Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2014-7290

    Multiple cross-site scripting (XSS) vulnerabilities in Atlas Systems Aeon 3.5 and 3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) Action or (2) Form parameter to aeon.dll.... Read more

    Affected Products : aeon
    • Published: Nov. 19, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-7910

    Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.... Read more

    Affected Products : chrome
    • Published: Nov. 19, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-7909

    effects/SkDashPathEffect.cpp in Skia, as used in Google Chrome before 39.0.2171.65, computes a hash key using uninitialized integer values, which might allow remote attackers to cause a denial of service by rendering crafted data.... Read more

    Affected Products : chrome
    • Published: Nov. 19, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-7908

    Multiple integer overflows in the CheckMov function in media/base/container_names.cc in Google Chrome before 39.0.2171.65 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a large atom in (1) MPEG-4 or (2) Q... Read more

    Affected Products : chrome
    • Published: Nov. 19, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-7907

    Multiple use-after-free vulnerabilities in modules/screen_orientation/ScreenOrientationController.cpp in Blink, as used in Google Chrome before 39.0.2171.65, allow remote attackers to cause a denial of service or possibly have unspecified other impact via... Read more

    Affected Products : chrome
    • Published: Nov. 19, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-7906

    Use-after-free vulnerability in the Pepper plugins in Google Chrome before 39.0.2171.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Flash content that triggers an attempted PepperMediaDeviceMa... Read more

    Affected Products : chrome
    • Published: Nov. 19, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-7905

    Google Chrome before 39.0.2171.65 on Android does not prevent navigation to a URL in cases where an intent for the URL lacks CATEGORY_BROWSABLE, which allows remote attackers to bypass intended access restrictions via a crafted web site.... Read more

    Affected Products : chrome
    • Published: Nov. 19, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-7904

    Buffer overflow in Skia, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.... Read more

    Affected Products : chrome
    • Published: Nov. 19, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-7903

    Buffer overflow in OpenJPEG before r2911 in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JPEG image.... Read more

    Affected Products : chrome
    • Published: Nov. 19, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-7902

    Use-after-free vulnerability in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document.... Read more

    Affected Products : chrome
    • Published: Nov. 19, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-7901

    Integer overflow in the opj_t2_read_packet_data function in fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c in OpenJPEG in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified ot... Read more

    Affected Products : chrome
    • Published: Nov. 19, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-7900

    Use-after-free vulnerability in the CPDF_Parser::IsLinearizedFile function in fpdfapi/fpdf_parser/fpdf_parser_parser.cpp in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspeci... Read more

    Affected Products : chrome
    • Published: Nov. 19, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-7899

    Google Chrome before 38.0.2125.101 allows remote attackers to spoof the address bar by placing a blob: substring at the beginning of the URL, followed by the original URI scheme and a long username string.... Read more

    Affected Products : chrome
    • Published: Nov. 19, 2014
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2013-3678

    Multiple unspecified vulnerabilities in SAP Governance, Risk, and Compliance (GRC) allow remote authenticated users to gain privileges and execute arbitrary programs via a crafted (1) RFC or (2) SOAP-RFC request.... Read more

    Affected Products : governance_risk_and_compliance
    • Published: Nov. 19, 2014
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-7996

    Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Integrated Management Controller in Cisco Unified Computing System allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuq45477.... Read more

    Affected Products : unified_computing_system
    • Published: Nov. 18, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-7829

    Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4.2.0.beta4, when serve_static_assets is enabled, allows ... Read more

    Affected Products : opensuse rails ruby_on_rails actionpack
    • Published: Nov. 18, 2014
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2014-6324

    The Kerberos Key Distribution Center (KDC) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote authenticated domain users to ... Read more

    • Actively Exploited
    • Published: Nov. 18, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-4817

    The server in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.3.5.10 and 7.x before 7.1.1.100 allows remote attackers to bypass intended access restrictions and replace file backups by using a certain backup option in conjunction with a filename tha... Read more

    Affected Products : tivoli_storage_manager
    • Published: Nov. 18, 2014
    • Modified: Apr. 12, 2025

  • 6.4

    MEDIUM
    CVE-2014-8598

    The XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote attackers to (1) upload arbitrary XML files via the import page or (2) obtain sensitive information via the export page. NOTE: this issue can be combined with CV... Read more

    Affected Products : mantisbt
    • Published: Nov. 18, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-8475

    FreeBSD 9.1, 9.2, and 10.0, when compiling OpenSSH with Kerberos support, uses incorrect library ordering when linking sshd, which causes symbols to be resolved incorrectly and allows remote attackers to cause a denial of service (sshd deadlock and preven... Read more

    Affected Products : freebsd
    • Published: Nov. 18, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293685 Results