Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2014-7866

    Multiple directory traversal vulnerabilities in ZOHO ManageEngine OpManager 8 (build 88xx) through 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to write and execute arbitrary files via a .. (dot d... Read more

    • Published: Dec. 10, 2014
    • Modified: Apr. 12, 2025

  • 6.4

    MEDIUM
    CVE-2014-9360

    XML external entity (XXE) vulnerability in Scalix Web Access 11.4.6.12377 and 12.2.0.14697 allows remote attackers to read arbitrary files and trigger requests to intranet servers via a crafted request.... Read more

    Affected Products : web_access
    • Published: Dec. 10, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-9120

    Cross-site scripting (XSS) vulnerability in Subrion CMS before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to subrion/search/.... Read more

    Affected Products : subrion
    • Published: Dec. 10, 2014
    • Modified: Apr. 12, 2025

  • 4.6

    MEDIUM
    CVE-2014-9091

    Icecast before 2.4.0 does not change the supplementary group privileges when <changeowner> is configured, which allows local users to gain privileges via unspecified vectors.... Read more

    Affected Products : icecast icecast
    • Published: Dec. 10, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-8601

    PowerDNS Recursor before 3.6.2 does not limit delegation chaining, which allows remote attackers to cause a denial of service ("performance degradations") via a large or infinite number of referrals, as demonstrated by resolving domains hosted by ezdns.it... Read more

    Affected Products : debian_linux recursor
    • Published: Dec. 10, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-8298

    The NVIDIA Linux Discrete GPU drivers before R304.125, R331.x before R331.113, R340.x before R340.65, R343.x before R343.36, and R346.x before R346.22, Linux for Tegra (L4T) driver before R21.2, and Chrome OS driver before R40 allows remote attackers to c... Read more

    Affected Products : gpu_driver
    • Published: Dec. 10, 2014
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2014-8103

    X.Org Server (aka xserver and xorg-server) 1.15.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) s... Read more

    Affected Products : x_server xorg-server
    • Published: Dec. 10, 2014
    • Modified: Aug. 29, 2025

  • 6.5

    MEDIUM
    CVE-2014-8102

    The SProcXFixesSelectSelectionInput function in the XFixes extension in X.Org X Window System (aka X11 or X) X11R6.8.0 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-boun... Read more

    Affected Products : debian_linux x_server xorg-server x11
    • Published: Dec. 10, 2014
    • Modified: Aug. 29, 2025

  • 6.5

    MEDIUM
    CVE-2014-8101

    The RandR extension in XFree86 4.2.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execu... Read more

    Affected Products : x_server xorg-server x11 xfree86
    • Published: Dec. 10, 2014
    • Modified: Aug. 29, 2025

  • 6.5

    MEDIUM
    CVE-2014-8100

    The Render extension in XFree86 4.0.1, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly exec... Read more

    Affected Products : x_server xorg-server x11 xfree86
    • Published: Dec. 10, 2014
    • Modified: Aug. 29, 2025

  • 6.5

    MEDIUM
    CVE-2014-8099

    The XVideo extension in XFree86 4.0.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly exec... Read more

    Affected Products : x_server xorg-server x11 xfree86
    • Published: Dec. 10, 2014
    • Modified: Aug. 29, 2025

  • 6.5

    MEDIUM
    CVE-2014-8098

    The GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute a... Read more

    • Published: Dec. 10, 2014
    • Modified: Aug. 29, 2025

  • 6.5

    MEDIUM
    CVE-2014-8097

    The DBE extension in X.Org X Window System (aka X11 or X) X11R6.1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code ... Read more

    Affected Products : x_server xorg-server x11
    • Published: Dec. 10, 2014
    • Modified: Aug. 29, 2025

  • 6.5

    MEDIUM
    CVE-2014-8096

    The SProcXCMiscGetXIDList function in the XC-MISC extension in X.Org X Window System (aka X11 or X) X11R6.0 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or ... Read more

    Affected Products : debian_linux x_server xorg-server x11
    • Published: Dec. 10, 2014
    • Modified: Aug. 29, 2025

  • 6.5

    MEDIUM
    CVE-2014-8095

    The XInput extension in X.Org X Window System (aka X11 or X) X11R4 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code... Read more

    Affected Products : debian_linux x_server xorg-server x11
    • Published: Dec. 10, 2014
    • Modified: Aug. 29, 2025

  • 6.5

    MEDIUM
    CVE-2014-8094

    Integer overflow in the ProcDRI2GetBuffers function in the DRI2 extension in X.Org Server (aka xserver and xorg-server) 1.7.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary... Read more

    • Published: Dec. 10, 2014
    • Modified: Aug. 29, 2025

  • 6.5

    MEDIUM
    CVE-2014-8093

    Multiple integer overflows in the GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly ex... Read more

    Affected Products : x_server xorg-server x11 xfree86
    • Published: Dec. 10, 2014
    • Modified: Aug. 29, 2025

  • 6.5

    MEDIUM
    CVE-2014-8092

    Multiple integer overflows in X.Org X Window System (aka X11 or X) X11R1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted re... Read more

    Affected Products : x_server xorg-server x11
    • Published: Dec. 10, 2014
    • Modified: Aug. 29, 2025

  • 4.3

    MEDIUM
    CVE-2014-8091

    X.Org X Window System (aka X11 and X) X11R5 and X.Org Server (aka xserver and xorg-server) before 1.16.3, when using SUN-DES-1 (Secure RPC) authentication credentials, does not check the return value of a malloc call, which allows remote attackers to caus... Read more

    Affected Products : x_server xorg-server x11
    • Published: Dec. 10, 2014
    • Modified: Aug. 29, 2025

  • 6.8

    MEDIUM
    CVE-2014-7809

    Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable <s:token/> values, which allows remote attackers to bypass the CSRF protection mechanism.... Read more

    Affected Products : struts
    • Published: Dec. 10, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293634 Results