Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2014-7265

    Cross-site scripting (XSS) vulnerability in LinPHA allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : linpha
    • Published: Dec. 12, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2014-6316

    core/string_api.php in MantisBT before 1.2.18 does not properly categorize URLs when running under the web root, which allows remote attackers to conduct open redirect and phishing attacks via a crafted URL in the return parameter to login_page.php.... Read more

    Affected Products : mantisbt
    • Published: Dec. 12, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-6145

    Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence 10.1 before IF10, 10.1.1 before IF9, 10.2 before IF11, 10.2.1 before IF8, and 10.2.1.1 before IF7 allows remote authenticated users to inject arbitrary web script o... Read more

    Affected Products : cognos_business_intelligence
    • Published: Dec. 12, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-6138

    The IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows remote authenticated users to bypass intended grid-data access restrictions via unspecified vectors.... Read more

    • Published: Dec. 12, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-4323

    The mdp_lut_hw_update function in drivers/video/msm/mdp.c in the MDP display driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain start and length... Read more

    Affected Products : linux_kernel
    • Published: Dec. 12, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-7250

    The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly 2.0, and OpenBSD possibly 3.6, does not properly implement the session timer, which allows remote attackers to cause a denial of service (resource consumption) via crafted packets.... Read more

    Affected Products : freebsd netbsd openbsd bsd
    • Published: Dec. 12, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-4815

    Session fixation vulnerability in IBM Rational Lifecycle Integration Adapter for Windchill 1.x before 1.0.1 allows remote attackers to hijack web sessions via unspecified vectors.... Read more

    • Published: Dec. 12, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-7263

    Cross-site scripting (XSS) vulnerability in ULTRAPOP.JP i-HTTPD allows remote attackers to inject arbitrary web script or HTML via a crafted HTTP header, a different vulnerability than CVE-2014-7261.... Read more

    Affected Products : i-httpd
    • Published: Dec. 12, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-7262

    Cross-site scripting (XSS) vulnerability in the Omake BBS component in ULTRAPOP.JP i-HTTPD allows remote attackers to inject arbitrary web script or HTML via a crafted string.... Read more

    Affected Products : i-httpd
    • Published: Dec. 12, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-7261

    Cross-site scripting (XSS) vulnerability in ULTRAPOP.JP i-HTTPD allows remote attackers to inject arbitrary web script or HTML via a crafted string that is improperly rendered during construction of a directory index page, a different vulnerability than C... Read more

    Affected Products : i-httpd
    • Published: Dec. 12, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-7260

    The Server Side Includes (SSI) implementation in the File Upload BBS component in ULTRAPOP.JP i-HTTPD allows remote attackers to execute arbitrary commands by uploading files containing commands in SSI directives.... Read more

    Affected Products : i-httpd
    • Published: Dec. 12, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-7264

    Multiple cross-site scripting (XSS) vulnerabilities in admin/themes/default/pages/manage_users.twig in the Users Management feature in the admin component in Chyrp before 2.5.1 allow remote authenticated users to inject arbitrary web script or HTML via th... Read more

    Affected Products : chyrp
    • Published: Dec. 11, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-6215

    Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 before 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 allows remote authenticated users to inject arbitrary web... Read more

    Affected Products : websphere_portal
    • Published: Dec. 11, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-6163

    Cross-site scripting (XSS) vulnerability on the IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.... Read more

    • Published: Dec. 11, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-6143

    The IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows local users to obtain sensitive information by reading a response.... Read more

    • Published: Dec. 11, 2014
    • Modified: Apr. 12, 2025

  • 6.0

    MEDIUM
    CVE-2014-3058

    Cross-site request forgery (CSRF) vulnerability on the IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.... Read more

    • Published: Dec. 11, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-9264

    Stack-based buffer overflow in the .NET Data Provider in SAP SQL Anywhere allows remote attackers to execute arbitrary code via a crafted column alias.... Read more

    Affected Products : sql_anywhere
    • Published: Dec. 11, 2014
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2014-9192

    Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large ... Read more

    Affected Products : vtscada
    • Published: Dec. 11, 2014
    • Modified: Jul. 25, 2025

  • 9.0

    HIGH
    CVE-2014-8373

    The VMware Remote Console (VMRC) function in VMware vCloud Automation Center (vCAC) 6.0.1 through 6.1.1 allows remote authenticated users to gain privileges via vectors involving the "Connect (by) Using VMRC" function.... Read more

    Affected Products : vcloud_automation_center
    • Published: Dec. 11, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-8372

    AirWatch by VMware On-Premise 7.3.x before 7.3.3.0 (FP3) allows remote authenticated users to obtain the organizational information and statistics from arbitrary tenants via vectors involving a direct object reference.... Read more

    Affected Products : airwatch
    • Published: Dec. 11, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293620 Results