5-FINAL, and Activator 3 uses part of the MAC address as part of the RC4 setup key, which makes it easier for remote attackers to guess the key via a brute... Read more

    • Published: Dec. 19, 2014
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-9407

    Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver before 3.0.5 allow remote attackers to hijack the authentication of administrators for requests that (1) delete data via a request to agency-delete.php, (2) tracker-delete.php, ... Read more

    Affected Products : revive_adserver
    • Published: Dec. 19, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-9403

    The CWebAdminMod::ChanPage function in modules/webadmin.cpp in ZNC before 1.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) by adding a channel with the same name as an existing channel but without the... Read more

    Affected Products : znc
    • Published: Dec. 19, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-9381

    Integer signedness error in the dissector_cvs function in dissectors/ec_cvs.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service (crash) via a crafted password, which triggers a large memory allocation.... Read more

    Affected Products : ettercap ettercap
    • Published: Dec. 19, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-9380

    The dissector_cvs function in dissectors/ec_cvs.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a packet containing only a CVS_LOGIN signature.... Read more

    Affected Products : ettercap ettercap
    • Published: Dec. 19, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-9379

    The radius_get_attribute function in dissectors/ec_radius.c in Ettercap 0.8.1 performs an incorrect cast, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which triggers a stack... Read more

    Affected Products : ettercap ettercap
    • Published: Dec. 19, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-9378

    Ettercap 0.8.1 does not validate certain return values, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted (1) name to the parse_line function in mdns_spoof/mdns_spoof.c or (2) base64 encode... Read more

    Affected Products : ettercap ettercap
    • Published: Dec. 19, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-9377

    Heap-based buffer overflow in the nbns_spoof function in plug-ins/nbns_spoof/nbns_spoof.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a large netbios packet.... Read more

    Affected Products : ettercap ettercap
    • Published: Dec. 19, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-9376

    Integer underflow in Ettercap 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds write) and possibly execute arbitrary code via a small (1) size variable value in the dissector_dhcp function in dissectors/ec_dhcp.c, (2) length value... Read more

    Affected Products : ettercap ettercap
    • Published: Dec. 19, 2014
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-9368

    Cross-site request forgery (CSRF) vulnerability in the twitterDash plugin 2.1 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the username_tw... Read more

    Affected Products : twitterdash
    • Published: Dec. 19, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-9355

    Puppet Enterprise before 3.7.1 allows remote authenticated users to obtain licensing and certificate signing request information by leveraging access to an unspecified API endpoint.... Read more

    Affected Products : puppet_enterprise
    • Published: Dec. 19, 2014
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-9341

    Multiple cross-site request forgery (CSRF) vulnerabilities in the yURL ReTwitt plugin 1.4 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the ... Read more

    Affected Products : yurl_retwitt
    • Published: Dec. 19, 2014
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-9340

    Multiple cross-site request forgery (CSRF) vulnerabilities in the wpCommentTwit plugin 0.5 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the... Read more

    Affected Products : wpcommenttwit
    • Published: Dec. 19, 2014
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-9339

    Multiple cross-site request forgery (CSRF) vulnerabilities in the SPNbabble plugin 1.4.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (... Read more

    Affected Products : spnbabble
    • Published: Dec. 19, 2014
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-9338

    Multiple cross-site request forgery (CSRF) vulnerabilities in the O2Tweet plugin 0.0.4 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1)... Read more

    Affected Products : o2tweet
    • Published: Dec. 19, 2014
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-9337

    Multiple cross-site request forgery (CSRF) vulnerabilities in the Mikiurl Wordpress Eklentisi plugin 2.0 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) a... Read more

    Affected Products : mikiurl_wordpress_eklentisi
    • Published: Dec. 19, 2014
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-9336

    Multiple cross-site request forgery (CSRF) vulnerabilities in the iTwitter plugin 0.04 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1)... Read more

    Affected Products : itwitter
    • Published: Dec. 19, 2014
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-9335

    Multiple cross-site request forgery (CSRF) vulnerabilities in the DandyID Services plugin 1.5.9 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks vi... Read more

    Affected Products : dandyid_services
    • Published: Dec. 19, 2014
    • Modified: Apr. 12, 2025

  • 6.0

    MEDIUM
    CVE-2014-9324

    The GenericInterface in OTRS Help Desk 3.2.x before 3.2.17, 3.3.x before 3.3.11, and 4.0.x before 4.0.3 allows remote authenticated users to access and modify arbitrary tickets via unspecified vectors.... Read more

    Affected Products : otrs_help_desk
    • Published: Dec. 19, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293618 Results