Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2014-8763

    DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\0) character and a valid user name, which triggers an unauthenticated bind.... Read more

    Affected Products : dokuwiki mageia
    • Published: Oct. 22, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-8762

    The ajax_mediadiff function in DokuWiki before 2014-05-05a allows remote attackers to access arbitrary images via a crafted namespace in the ns parameter.... Read more

    Affected Products : dokuwiki
    • Published: Oct. 22, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-8761

    inc/template.php in DokuWiki before 2014-05-05a only checks for access to the root namespace, which allows remote attackers to access arbitrary images via a media file details ajax call.... Read more

    Affected Products : dokuwiki
    • Published: Oct. 22, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-8381

    Multiple cross-site scripting (XSS) vulnerabilities in Megapolis.Portal Manager allow remote attackers to inject arbitrary web script or HTML via the (1) dateFrom or (2) dateTo parameter.... Read more

    Affected Products : megapolis.portal_manager
    • Published: Oct. 22, 2014
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2014-8325

    The Calendar Base (cal) extension before 1.5.9 and 1.6.x before 1.6.1 for TYPO3 allows remote attackers to cause a denial of service (resource consumption) via vectors related to the PHP PCRE library.... Read more

    Affected Products : calender_base
    • Published: Oct. 22, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-8088

    The (1) Zend_Ldap class in Zend before 1.12.9 and (2) Zend\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to bypass authentication via a password starting with a null byte, which triggers an unauthenticated bind.... Read more

    Affected Products : zend_framework
    • Published: Oct. 22, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-7968

    VDSM allows remote attackers to cause a denial of service (connection blocking) by keeping an SSL connection open.... Read more

    Affected Products : virtual_desktop_service_manager
    • Published: Oct. 22, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-7183

    Multiple cross-site scripting (XSS) vulnerabilities in the search.php in LiteCart 1.1.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query parameter or (2) QUERY_STRING.... Read more

    Affected Products : litecart
    • Published: Oct. 22, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-7182

    Multiple cross-site scripting (XSS) vulnerabilities in the WP Google Maps plugin before 6.0.27 for WordPress allow remote attackers to inject arbitrary web script or HTML via the poly_id parameter in an (1) edit_poly, (2) edit_polyline, or (3) edit_marker... Read more

    Affected Products : wp_go_maps
    • Published: Oct. 22, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-6387

    gpc_api.php in MantisBT 1.2.17 and earlier allows remote attackers to bypass authenticated via a password starting will a null byte, which triggers an unauthenticated bind.... Read more

    Affected Products : mantisbt
    • Published: Oct. 22, 2014
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2014-6352

    Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object, as exploited in... Read more

    • Actively Exploited
    • Published: Oct. 22, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-3677

    Unspecified vulnerability in Shim might allow attackers to execute arbitrary code via a crafted MOK list, which triggers memory corruption.... Read more

    Affected Products : shim
    • Published: Oct. 22, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-3676

    Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the "tftp:// DHCPv6 boot option."... Read more

    Affected Products : shim
    • Published: Oct. 22, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-3675

    Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 packet.... Read more

    Affected Products : shim
    • Published: Oct. 22, 2014
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2013-7407

    Cross-site request forgery (CSRF) vulnerability in the MRBS module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.... Read more

    Affected Products : mrbs_module
    • Published: Oct. 22, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2014-4450

    The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading credential values within uninte... Read more

    Affected Products : iphone_os
    • Published: Oct. 22, 2014
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-4449

    iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : iphone_os
    • Published: Oct. 22, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2014-4448

    House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID.... Read more

    Affected Products : iphone_os
    • Published: Oct. 22, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-3111

    Multiple cross-site scripting (XSS) vulnerabilities in FOG 0.27 through 0.32 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Printer Model field to the Printer Management page, (2) Image Name field to the Image Manageme... Read more

    Affected Products : fog
    • Published: Oct. 21, 2014
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2014-2531

    SQL injection vulnerability in xhr.php in InterWorx Web Control Panel (aka InterWorx Hosting Control Panel and InterWorx-CP) before 5.0.14 build 577 allows remote authenticated users to execute arbitrary SQL commands via the i parameter in a search action... Read more

    Affected Products : web_control_panel
    • Published: Oct. 21, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 294299 Results