Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.6

    MEDIUM
    CVE-2014-5148

    Xen 4.4.x, when running on an ARM system and "handling an unknown system register access from 64-bit userspace," returns to an instruction of the trap handler for kernel space faults instead of an instruction that is associated with faults in 64-bit users... Read more

    Affected Products : xen xen
    • Published: Oct. 26, 2014
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2014-3520

    OpenStack Identity (Keystone) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated trustees to gain access to an unauthorized project for which the trustor has certain roles via the project ID in a V2 API trust token... Read more

    Affected Products : keystone
    • Published: Oct. 26, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2013-7408

    F5 BIG-IP Analytics 11.x before 11.4.0 uses a predictable session cookie, which makes it easier for remote attackers to have unspecified impact by guessing the value.... Read more

    Affected Products : big-ip_analytics
    • Published: Oct. 26, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2013-6796

    The SMTP server in DeepOfix 3.3 and earlier allows remote attackers to bypass authentication via an empty password, which triggers an LDAP anonymous bind.... Read more

    Affected Products : deepofix
    • Published: Oct. 26, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-6037

    Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 allows remote attackers to execute arbitrary code by uploading a ZIP file which contains an executable file with .. (dot ... Read more

    Affected Products : manageengine_eventlog_analyzer
    • Published: Oct. 26, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-6133

    IBM API Management 3.x before 3.0.1.0 allows local users to obtain sensitive ciphertext information via unspecified vectors.... Read more

    Affected Products : api_management
    • Published: Oct. 26, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-6099

    The Change Password feature in IBM Sterling B2B Integrator 5.2.x through 5.2.4 does not have a lockout protection mechanism for invalid login requests, which makes it easier for remote attackers to obtain admin access via a brute-force approach.... Read more

    Affected Products : sterling_b2b_integrator
    • Published: Oct. 26, 2014
    • Modified: Apr. 12, 2025

  • 1.8

    LOW
    CVE-2014-4812

    The installer in IBM Security AppScan Source 8.x and 9.x through 9.0.1 has an open network port for a debug service, which allows remote attackers to obtain sensitive information by connecting to this port.... Read more

    Affected Products : security_appscan_source
    • Published: Oct. 26, 2014
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-2987

    Multiple cross-site request forgery (CSRF) vulnerabilities in EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta allow remote attackers to hijack the authentication o... Read more

    Affected Products : egroupware
    • Published: Oct. 26, 2014
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2013-1641

    Directory traversal vulnerability in the zip download functionality in QuiXplorer before 2.5.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the selitems[] parameter in a download_selected action to index.php.... Read more

    Affected Products : quixplorer
    • Published: Oct. 26, 2014
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-3137

    Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ; (semi-colon) and a Conten... Read more

    Affected Products : bottle
    • Published: Oct. 25, 2014
    • Modified: Apr. 12, 2025

  • 3.7

    LOW
    CVE-2014-0476

    The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option.... Read more

    Affected Products : ubuntu_linux chkrootkit
    • Published: Oct. 25, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-4594

    The Payment for Webform module 7.x-1.x before 7.x-1.5 for Drupal does not restrict access by anonymous users, which allows remote anonymous users to use the payment of other anonymous users when submitting a form that requires payment.... Read more

    Affected Products : payment_for_webform
    • Published: Oct. 25, 2014
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-5075

    The Ignite Realtime Smack XMPP API 4.x before 4.0.2, and 3.x and 2.x when a custom SSLContext is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which... Read more

    Affected Products : jboss_fuse smack smack_api
    • Published: Oct. 25, 2014
    • Modified: Apr. 12, 2025

  • 4.4

    MEDIUM
    CVE-2014-1929

    python-gnupg 0.3.5 and 0.3.6 allows context-dependent attackers to have an unspecified impact via vectors related to "option injection through positional arguments." NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323.... Read more

    Affected Products : python-gnupg
    • Published: Oct. 25, 2014
    • Modified: Apr. 12, 2025

  • 4.6

    MEDIUM
    CVE-2014-1928

    The shell_quote function in python-gnupg 0.3.5 does not properly escape characters, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "\" (backslash) characters to for... Read more

    Affected Products : python-gnupg
    • Published: Oct. 25, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-1927

    The shell_quote function in python-gnupg 0.3.5 does not properly quote strings, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "$(" command-substitution sequences, ... Read more

    Affected Products : python-gnupg
    • Published: Oct. 25, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2014-3636

    D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disc... Read more

    Affected Products : dbus opensuse d-bus
    • Published: Oct. 25, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-6611

    The BlackBerry World app before 5.0.0.262 on BlackBerry 10 OS 10.2.0, before 5.0.0.263 on BlackBerry 10 OS 10.2.1, and before 5.1.0.53 on BlackBerry 10 OS 10.3.0 does not properly validate download/update requests, which allows user-assisted man-in-the-mi... Read more

    Affected Products : blackberry_os blackberry_world
    • Published: Oct. 25, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-6152

    Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Integrated Portal (TIP) 2.2.x allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : tivoli_integrated_portal
    • Published: Oct. 25, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 294283 Results