Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2014-8998

    lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the preg_replace function with the eval switch.... Read more

    Affected Products : x7_chat x7_chat
    • Published: Nov. 20, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-8997

    Unrestricted file upload vulnerability in the Photo functionality in DigitalVidhya Digi Online Examination System 2.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct reques... Read more

    Affected Products : digi_online_examination_system
    • Published: Nov. 20, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-8996

    Multiple cross-site scripting (XSS) vulnerabilities in Nibbleblog before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) author_name or (2) content parameter to index.php.... Read more

    Affected Products : nibbleblog
    • Published: Nov. 20, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-8995

    SQL injection vulnerability in Maarch LetterBox 2.8 allows remote attackers to execute arbitrary SQL commands via the UserId cookie.... Read more

    Affected Products : letterbox
    • Published: Nov. 20, 2014
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2014-8387

    cgi/utility.cgi in Advantech EKI-6340 2.05 Wi-Fi Mesh Access Point allows remote authenticated users to execute arbitrary commands via shell metacharacters in the pinghost parameter to ping.cgi.... Read more

    Affected Products : eki-6340_firmware eki-6340
    • Published: Nov. 20, 2014
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2014-2382

    The DfDiskLo.sys driver in Faronics Deep Freeze Standard and Enterprise 8.10 and earlier allows local administrators to cause a denial of service (crash) and execute arbitrary code via a crafted IOCTL request that writes to arbitrary memory locations, rel... Read more

    Affected Products : deep_freeze
    • Published: Nov. 20, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2014-8595

    arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not properly check privileges, which allows local HVM guest users to gain privileges or cause a denial of service (crash) via a crafted (1) CALL, (2) JMP, (3) RETF, (4) LCALL, (5) LJMP, or... Read more

    Affected Products : debian_linux xen opensuse
    • Published: Nov. 19, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-8594

    The do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x does not properly restrict updates to only PV page tables, which allows remote PV guests to cause a denial of service (NULL pointer dereference) by leveraging hardware emulation services... Read more

    Affected Products : debian_linux xen opensuse
    • Published: Nov. 19, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-7828

    FreeIPA 4.0.x before 4.0.5 and 4.1.x before 4.1.1, when 2FA is enabled, allows remote attackers to bypass the password requirement of the two-factor authentication leveraging an enabled OTP token, which triggers an anonymous bind.... Read more

    Affected Products : freeipa freeipa
    • Published: Nov. 19, 2014
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2014-6627

    Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2014-5342.... Read more

    Affected Products : clearpass
    • Published: Nov. 19, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-6626

    Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not properly restrict access to unspecified administrative functions, which allows remote attackers to bypass authentication and execute administrative actions via unknown vectors.... Read more

    Affected Products : clearpass
    • Published: Nov. 19, 2014
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2014-6625

    The Policy Manager in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote authenticated users to gain privileges via unspecified vectors.... Read more

    Affected Products : clearpass
    • Published: Nov. 19, 2014
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-6624

    The Insight module in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote authenticated users to read arbitrary files via unspecified vectors.... Read more

    Affected Products : clearpass
    • Published: Nov. 19, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-6622

    Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to determine the validity of filenames via unspecified vectors.... Read more

    Affected Products : clearpass
    • Published: Nov. 19, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-6621

    Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not disable the troubleshooting and diagnostics page in production systems, which allows remote attackers to obtain version numbers, module configuration, and other sensitive information by... Read more

    Affected Products : clearpass
    • Published: Nov. 19, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-5342

    Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2014-6627.... Read more

    Affected Products : clearpass
    • Published: Nov. 19, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-8629

    Cross-site scripting (XSS) vulnerability in the Page visualization agents in Pandora FMS 5.1 SP1 and earlier allows remote attackers to inject arbitrary web script or HTML via the refr parameter to index.php.... Read more

    • Published: Nov. 19, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-7290

    Multiple cross-site scripting (XSS) vulnerabilities in Atlas Systems Aeon 3.5 and 3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) Action or (2) Form parameter to aeon.dll.... Read more

    Affected Products : aeon
    • Published: Nov. 19, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-7910

    Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.... Read more

    Affected Products : chrome
    • Published: Nov. 19, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-7909

    effects/SkDashPathEffect.cpp in Skia, as used in Google Chrome before 39.0.2171.65, computes a hash key using uninitialized integer values, which might allow remote attackers to cause a denial of service by rendering crafted data.... Read more

    Affected Products : chrome
    • Published: Nov. 19, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293942 Results