Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2014-8745

    Cross-site scripting (XSS) vulnerability in the Custom Search module 6.x-1.x before 6.x-1.13 and 7.x-1.x before 7.x-1.15 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a ta... Read more

    Affected Products : custom_search_module
    • Published: Oct. 13, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-8744

    Cross-site scripting (XSS) vulnerability in the Nivo Slider module 7.x-2.x before 7.x-1.11 for Drupal allows remote authenticated users with the "administer nivo slider" permission to inject arbitrary web script or HTML via an image title.... Read more

    Affected Products : nivo_slider
    • Published: Oct. 13, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-8743

    Multiple cross-site scripting (XSS) vulnerabilities in the Maestro module 7.x-1.x before 7.x-1.4 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via a (1) Role or (2) Organic Group name.... Read more

    Affected Products : maestro maestro
    • Published: Oct. 13, 2014
    • Modified: Apr. 12, 2025

  • 4.7

    MEDIUM
    CVE-2014-8086

    Race condition in the ext4_file_write_iter function in fs/ext4/file.c in the Linux kernel through 3.17 allows local users to cause a denial of service (file unavailability) via a combination of a write action and an F_SETFL fcntl operation for the O_DIREC... Read more

    • Published: Oct. 13, 2014
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2014-7975

    The do_umount function in fs/namespace.c in the Linux kernel through 3.17 does not require the CAP_SYS_ADMIN capability for do_remount_sb calls that change the root filesystem to read-only, which allows local users to cause a denial of service (loss of wr... Read more

    Affected Products : linux_kernel ubuntu_linux
    • Published: Oct. 13, 2014
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2014-7970

    The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service (mount-tree loop) via . (dot) values in both ar... Read more

    • Published: Oct. 13, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-7297

    Unspecified vulnerability in the folder framework in the Enfold theme before 3.0.1 for WordPress has unknown impact and attack vectors.... Read more

    Affected Products : enfold
    • Published: Oct. 13, 2014
    • Modified: Apr. 12, 2025

  • 6.4

    MEDIUM
    CVE-2014-7284

    The net_get_random_once implementation in net/core/utils.c in the Linux kernel 3.13.x and 3.14.x before 3.14.5 on certain Intel processors does not perform the intended slow-path operation to initialize random seeds, which makes it easier for remote attac... Read more

    Affected Products : linux_kernel
    • Published: Oct. 13, 2014
    • Modified: Apr. 12, 2025

  • 4.9

    MEDIUM
    CVE-2014-7283

    The xfs_da3_fixhashpath function in fs/xfs/xfs_da_btree.c in the xfs implementation in the Linux kernel before 3.14.2 does not properly compare btree hash values, which allows local users to cause a denial of service (filesystem corruption, and OOPS or pa... Read more

    Affected Products : linux_kernel mrg_realtime
    • Published: Oct. 13, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-3091

    Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.1.x and 7.2.x allows remote attackers to inject arbitrary web script or HTML via a crafted URL.... Read more

    • Published: Oct. 13, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-1573

    Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not ensure that a scalar context is used for certain CGI parameters, which allows remote attackers to conduct cross-site scr... Read more

    Affected Products : fedora bugzilla
    • Published: Oct. 13, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-1572

    The confirm_create_account function in the account-creation feature in token.cgi in Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not specify a scalar context for the rea... Read more

    Affected Products : fedora bugzilla
    • Published: Oct. 13, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-1571

    Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 allows remote authenticated users to obtain sensitive private-comment information by leveraging a role as a flag recipient, relat... Read more

    Affected Products : fedora bugzilla
    • Published: Oct. 13, 2014
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-5328

    Buffer overflow in the Webserver component on the Huawei E5332 router before 21.344.27.00.1080 allows remote authenticated users to cause a denial of service (reboot) via a long parameter in an API service request message.... Read more

    Affected Products : e5332_firmware e5332
    • Published: Oct. 12, 2014
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-5327

    Buffer overflow in the Webserver component on the Huawei E5332 router before 21.344.27.00.1080 allows remote authenticated users to cause a denial of service (reboot) via a long URI.... Read more

    Affected Products : e5332_firmware e5332
    • Published: Oct. 12, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-6941

    The NOS Alive (aka pt.optimus.optimusalive2011) application 5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : nos_alive
    • Published: Oct. 11, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-6940

    The Absolute Lending Solutions (aka com.soln.S008F6C05EC0B63264B429F6D76286562) application 1.0073.b0073 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive inform... Read more

    Affected Products : absolute_lending_solutions
    • Published: Oct. 11, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-6939

    The Sketch W Friends FREE -Tablets (aka air.com.xlabz.SketchWFriendsFree) application 5.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a c... Read more

    Affected Products : sketch_w_friends_free_-tablets
    • Published: Oct. 11, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-6938

    The Apostilas musicais (aka com.apostilas) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : apostilas_musicais
    • Published: Oct. 11, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-6937

    The China CITIC Bank Credit Card (aka com.citiccard.mobilebank) application 3.3.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted cer... Read more

    Affected Products : china_citic_bank_credit_card
    • Published: Oct. 11, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 294826 Results