Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2014-3954

    Stack-based buffer overflow in rtsold in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted DNS parameters in a router advertisement message.... Read more

    Affected Products : freebsd
    • Published: Oct. 27, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-3711

    namei in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (memory exhaustion) via vectors that trigger a sandboxed process to look up a large number of nonexistent path names.... Read more

    Affected Products : freebsd
    • Published: Oct. 27, 2014
    • Modified: Apr. 12, 2025

  • 8.5

    HIGH
    CVE-2014-2988

    EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta allows remote authenticated administrators to execute arbitrary PHP code via crafted callback values to the call_us... Read more

    Affected Products : egroupware
    • Published: Oct. 27, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-0136

    The (1) get and (2) log methods in the AgentController in Red Hat CloudForms 3.0 Management Engine (CFME) 5.x allow remote attackers to insert arbitrary text into log files via unspecified vectors.... Read more

    Affected Products : cloudforms_3.0_management_engine
    • Published: Oct. 27, 2014
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2011-4953

    The set_mgmt_parameters function in item.py in cobbler before 2.2.2 allows context-dependent attackers to execute arbitrary code via vectors related to the use of the yaml.load function instead of the yaml.safe_load function, as demonstrated using Puppet.... Read more

    Affected Products : cobbler cobbler
    • Published: Oct. 27, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2011-4104

    The from_yaml method in serializers.py in Django Tastypie before 0.9.10 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method.... Read more

    Affected Products : tastypie
    • Published: Oct. 27, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2011-4103

    emitters.py in Django Piston before 0.2.3 and 0.2.x before 0.2.2.1 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method.... Read more

    Affected Products : piston
    • Published: Oct. 27, 2014
    • Modified: Apr. 12, 2025

  • 4.4

    MEDIUM
    CVE-2010-4820

    Untrusted search path vulnerability in Ghostscript 8.62 allows local users to execute arbitrary PostScript code via a Trojan horse Postscript library file in Encoding/ under the current working directory, a different vulnerability than CVE-2010-2055.... Read more

    Affected Products : ghostscript
    • Published: Oct. 27, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-6635

    Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.0 allows remote attackers to inject arbitrary web script or HTML via the src parameter in the search action to index.php.... Read more

    Affected Products : exponent_cms
    • Published: Oct. 26, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-5520

    SQL injection vulnerability in XRMS CRM, possibly 1.99.2, allows remote attackers to execute arbitrary SQL commands via the user_id parameter to plugins/webform/new-form.php, which is not properly handled by plugins/useradmin/fingeruser.php.... Read more

    Affected Products : xrms_crm
    • Published: Oct. 26, 2014
    • Modified: Apr. 12, 2025

  • 4.6

    MEDIUM
    CVE-2014-5148

    Xen 4.4.x, when running on an ARM system and "handling an unknown system register access from 64-bit userspace," returns to an instruction of the trap handler for kernel space faults instead of an instruction that is associated with faults in 64-bit users... Read more

    Affected Products : xen xen
    • Published: Oct. 26, 2014
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2014-3520

    OpenStack Identity (Keystone) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated trustees to gain access to an unauthorized project for which the trustor has certain roles via the project ID in a V2 API trust token... Read more

    Affected Products : keystone
    • Published: Oct. 26, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2013-7408

    F5 BIG-IP Analytics 11.x before 11.4.0 uses a predictable session cookie, which makes it easier for remote attackers to have unspecified impact by guessing the value.... Read more

    Affected Products : big-ip_analytics
    • Published: Oct. 26, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2013-6796

    The SMTP server in DeepOfix 3.3 and earlier allows remote attackers to bypass authentication via an empty password, which triggers an LDAP anonymous bind.... Read more

    Affected Products : deepofix
    • Published: Oct. 26, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-6037

    Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 allows remote attackers to execute arbitrary code by uploading a ZIP file which contains an executable file with .. (dot ... Read more

    Affected Products : manageengine_eventlog_analyzer
    • Published: Oct. 26, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-6133

    IBM API Management 3.x before 3.0.1.0 allows local users to obtain sensitive ciphertext information via unspecified vectors.... Read more

    Affected Products : api_management
    • Published: Oct. 26, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-6099

    The Change Password feature in IBM Sterling B2B Integrator 5.2.x through 5.2.4 does not have a lockout protection mechanism for invalid login requests, which makes it easier for remote attackers to obtain admin access via a brute-force approach.... Read more

    Affected Products : sterling_b2b_integrator
    • Published: Oct. 26, 2014
    • Modified: Apr. 12, 2025

  • 1.8

    LOW
    CVE-2014-4812

    The installer in IBM Security AppScan Source 8.x and 9.x through 9.0.1 has an open network port for a debug service, which allows remote attackers to obtain sensitive information by connecting to this port.... Read more

    Affected Products : security_appscan_source
    • Published: Oct. 26, 2014
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-2987

    Multiple cross-site request forgery (CSRF) vulnerabilities in EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta allow remote attackers to hijack the authentication o... Read more

    Affected Products : egroupware
    • Published: Oct. 26, 2014
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2013-1641

    Directory traversal vulnerability in the zip download functionality in QuiXplorer before 2.5.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the selitems[] parameter in a download_selected action to index.php.... Read more

    Affected Products : quixplorer
    • Published: Oct. 26, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 294273 Results