Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2014-6913

    The Dive The World (aka com.paperton.wl.divetheworld) application 1.53 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : dive_the_world
    • Published: Oct. 04, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-6912

    The IRA's 59th Annual Conference (aka com.coreapps.android.followme.ira_14) application 6.0.7.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via... Read more

    Affected Products : ira\'s_59th_annual_conference
    • Published: Oct. 04, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-6911

    The diziturky HD 2015 (aka com.adv.diziturky) application 2014 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : diziturky_hd_2015
    • Published: Oct. 04, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-6910

    The MemorizeIt! (aka com.kshinenterprises.kshinent.memorizeit) application 1.7.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted cert... Read more

    Affected Products : memorizeit\!
    • Published: Oct. 04, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-6909

    The Coca-Cola FM Peru (aka com.enyetech.radio.coca_cola.fm_pe) application 2.0.41716 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted ... Read more

    Affected Products : coca-cola_fm_peru
    • Published: Oct. 04, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-6908

    The Forum IC (aka com.tapatalk.forumimmigrercom) application 3.3.12 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : forum_ic
    • Published: Oct. 04, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-6907

    The Rakuten Install (aka co.jp.rakuten.installapp) application 1.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : rakuten_install
    • Published: Oct. 04, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-6906

    The Loli Chocolate Cake (aka com.alison.kang.chocolatecake) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certifi... Read more

    Affected Products : loli_chocolate_cake
    • Published: Oct. 04, 2014
    • Modified: Apr. 12, 2025

  • 7.1

    HIGH
    CVE-2014-5410

    The DNP3 feature on Rockwell Automation Allen-Bradley MicroLogix 1400 1766-Lxxxxx A FRN controllers 7 and earlier and 1400 1766-Lxxxxx B FRN controllers before 15.001 allows remote attackers to cause a denial of service (process disruption) via malformed ... Read more

    Affected Products : ab_micrologix_controller
    • Published: Oct. 03, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-0754

    Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6... Read more

    • Published: Oct. 03, 2014
    • Modified: Aug. 26, 2025

  • 6.8

    MEDIUM
    CVE-2014-6299

    Cross-site request forgery (CSRF) vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to hijack the authentication of users for requests that create posts via unspecified vectors.... Read more

    Affected Products : mm_forum
    • Published: Oct. 03, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-6298

    Unrestricted file upload vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors.... Read more

    Affected Products : mm_forum
    • Published: Oct. 03, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-6297

    Cross-site scripting (XSS) vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : mm_forum
    • Published: Oct. 03, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-6296

    Cross-site scripting (XSS) vulnerability in the WEC Map (wec_map) extension before 3.0.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : wec_map
    • Published: Oct. 03, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-6295

    SQL injection vulnerability in the WEC Map (wec_map) extension before 3.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.... Read more

    Affected Products : wec_map
    • Published: Oct. 03, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-6294

    Cross-site scripting (XSS) vulnerability in the External links click statistics (outstats) extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : external_links_click_statistics
    • Published: Oct. 03, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-6293

    SQL injection vulnerability in the Statistics (ke_stats) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in February 2014.... Read more

    Affected Products : statistics
    • Published: Oct. 03, 2014
    • Modified: Apr. 12, 2025

  • 6.4

    MEDIUM
    CVE-2014-6292

    The femanager extension before 1.0.9 for TYPO3 allows remote frontend users to modify or delete the records of other frontend users via unspecified vectors.... Read more

    Affected Products : femanager femanager
    • Published: Oct. 03, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-6291

    Cross-site scripting (XSS) vulnerability in the Alphabetic Sitemap (alpha_sitemap) extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : alphabetic_sitemap
    • Published: Oct. 03, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-6290

    The News (tt_news) extension before 3.5.2 for TYPO3 allows remote attackers to have unspecified impact via vectors related to an "insecure unserialize" issue.... Read more

    Affected Products : news
    • Published: Oct. 03, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 294846 Results