Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    MEDIUM
    CVE-2014-0168

    Cross-site request forgery (CSRF) vulnerability in Jolokia before 1.2.1 allows remote attackers to hijack the authentication of users for requests that execute MBeans methods via a crafted web page.... Read more

    Affected Products : jolokia
    • Published: Oct. 06, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-0140

    Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to access sensitive controllers and actions via a direct HTTP or HTTPS request.... Read more

    • Published: Oct. 06, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-0074

    Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an empty (1) username or (2) password.... Read more

    Affected Products : shiro
    • Published: Oct. 06, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2013-6496

    Red Hat Conga 0.12.2 allows remote attackers to obtain sensitive information via a crafted request to the (1) homebase, (2) cluster, (3) storage, (4) portal_skins/custom, or (5) logs Luci extension.... Read more

    Affected Products : conga
    • Published: Oct. 06, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-2644

    Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager (SIM) before 7.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.... Read more

    Affected Products : systems_insight_manager
    • Published: Oct. 06, 2014
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2013-2645

    Multiple cross-site request forgery (CSRF) vulnerabilities on the TP-LINK WR1043N router with firmware TL-WR1043ND_V1_120405 allow remote attackers to hijack the authentication of administrators for requests that (1) enable FTP access (aka "FTP directory ... Read more

    Affected Products : tl-wr1043nd_firmware firmware
    • Published: Oct. 06, 2014
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2014-7861

    The IOHIDSecurePromptClient function in Apple OS X does not properly validate pointer values, which allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted web site.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Oct. 05, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-3400

    Cisco WebEx Meetings Server allows remote authenticated users to obtain sensitive information by reading logs, aka Bug IDs CSCuq36417 and CSCuq40344.... Read more

    Affected Products : webex_meetings_server
    • Published: Oct. 05, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-3398

    The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to obtain potentially sensitive software-version information by reading the verbose response data that is provided for a request to an unspecified URL, ... Read more

    • Published: Oct. 05, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-3396

    Cisco IOS XR on ASR 9000 devices does not properly use compression for port-range and address-range encoding, which allows remote attackers to bypass intended Typhoon line-card ACL restrictions via transit traffic, aka Bug ID CSCup30133.... Read more

    • Published: Oct. 05, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-2645

    HP Systems Insight Manager (SIM) before 7.4 allows remote attackers to conduct clickjacking attacks via unknown vectors.... Read more

    Affected Products : systems_insight_manager
    • Published: Oct. 05, 2014
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2014-2643

    Unspecified vulnerability in HP Systems Insight Manager (SIM) before 7.4 allows remote authenticated users to gain privileges via unknown vectors.... Read more

    Affected Products : systems_insight_manager
    • Published: Oct. 05, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-7278

    The login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to cause a denial of service (persistent web-interface outage) via JavaScript code within unspecified "welcome message" form data that i... Read more

    Affected Products : sbg3300-n_firmware sbg3300-n
    • Published: Oct. 04, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-7277

    Cross-site scripting (XSS) vulnerability in the login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified "welcome message" form data that is i... Read more

    Affected Products : sbg3300-n_firmware sbg3300-n
    • Published: Oct. 04, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-6933

    The Toraware Takojyou (aka ltd.pte.wavea.torawaretakojyou) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificat... Read more

    Affected Products : toraware_takojyou
    • Published: Oct. 04, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-6932

    The All Navalny (aka com.all.navalny) application 1.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : all_navalny
    • Published: Oct. 04, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-6931

    The Treves Dance Center (aka com.myapphone.android.myapptrvesdancecenter) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a cra... Read more

    Affected Products : treves_dance_center
    • Published: Oct. 04, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-6930

    The Abram Radio Groove! (aka com.nobexinc.wls_79226887.rc) application 3.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certific... Read more

    Affected Products : abram_radio_groove\!
    • Published: Oct. 04, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-6929

    The AIHce 2014 (aka com.coreapps.android.followme.aihce2014) application 6.1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted cert... Read more

    Affected Products : aihce_2014
    • Published: Oct. 04, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-6928

    The Rastreador de Celulares (aka com.mobincube.android.sc_9KTH8) application 5.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted ce... Read more

    Affected Products : rastreador_de_celulares
    • Published: Oct. 04, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 294799 Results