Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

4.0

MEDIUM

CVE-2014-3641

The (1) GlusterFS and (2) Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume with a crafted qcow2 header....

Affected Products : cinder
Published: Oct. 08, 2014

Modified: Apr. 12, 2025
3.5

LOW

CVE-2014-7980

Multiple cross-site scripting (XSS) vulnerabilities in template.php in Zen theme 7.x-3.x before 7.x-3.3 and 7.x-5.x before 7.x-5.5 for Drupal allow remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML v...

Affected Products : zen
Published: Oct. 08, 2014

Modified: Apr. 12, 2025
3.5

LOW

CVE-2014-7979

Cross-site scripting (XSS) vulnerability in the SimpleCorp theme 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to theme settings....

Affected Products : simplecorp
Published: Oct. 08, 2014

Modified: Apr. 12, 2025
3.5

LOW

CVE-2014-7978

Cross-site scripting (XSS) vulnerability in the BlueMasters theme 7.x-2.x before 7.x-2.1 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to theme settings....

Affected Products : bluemasters
Published: Oct. 08, 2014

Modified: Apr. 12, 2025
10.0

HIGH

CVE-2014-7205

Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for the hapi server framework for Node.js allows remote attackers to execute arbitrary Javascript code via unspecified vectors....

Affected Products : bassmaster
Published: Oct. 08, 2014

Modified: Apr. 12, 2025
6.4

MEDIUM

CVE-2014-7185

Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function....

Affected Products : python mac_os_x
Published: Oct. 08, 2014

Modified: Apr. 12, 2025
7.5

HIGH

CVE-2014-6394

visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" d...

Affected Products : fedora xcode node.js send
Published: Oct. 08, 2014

Modified: Apr. 12, 2025
9.0

HIGH

CVE-2014-5308

Multiple SQL injection vulnerabilities in TestLink 1.9.11 allow remote authenticated users to execute arbitrary SQL commands via the (1) name parameter in a Search action to lib/project/projectView.php or (2) id parameter to lib/events/eventinfo.php....

Affected Products : testlink
Published: Oct. 08, 2014

Modified: Apr. 12, 2025
7.5

HIGH

CVE-2014-7967

Multiple unspecified vulnerabilities in Google V8 before 3.28.71.15, as used in Google Chrome before 38.0.2125.101, allow attackers to cause a denial of service or possibly have other impact via unknown vectors....

Affected Products : chrome v8
Published: Oct. 08, 2014

Modified: Apr. 12, 2025
7.5

HIGH

CVE-2014-3200

Multiple unspecified vulnerabilities in Google Chrome before 38.0.2125.101 allow attackers to cause a denial of service or possibly have other impact via unknown vectors....

Affected Products : chrome enterprise_linux_server_supplementary enterprise_linux_desktop_supplementary enterprise_linux_server_supplementary_eus enterprise_linux_workstation_supplementary
Published: Oct. 08, 2014

Modified: Apr. 12, 2025
5.0

MEDIUM

CVE-2014-3199

The wrap function in bindings/core/v8/custom/V8EventCustom.cpp in the V8 bindings in Blink, as used in Google Chrome before 38.0.2125.101, has an erroneous fallback outcome for wrapper-selection failures, which allows remote attackers to cause a denial of...

Affected Products : chrome enterprise_linux_server_supplementary enterprise_linux_desktop_supplementary enterprise_linux_server_supplementary_eus enterprise_linux_workstation_supplementary
Published: Oct. 08, 2014

Modified: Apr. 12, 2025
5.0

MEDIUM

CVE-2014-3198

The Instance::HandleInputEvent function in pdf/instance.cc in the PDFium component in Google Chrome before 38.0.2125.101 interprets a certain -1 value as an index instead of a no-visible-page error code, which allows remote attackers to cause a denial of ...

Affected Products : chrome enterprise_linux_server_supplementary enterprise_linux_desktop_supplementary enterprise_linux_server_supplementary_eus enterprise_linux_workstation_supplementary
Published: Oct. 08, 2014

Modified: Apr. 12, 2025
5.0

MEDIUM

CVE-2014-3197

The NavigationScheduler::schedulePageBlock function in core/loader/NavigationScheduler.cpp in Blink, as used in Google Chrome before 38.0.2125.101, does not properly provide substitute data for pages blocked by the XSS auditor, which allows remote attacke...

Affected Products : chrome enterprise_linux_server_supplementary enterprise_linux_desktop_supplementary enterprise_linux_server_supplementary_eus enterprise_linux_workstation_supplementary
Published: Oct. 08, 2014

Modified: Apr. 12, 2025
7.5

HIGH

CVE-2014-3196

base/memory/shared_memory_win.cc in Google Chrome before 38.0.2125.101 on Windows does not properly implement read-only restrictions on shared memory, which allows attackers to bypass a sandbox protection mechanism via unspecified vectors....

Affected Products : chrome
Published: Oct. 08, 2014

Modified: Apr. 12, 2025
5.0

MEDIUM

CVE-2014-3195

Google V8, as used in Google Chrome before 38.0.2125.101, does not properly track JavaScript heap-memory allocations as allocations of uninitialized memory and does not properly concatenate arrays of double-precision floating-point numbers, which allows r...

Affected Products : chrome enterprise_linux_server_supplementary enterprise_linux_desktop_supplementary enterprise_linux_server_supplementary_eus enterprise_linux_workstation_supplementary
Published: Oct. 08, 2014

Modified: Apr. 12, 2025
7.5

HIGH

CVE-2014-3194

Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 38.0.2125.101 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors....

Affected Products : chrome enterprise_linux_server_supplementary enterprise_linux_desktop_supplementary enterprise_linux_server_supplementary_eus enterprise_linux_workstation_supplementary
Published: Oct. 08, 2014

Modified: Apr. 12, 2025
7.5

HIGH

CVE-2014-3193

The SessionService::GetLastSession function in browser/sessions/session_service.cc in Google Chrome before 38.0.2125.101 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors that lever...

Affected Products : chrome enterprise_linux_server_supplementary enterprise_linux_desktop_supplementary enterprise_linux_server_supplementary_eus enterprise_linux_workstation_supplementary
Published: Oct. 08, 2014

Modified: Apr. 12, 2025
7.5

HIGH

CVE-2014-3192

Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/ProcessingInstruction.cpp in the DOM implementation in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of serv...

Affected Products : chrome itunes iphone_os tvos safari enterprise_linux_server_supplementary enterprise_linux_desktop_supplementary enterprise_linux_server_supplementary_eus enterprise_linux_workstation_supplementary
Published: Oct. 08, 2014

Modified: Apr. 12, 2025
7.5

HIGH

CVE-2014-3191

Use-after-free vulnerability in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers a widget-position update that im...

Affected Products : chrome enterprise_linux_server_supplementary enterprise_linux_desktop_supplementary enterprise_linux_server_supplementary_eus enterprise_linux_workstation_supplementary
Published: Oct. 08, 2014

Modified: Apr. 12, 2025
7.5

HIGH

CVE-2014-3190

Use-after-free vulnerability in the Event::currentTarget function in core/events/Event.cpp in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other...

Affected Products : chrome enterprise_linux_server_supplementary enterprise_linux_desktop_supplementary enterprise_linux_server_supplementary_eus enterprise_linux_workstation_supplementary
Published: Oct. 08, 2014

Modified: Apr. 12, 2025

Showing 20 of 294848 Results

Browse by Apps

Latest CVE Feed

4.0

3.5

3.5

3.5

10.0

6.4

7.5

9.0

7.5

7.5

5.0

5.0

5.0

7.5

5.0

7.5

7.5

7.5

7.5

7.5

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable