Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2014-2648

    Unspecified vulnerability in HP Operations Manager 9.10 and 9.11 on UNIX allows remote attackers to execute arbitrary code via unknown vectors.... Read more

    Affected Products : operations_manager unix
    • Published: Oct. 10, 2014
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2014-2646

    Unspecified vulnerability in HP Network Automation 9.10 and 9.20 allows local users to bypass intended access restrictions via unknown vectors.... Read more

    Affected Products : network_automation
    • Published: Oct. 10, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-2638

    Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2344.... Read more

    Affected Products : sprinter
    • Published: Oct. 10, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-2637

    Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2342.... Read more

    Affected Products : sprinter
    • Published: Oct. 10, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-2636

    Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2336.... Read more

    Affected Products : sprinter
    • Published: Oct. 10, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-2635

    Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2343.... Read more

    Affected Products : sprinter
    • Published: Oct. 10, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-4488

    libgadu before 1.12.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers.... Read more

    Affected Products : libgadu
    • Published: Oct. 10, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-8079

    Cross-site scripting (XSS) vulnerability in the MAYO theme 7.x-1.x before 7.x-1.3 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to header background setting.... Read more

    Affected Products : mayo mayo
    • Published: Oct. 09, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-8078

    Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 6.x-1.x before 6.x-1.19, 7.x-1.x before 7.x-1.3, and 7.x-2.x before 7.x-2.0 for Drupal allows remote authenticated users with certain permissions to inject... Read more

    Affected Products : print
    • Published: Oct. 09, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-8077

    Cross-site scripting (XSS) vulnerability in the NewsFlash theme 6.x-1.x before 6.x-1.7 and 7.x-1.x before 7.x-2.5 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors relat... Read more

    Affected Products : newsflash
    • Published: Oct. 09, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-8076

    Cross-site scripting (XSS) vulnerability in the Professional theme 7.x before 7.x-2.04 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to custom copyright info... Read more

    Affected Products : professional_theme
    • Published: Oct. 09, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-8075

    Cross-site scripting (XSS) vulnerability in the Tribune module 6.x-1.x and 7.x-3.x for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a node title.... Read more

    Affected Products : tribune
    • Published: Oct. 09, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-8068

    Adobe Digital Editions (DE) 4 does not use encryption for transmission of data to adelogs.adobe.com, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by book-navigation information.... Read more

    Affected Products : digital_editions
    • Published: Oct. 09, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-7984

    Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to authenticate and bypass intended restrictions via vectors involving GMail authentication.... Read more

    Affected Products : joomla\!
    • Published: Oct. 08, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-7983

    Cross-site scripting (XSS) vulnerability in com_contact in Joomla! CMS 3.1.2 through 3.2.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : joomla\!
    • Published: Oct. 08, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-7982

    Cross-site scripting (XSS) vulnerability in Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : joomla\!
    • Published: Oct. 08, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-7981

    SQL injection vulnerability in Joomla! CMS 3.1.x and 3.2.x before 3.2.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.... Read more

    Affected Products : joomla\!
    • Published: Oct. 08, 2014
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-7296

    The default configuration in the accessibility engine in SpagoBI 5.0.0 does not set FEATURE_SECURE_PROCESSING, which allows remote authenticated users to execute arbitrary Java code via a crafted XSL document.... Read more

    Affected Products : spagobi
    • Published: Oct. 08, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-7231

    The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading t... Read more

    Affected Products : openstack nova cinder trove
    • Published: Oct. 08, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-7230

    The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log.... Read more

    Affected Products : ubuntu_linux openstack nova cinder trove
    • Published: Oct. 08, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 294836 Results