Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

7.5

HIGH

CVE-2014-3200

Multiple unspecified vulnerabilities in Google Chrome before 38.0.2125.101 allow attackers to cause a denial of service or possibly have other impact via unknown vectors....

Affected Products : chrome enterprise_linux_server_supplementary enterprise_linux_desktop_supplementary enterprise_linux_server_supplementary_eus enterprise_linux_workstation_supplementary
Published: Oct. 08, 2014

Modified: Apr. 12, 2025
5.0

MEDIUM

CVE-2014-3199

The wrap function in bindings/core/v8/custom/V8EventCustom.cpp in the V8 bindings in Blink, as used in Google Chrome before 38.0.2125.101, has an erroneous fallback outcome for wrapper-selection failures, which allows remote attackers to cause a denial of...

Affected Products : chrome enterprise_linux_server_supplementary enterprise_linux_desktop_supplementary enterprise_linux_server_supplementary_eus enterprise_linux_workstation_supplementary
Published: Oct. 08, 2014

Modified: Apr. 12, 2025
5.0

MEDIUM

CVE-2014-3198

The Instance::HandleInputEvent function in pdf/instance.cc in the PDFium component in Google Chrome before 38.0.2125.101 interprets a certain -1 value as an index instead of a no-visible-page error code, which allows remote attackers to cause a denial of ...

Affected Products : chrome enterprise_linux_server_supplementary enterprise_linux_desktop_supplementary enterprise_linux_server_supplementary_eus enterprise_linux_workstation_supplementary
Published: Oct. 08, 2014

Modified: Apr. 12, 2025
5.0

MEDIUM

CVE-2014-3197

The NavigationScheduler::schedulePageBlock function in core/loader/NavigationScheduler.cpp in Blink, as used in Google Chrome before 38.0.2125.101, does not properly provide substitute data for pages blocked by the XSS auditor, which allows remote attacke...

Affected Products : chrome enterprise_linux_server_supplementary enterprise_linux_desktop_supplementary enterprise_linux_server_supplementary_eus enterprise_linux_workstation_supplementary
Published: Oct. 08, 2014

Modified: Apr. 12, 2025
7.5

HIGH

CVE-2014-3196

base/memory/shared_memory_win.cc in Google Chrome before 38.0.2125.101 on Windows does not properly implement read-only restrictions on shared memory, which allows attackers to bypass a sandbox protection mechanism via unspecified vectors....

Affected Products : chrome
Published: Oct. 08, 2014

Modified: Apr. 12, 2025
5.0

MEDIUM

CVE-2014-3195

Google V8, as used in Google Chrome before 38.0.2125.101, does not properly track JavaScript heap-memory allocations as allocations of uninitialized memory and does not properly concatenate arrays of double-precision floating-point numbers, which allows r...

Affected Products : chrome enterprise_linux_server_supplementary enterprise_linux_desktop_supplementary enterprise_linux_server_supplementary_eus enterprise_linux_workstation_supplementary
Published: Oct. 08, 2014

Modified: Apr. 12, 2025
7.5

HIGH

CVE-2014-3194

Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 38.0.2125.101 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors....

Affected Products : chrome enterprise_linux_server_supplementary enterprise_linux_desktop_supplementary enterprise_linux_server_supplementary_eus enterprise_linux_workstation_supplementary
Published: Oct. 08, 2014

Modified: Apr. 12, 2025
7.5

HIGH

CVE-2014-3193

The SessionService::GetLastSession function in browser/sessions/session_service.cc in Google Chrome before 38.0.2125.101 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors that lever...

Affected Products : chrome enterprise_linux_server_supplementary enterprise_linux_desktop_supplementary enterprise_linux_server_supplementary_eus enterprise_linux_workstation_supplementary
Published: Oct. 08, 2014

Modified: Apr. 12, 2025
7.5

HIGH

CVE-2014-3192

Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/ProcessingInstruction.cpp in the DOM implementation in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of serv...

Affected Products : chrome itunes iphone_os tvos safari enterprise_linux_server_supplementary enterprise_linux_desktop_supplementary enterprise_linux_server_supplementary_eus enterprise_linux_workstation_supplementary
Published: Oct. 08, 2014

Modified: Apr. 12, 2025
7.5

HIGH

CVE-2014-3191

Use-after-free vulnerability in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers a widget-position update that im...

Affected Products : chrome enterprise_linux_server_supplementary enterprise_linux_desktop_supplementary enterprise_linux_server_supplementary_eus enterprise_linux_workstation_supplementary
Published: Oct. 08, 2014

Modified: Apr. 12, 2025
7.5

HIGH

CVE-2014-3190

Use-after-free vulnerability in the Event::currentTarget function in core/events/Event.cpp in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other...

Affected Products : chrome enterprise_linux_server_supplementary enterprise_linux_desktop_supplementary enterprise_linux_server_supplementary_eus enterprise_linux_workstation_supplementary
Published: Oct. 08, 2014

Modified: Apr. 12, 2025
7.5

HIGH

CVE-2014-3189

The chrome_pdf::CopyImage function in pdf/draw_utils.cc in the PDFium component in Google Chrome before 38.0.2125.101 does not properly validate image-data dimensions, which allows remote attackers to cause a denial of service (out-of-bounds read) or poss...

Affected Products : chrome enterprise_linux_server_supplementary enterprise_linux_desktop_supplementary enterprise_linux_server_supplementary_eus enterprise_linux_workstation_supplementary
Published: Oct. 08, 2014

Modified: Apr. 12, 2025
10.0

HIGH

CVE-2014-3188

Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 do not properly handle the interaction of IPC and Google V8, which allows remote attackers to execute arbitrary code via vectors involving JSON data, related to improper parsing of an e...

Affected Products : chrome chrome_os enterprise_linux_server_supplementary enterprise_linux_desktop_supplementary enterprise_linux_server_supplementary_eus enterprise_linux_workstation_supplementary
Published: Oct. 08, 2014

Modified: Apr. 12, 2025
6.8

MEDIUM

CVE-2014-3187

Google Chrome before 37.0.2062.60 and 38.x before 38.0.2125.59 on iOS does not properly restrict processing of (1) facetime:// and (2) facetime-audio:// URLs, which allows remote attackers to obtain video and audio data from a device via a crafted web sit...

Affected Products : chrome iphone_os
Published: Oct. 08, 2014

Modified: Apr. 12, 2025
7.5

HIGH

CVE-2014-7299

Unspecified vulnerability in administrative interfaces in ArubaOS 6.3.1.11, 6.3.1.11-FIPS, 6.4.2.1, and 6.4.2.1-FIPS on Aruba controllers allows remote attackers to bypass authentication, and obtain potentially sensitive information or add guest accounts,...

Affected Products : arubaos
Published: Oct. 08, 2014

Modified: Apr. 12, 2025
5.8

MEDIUM

CVE-2014-7275

The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof POP3 servers and obtain sensitive information via a crafted certificate....

Affected Products : getmail
Published: Oct. 08, 2014

Modified: Apr. 12, 2025
5.8

MEDIUM

CVE-2014-7274

The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IMAP servers and obtain s...

Affected Products : getmail
Published: Oct. 08, 2014

Modified: Apr. 12, 2025
6.8

MEDIUM

CVE-2014-7273

The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate....

Affected Products : getmail
Published: Oct. 08, 2014

Modified: Apr. 12, 2025
3.5

LOW

CVE-2014-7295

The (1) Special:Preferences and (2) Special:UserLogin pages in MediaWiki before 1.19.20, 1.22.x before 1.22.12 and 1.23.x before 1.23.5 allows remote authenticated users to conduct cross-site scripting (XSS) attacks or have unspecified other impact via cr...

Affected Products : mediawiki
Published: Oct. 07, 2014

Modified: Apr. 12, 2025
10.0

HIGH

CVE-2014-7235

htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ari_auth cookie, related to the PHP unserial...

Affected Products : freepbx freepbx
Published: Oct. 07, 2014

Modified: Apr. 12, 2025

Showing 20 of 294799 Results

Browse by Apps

Latest CVE Feed

7.5

5.0

5.0

5.0

7.5

5.0

7.5

7.5

7.5

7.5

7.5

7.5

10.0

6.8

7.5

5.8

5.8

6.8

3.5

10.0

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable