Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2014-3193

    The SessionService::GetLastSession function in browser/sessions/session_service.cc in Google Chrome before 38.0.2125.101 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors that lever... Read more

    • Published: Oct. 08, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-3192

    Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/ProcessingInstruction.cpp in the DOM implementation in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of serv... Read more

    • Published: Oct. 08, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-3191

    Use-after-free vulnerability in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers a widget-position update that im... Read more

    • Published: Oct. 08, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-3190

    Use-after-free vulnerability in the Event::currentTarget function in core/events/Event.cpp in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other... Read more

    • Published: Oct. 08, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-3189

    The chrome_pdf::CopyImage function in pdf/draw_utils.cc in the PDFium component in Google Chrome before 38.0.2125.101 does not properly validate image-data dimensions, which allows remote attackers to cause a denial of service (out-of-bounds read) or poss... Read more

    • Published: Oct. 08, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-3188

    Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 do not properly handle the interaction of IPC and Google V8, which allows remote attackers to execute arbitrary code via vectors involving JSON data, related to improper parsing of an e... Read more

    • Published: Oct. 08, 2014
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-3187

    Google Chrome before 37.0.2062.60 and 38.x before 38.0.2125.59 on iOS does not properly restrict processing of (1) facetime:// and (2) facetime-audio:// URLs, which allows remote attackers to obtain video and audio data from a device via a crafted web sit... Read more

    Affected Products : chrome iphone_os
    • Published: Oct. 08, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-7299

    Unspecified vulnerability in administrative interfaces in ArubaOS 6.3.1.11, 6.3.1.11-FIPS, 6.4.2.1, and 6.4.2.1-FIPS on Aruba controllers allows remote attackers to bypass authentication, and obtain potentially sensitive information or add guest accounts,... Read more

    Affected Products : arubaos
    • Published: Oct. 08, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2014-7275

    The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof POP3 servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : getmail
    • Published: Oct. 08, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2014-7274

    The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IMAP servers and obtain s... Read more

    Affected Products : getmail
    • Published: Oct. 08, 2014
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-7273

    The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : getmail
    • Published: Oct. 08, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-7295

    The (1) Special:Preferences and (2) Special:UserLogin pages in MediaWiki before 1.19.20, 1.22.x before 1.22.12 and 1.23.x before 1.23.5 allows remote authenticated users to conduct cross-site scripting (XSS) attacks or have unspecified other impact via cr... Read more

    Affected Products : mediawiki
    • Published: Oct. 07, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-7235

    htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ari_auth cookie, related to the PHP unserial... Read more

    Affected Products : freepbx freepbx
    • Published: Oct. 07, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-7204

    jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service (infinite loop and CPU and disk consumption) via a crafted JavaScript file.... Read more

    • Published: Oct. 07, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-7189

    crpyto/tls in Go 1.1 before 1.3.2, when SessionTicketsDisabled is enabled, allows man-in-the-middle attackers to spoof clients via unspecified vectors.... Read more

    Affected Products : go
    • Published: Oct. 07, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-6603

    The SSHParseBanner function in SSH parser (app-layer-ssh.c) in Suricata before 2.0.4 allows remote attackers to bypass SSH rules, cause a denial of service (crash), or possibly have unspecified other impact via a crafted banner, which triggers a large mem... Read more

    Affected Products : suricata suricata
    • Published: Oct. 07, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-6434

    gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary commands via a the (1) a1 or (2) a2 parameter in a restart action.... Read more

    Affected Products : gopro_hero_firmware gopro_hero
    • Published: Oct. 07, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-6433

    gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary files via a the (1) a1 or (2) a2 parameter in a start action.... Read more

    Affected Products : gopro_hero_firmware gopro_hero
    • Published: Oct. 07, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-5503

    SQL injection vulnerability in the Guest Login Portal in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary SQL commands via the add_guest_user opcode.... Read more

    Affected Products : cyberoam_os
    • Published: Oct. 07, 2014
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2014-5502

    The Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote authenticated users to inject arbitrary commands via a (1) checkcert_key, (2) webclient_portal_settings, (3) sslvpn_liveuser_delete, or (4) ccc_flush_sql_file opcode.... Read more

    Affected Products : cyberoam_os
    • Published: Oct. 07, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 294832 Results