Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    MEDIUM
    CVE-2014-7296

    The default configuration in the accessibility engine in SpagoBI 5.0.0 does not set FEATURE_SECURE_PROCESSING, which allows remote authenticated users to execute arbitrary Java code via a crafted XSL document.... Read more

    Affected Products : spagobi
    • Published: Oct. 08, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-7231

    The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading t... Read more

    Affected Products : openstack nova cinder trove
    • Published: Oct. 08, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-7230

    The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log.... Read more

    Affected Products : ubuntu_linux openstack nova cinder trove
    • Published: Oct. 08, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-7229

    Unspecified vulnerability in Joomla! before 2.5.4 before 2.5.26, 3.x before 3.2.6, and 3.3.x before 3.3.5 allows attackers to cause a denial of service via unspecified vectors.... Read more

    Affected Products : joomla\!
    • Published: Oct. 08, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-7203

    libzmq (aka ZeroMQ/C++) 4.0.x before 4.0.5 does not ensure that nonces are unique, which allows man-in-the-middle attackers to conduct replay attacks via unspecified vectors.... Read more

    Affected Products : libzmq zeromq
    • Published: Oct. 08, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-7202

    stream_engine.cpp in libzmq (aka ZeroMQ/C++)) 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request.... Read more

    Affected Products : libzmq zeromq
    • Published: Oct. 08, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-6632

    Joomla! 2.5.x before 2.5.25, 3.x before 3.2.4, and 3.3.x before 3.3.4 allows remote attackers to authenticate and bypass intended access restrictions via vectors involving LDAP authentication.... Read more

    Affected Products : joomla\!
    • Published: Oct. 08, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-6631

    Cross-site scripting (XSS) vulnerability in com_media in Joomla! 3.2.x before 3.2.5 and 3.3.x before 3.3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : joomla\!
    • Published: Oct. 08, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-5376

    Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0, when a pre-generated key is used, does not validate that the requesting user matches the actor in the message, which allows remote authenticated users to impersonate arbitrary users via the actor fi... Read more

    Affected Products : moab
    • Published: Oct. 08, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-5375

    The server in Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0 does not properly validate the message owner matches the submitting user, which allows remote authenticated users to impersonate arbitrary users via the UserId and Owner tags.... Read more

    Affected Products : moab
    • Published: Oct. 08, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-5300

    Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0 allows remote attackers to bypass the signature check, impersonate arbitrary users, and execute commands via a message without a signature.... Read more

    Affected Products : moab
    • Published: Oct. 08, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-3641

    The (1) GlusterFS and (2) Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume with a crafted qcow2 header.... Read more

    Affected Products : cinder
    • Published: Oct. 08, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-7980

    Multiple cross-site scripting (XSS) vulnerabilities in template.php in Zen theme 7.x-3.x before 7.x-3.3 and 7.x-5.x before 7.x-5.5 for Drupal allow remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML v... Read more

    Affected Products : zen
    • Published: Oct. 08, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-7979

    Cross-site scripting (XSS) vulnerability in the SimpleCorp theme 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to theme settings.... Read more

    Affected Products : simplecorp
    • Published: Oct. 08, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-7978

    Cross-site scripting (XSS) vulnerability in the BlueMasters theme 7.x-2.x before 7.x-2.1 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to theme settings.... Read more

    Affected Products : bluemasters
    • Published: Oct. 08, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-7205

    Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for the hapi server framework for Node.js allows remote attackers to execute arbitrary Javascript code via unspecified vectors.... Read more

    Affected Products : bassmaster
    • Published: Oct. 08, 2014
    • Modified: Apr. 12, 2025

  • 6.4

    MEDIUM
    CVE-2014-7185

    Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function.... Read more

    Affected Products : python mac_os_x
    • Published: Oct. 08, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-6394

    visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" d... Read more

    Affected Products : fedora xcode node.js send
    • Published: Oct. 08, 2014
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2014-5308

    Multiple SQL injection vulnerabilities in TestLink 1.9.11 allow remote authenticated users to execute arbitrary SQL commands via the (1) name parameter in a Search action to lib/project/projectView.php or (2) id parameter to lib/events/eventinfo.php.... Read more

    Affected Products : testlink
    • Published: Oct. 08, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-7967

    Multiple unspecified vulnerabilities in Google V8 before 3.28.71.15, as used in Google Chrome before 38.0.2125.101, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.... Read more

    Affected Products : chrome v8
    • Published: Oct. 08, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 294799 Results