Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2014-8990

    default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a filename.... Read more

    Affected Products : fedora debian_linux lsyncd
    • Published: Dec. 05, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-8123

    Buffer overflow in the bGetPPS function in wordole.c in Antiword 0.37 allows remote attackers to cause a denial of service (crash) via a crafted document.... Read more

    Affected Products : antiword
    • Published: Dec. 05, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-6040

    GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) ... Read more

    Affected Products : glibc
    • Published: Dec. 05, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-4703

    lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4701.... Read more

    Affected Products : nagios
    • Published: Dec. 05, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-4702

    The check_icmp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4701.... Read more

    Affected Products : nagios
    • Published: Dec. 05, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-4701

    The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4702.... Read more

    Affected Products : nagios
    • Published: Dec. 05, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-3627

    The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.11 and 2.x before 2.5.2, when using Kerberos authentication, allows remote cluster users to change the permissions of certain files to world-readable via a symlink attack in a public tar arc... Read more

    Affected Products : hadoop
    • Published: Dec. 05, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-3561

    The rhevm-log-collector package in Red Hat Enterprise Virtualization 3.4 uses the PostgreSQL database password on the command line when calling sosreport, which allows local users to obtain sensitive information by listing the processes.... Read more

    Affected Products : enterprise_virtualization
    • Published: Dec. 05, 2014
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2014-2273

    The hx170dec device driver in Huawei P2-6011 before V100R001C00B043 allows local users to read and write to arbitrary memory locations via unspecified vectors.... Read more

    Affected Products : p2-6011_firmware p2-6011
    • Published: Dec. 05, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2012-6656

    iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of "0xffff" to the iconv function when converting IBM930 encoded data to UTF-8... Read more

    Affected Products : ubuntu_linux debian_linux glibc
    • Published: Dec. 05, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-9215

    SQL injection vulnerability in the CheckEmail function in includes/functions.class.php in PBBoard 3.0.1 before 20141128 allows remote attackers to execute arbitrary SQL commands via the email parameter in the register page to index.php. NOTE: the email p... Read more

    Affected Products : pbboard
    • Published: Dec. 05, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-9212

    Multiple cross-site scripting (XSS) vulnerabilities in Altitude uAgent in Altitude uCI (Unified Customer Interaction) 7.5 allow remote attackers to inject arbitrary web script or HTML via (1) an email hyperlink or the (2) style parameter in the image attr... Read more

    • Published: Dec. 05, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-9144

    Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to execute arbitrary commands via shell metacharacters in the ping field (setobject_ip parameter).... Read more

    Affected Products : td5130_router_firmware
    • Published: Dec. 05, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-9143

    Open redirect vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the failrefer parameter.... Read more

    Affected Products : td5130_router_firmware
    • Published: Dec. 05, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-9142

    Cross-site scripting (XSS) vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to inject arbitrary web script or HTML via the failrefer parameter.... Read more

    Affected Products : td5130_router_firmware
    • Published: Dec. 05, 2014
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-9129

    Cross-site request forgery (CSRF) vulnerability in the CreativeMinds CM Downloads Manager plugin before 2.0.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks... Read more

    • Published: Dec. 05, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-8800

    Cross-site scripting (XSS) vulnerability in nextend-facebook-settings.php in the Nextend Facebook Connect plugin before 1.5.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the fb_login_button parameter in a newfb_update_... Read more

    Affected Products : nextend_facebook_connect
    • Published: Dec. 05, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-3997

    SQL injection vulnerability in the MetadataServlet servlet in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition 5 through 7 build 7003, IT360 and IT360 Managed Service Providers (MSP) edition before 1... Read more

    • Published: Dec. 05, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-3996

    SQL injection vulnerability in the LinkViewFetchServlet servlet in ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90043, Password Manager Pro (PMP) and Password Manager Pro Managed Service Prov... Read more

    • Published: Dec. 05, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-7868

    Multiple SQL injection vulnerabilities in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) OPM_BVNAME parameter in a ... Read more

    • Published: Dec. 04, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293633 Results