Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2014-2026

    Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to inject arbitrary web script or HTML via the request par... Read more

    Affected Products : intrexx
    • Published: Dec. 19, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2013-4442

    Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers.... Read more

    Affected Products : pwgen
    • Published: Dec. 19, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2013-4440

    Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack.... Read more

    Affected Products : pwgen
    • Published: Dec. 19, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-8272

    The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force ... Read more

    • Published: Dec. 19, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-7268

    Cross-site scripting (XSS) vulnerability in the data-export feature in the Ricksoft WBS Gantt-Chart add-on 7.8.1 and earlier for JIRA allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CV... Read more

    Affected Products : wbs_gantt-chart
    • Published: Dec. 19, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-7267

    Cross-site scripting (XSS) vulnerability in the output-page generator in the Ricksoft WBS Gantt-Chart add-on 7.8.1 and earlier for JIRA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerabi... Read more

    Affected Products : wbs_gantt-chart
    • Published: Dec. 19, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-7249

    Buffer overflow on the Allied Telesis AR440S, AR441S, AR442S, AR745, AR750S, AR750S-DP, AT-8624POE, AT-8624T/2M, AT-8648T/2SP, AT-8748XL, AT-8848, AT-9816GB, AT-9924T, AT-9924Ts, CentreCOM AR415S, CentreCOM AR450S, CentreCOM AR550S, CentreCOM AR570S, Cent... Read more

    • Published: Dec. 19, 2014
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-7241

    The TSUTAYA application 5.3 and earlier for Android allows remote attackers to execute arbitrary Java methods via a crafted HTML document.... Read more

    Affected Products : tsutaya
    • Published: Dec. 19, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-8902

    Cross-site scripting (XSS) vulnerability in the Blog Portlet in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF04 allows remote attackers to inject ar... Read more

    Affected Products : websphere_portal
    • Published: Dec. 19, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-8016

    The Cisco IronPort Email Security Appliance (ESA) allows remote attackers to cause a denial of service (CPU consumption) via long Subject headers in e-mail messages, aka Bug ID CSCzv93864.... Read more

    • Published: Dec. 19, 2014
    • Modified: Apr. 12, 2025

  • 4.9

    MEDIUM
    CVE-2014-6193

    IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF14 and 8.5.0 before CF04, when the Managed Pages setting is enabled, allows remote authenticated users to write to pages via an XML injection attack.... Read more

    Affected Products : websphere_portal
    • Published: Dec. 19, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-6173

    Cross-site scripting (XSS) vulnerability in the Process Inspector in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.... Read more

    Affected Products : business_process_manager
    • Published: Dec. 19, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-6171

    Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF04 allows remote attackers to inject arbitrary web script o... Read more

    Affected Products : websphere_portal
    • Published: Dec. 19, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-4801

    Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager 2.x through 2.0.1.1, 3.x before 3.0.1.6 iFix 4, 4.x before 4.0.7 iFix 2, and 5.x before 5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted U... Read more

    Affected Products : rational_quality_manager
    • Published: Dec. 19, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-8901

    IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted XML query.... Read more

    Affected Products : db2
    • Published: Dec. 18, 2014
    • Modified: Apr. 12, 2025

  • 5.1

    MEDIUM
    CVE-2014-8890

    IBM WebSphere Application Server Liberty Profile 8.5.x before 8.5.5.4 allows remote attackers to gain privileges by leveraging the combination of a servlet's deployment descriptor security constraints and ServletSecurity annotations.... Read more

    Affected Products : websphere_application_server
    • Published: Dec. 18, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-8014

    Cisco IOS XR allows remote attackers to cause a denial of service (RSVP process reload) via a malformed RSVP packet, aka Bug ID CSCub63710.... Read more

    Affected Products : ios_xr
    • Published: Dec. 18, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-8012

    Cross-site scripting (XSS) vulnerability in the WebVPN Portal Login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via crafted attributes in a cookie, aka Bug ID CSCuh24695.... Read more

    • Published: Dec. 18, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-6174

    IBM WebSphere Application Server 7.x before 7.0.0.37, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.4 allows remote attackers to conduct clickjacking attacks via a crafted web site.... Read more

    Affected Products : websphere_application_server
    • Published: Dec. 18, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-6167

    Cross-site scripting (XSS) vulnerability in the URL rewriting feature in IBM WebSphere Application Server 7.x before 7.0.0.37, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.4 allows remote attackers to inject arbitrary web script or HTML via a crafted URL... Read more

    Affected Products : websphere_application_server
    • Published: Dec. 18, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293646 Results