Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2014-5397

    Cross-site scripting (XSS) vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : wonderware_information_server
    • Published: Aug. 28, 2014
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2014-4619

    EMC RSA Identity Management and Governance (IMG) 6.5.x before 6.5.1 P11, 6.5.2 before P02HF01, and 6.8.x before 6.8.1 P07, when Novell Identity Manager (aka NovellIM) is used, allows remote attackers to bypass authentication via an arbitrary valid usernam... Read more

    • Published: Aug. 28, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-3344

    Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) 4.0 allow remote attackers to inject arbitrary web script or HTML via unspecifi... Read more

    • Published: Aug. 28, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-2381

    Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows local users to obtain sensitive information by reading a credential file.... Read more

    Affected Products : wonderware_information_server
    • Published: Aug. 28, 2014
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2014-2380

    Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows remote attackers to obtain sensitive information by reading a credential file.... Read more

    Affected Products : wonderware_information_server
    • Published: Aug. 28, 2014
    • Modified: Apr. 12, 2025

  • 4.7

    MEDIUM
    CVE-2014-0762

    The CG Automation Software DNP3 driver, used in the ePAQ-9410 Substation Gateway products, does not validate input correctly. An attacker could cause the software to go into an infinite loop, causing the process to crash. The system must be restarted m... Read more

    Affected Products : epaq-9410_substation_gateway
    • Published: Aug. 28, 2014
    • Modified: Sep. 19, 2025

  • 7.1

    HIGH
    CVE-2014-0761

    The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a denial of service (infinite loop or process crash) via a crafted TCP packet.... Read more

    Affected Products : epaq-9410_substation_gateway
    • Published: Aug. 28, 2014
    • Modified: Sep. 19, 2025

  • 10.0

    HIGH
    CVE-2014-3177

    Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3176.... Read more

    Affected Products : chrome
    • Published: Aug. 27, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-3176

    Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3177.... Read more

    Affected Products : chrome
    • Published: Aug. 27, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-3175

    Multiple unspecified vulnerabilities in Google Chrome before 37.0.2062.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors, related to the load_truetype_glyph function in truetype/ttgload.c in FreeType and oth... Read more

    Affected Products : chrome
    • Published: Aug. 27, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-3174

    modules/webaudio/BiquadDSPKernel.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 37.0.2062.94, does not properly consider concurrent threads during attempts to update biquad filter coefficients, which allows remote attack... Read more

    Affected Products : chrome
    • Published: Aug. 27, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-3173

    The WebGL implementation in Google Chrome before 37.0.2062.94 does not ensure that clear calls interact properly with the state of a draw buffer, which allows remote attackers to cause a denial of service (read of uninitialized memory) via a crafted CANVA... Read more

    Affected Products : chrome
    • Published: Aug. 27, 2014
    • Modified: Apr. 12, 2025

  • 6.4

    MEDIUM
    CVE-2014-3172

    The Debugger extension API in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 37.0.2062.94 does not validate a tab's URL before an attach operation, which allows remote attackers to bypass intended access limitations via an extensi... Read more

    Affected Products : chrome
    • Published: Aug. 27, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-3171

    Use-after-free vulnerability in the V8 bindings in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper use of HashMap add operations ins... Read more

    Affected Products : chrome
    • Published: Aug. 27, 2014
    • Modified: Apr. 12, 2025

  • 6.4

    MEDIUM
    CVE-2014-3170

    extensions/common/url_pattern.cc in Google Chrome before 37.0.2062.94 does not prevent use of a '\0' character in a host name, which allows remote attackers to spoof the extension permission dialog by relying on truncation after this character.... Read more

    Affected Products : chrome
    • Published: Aug. 27, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-3169

    Use-after-free vulnerability in core/dom/ContainerNode.cpp in the DOM implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging scrip... Read more

    Affected Products : debian_linux chrome opensuse
    • Published: Aug. 27, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-3168

    Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper caching associated with an... Read more

    Affected Products : debian_linux chrome opensuse
    • Published: Aug. 27, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2014-3596

    The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof... Read more

    Affected Products : axis
    • Published: Aug. 27, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-3575

    The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects.... Read more

    • Published: Aug. 27, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-5336

    Monkey HTTP Server before 1.5.3, when the File Descriptor Table (FDT) is enabled and custom error messages are set, allows remote attackers to cause a denial of service (file descriptor consumption) via an HTTP request that triggers an error message.... Read more

    Affected Products : monkey monkey_http_daemon
    • Published: Aug. 26, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 294863 Results