Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2014-4276

    Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Common Internet File System (CIFS).... Read more

    Affected Products : sunos solaris
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 4.9

    MEDIUM
    CVE-2014-4275

    Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via vectors related to SMB server kernel module.... Read more

    Affected Products : sunos solaris
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 4.1

    MEDIUM
    CVE-2014-4274

    Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to SERVER:MyISAM.... Read more

    Affected Products : mysql mariadb solaris
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2014-2478

    Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote attackers to affect confidentiality via unknown vectors.... Read more

    Affected Products : database_server
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-2476

    Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server (ttaauxserv), a different vulnerability than CVE-2014-2472,... Read more

    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-2475

    Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 4.63, 4.71, 5.0, and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server (ttaauxserv).... Read more

    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-2474

    Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server (ttaauxserv), a different vulnerability than CVE-2014-2472,... Read more

    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-2473

    Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server (ttaauxserv) and SGD SSL Daemon (ttassl).... Read more

    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-2472

    Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server (ttaauxserv), a different vulnerability than CVE-2014-2474,... Read more

    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2014-8750

    Race condition in the VMware driver in OpenStack Compute (Nova) before 2014.1.4 and 2014.2 before 2014.2rc1 allows remote authenticated users to access unintended consoles by spawning an instance that triggers the same VNC port to be allocated to two diff... Read more

    Affected Products : nova compute
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-8295

    SQL injection vulnerability in joblogs.php in Bacula-Web 5.2.10 allows remote attackers to execute arbitrary SQL commands via the jobid parameter.... Read more

    Affected Products : bacula-web
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-8294

    Multiple SQL injection vulnerabilities in Voice Of Web AllMyGuests 0.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) allmyphp_cookie cookie to admin.php or the (2) Username or (3) Password.... Read more

    Affected Products : voice_of_web_allmyguests
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-8293

    Cross-site scripting (XSS) vulnerability in Voice Of Web AllMyGuests 0.4.1 allows remote attackers to inject arbitrary web script or HTML via the AMG_signin_topic parameter to index.php.... Read more

    Affected Products : voice_of_web_allmyguests
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2014-7206

    The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file.... Read more

    Affected Products : advanced_package_tool apt
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-6312

    Cross-site request forgery (CSRF) vulnerability in the Login Widget With Shortcode (login-sidebar-widget) plugin before 3.2.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripti... Read more

    Affected Products : login_widget_with_shortcode
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-3681

    Cross-site scripting (XSS) vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : openshift jenkins
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-3664

    Directory traversal vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Overall/READ permission to read arbitrary files via unspecified vectors.... Read more

    Affected Products : openshift jenkins
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 6.0

    MEDIUM
    CVE-2014-3593

    Eval injection vulnerability in luci 0.26.0 allows remote authenticated users with certain permissions to execute arbitrary Python code via a crafted cluster configuration.... Read more

    Affected Products : luci
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2014-2927

    The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, 11.5.0 before HF4, 11.4.1 before HF4, 11.4.0 before HF7, 11.3.0 before HF9, and 11.2.1 before HF11 and Enterprise Manager 3.x before 3.1.1 HF2, when configured in failover mode, does not... Read more

    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-2576

    plugins/rssyl/feed.c in Claws Mail before 3.10.0 disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks.... Read more

    Affected Products : opensuse claws-mail
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 294836 Results