Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2014-5307

    Heap-based buffer overflow in the PavTPK.sys kernel mode driver of Panda Security 2014 products before hft131306s24_r1 allows local users to gain privileges via a crafted argument to a 0x222008 IOCTL call.... Read more

    • Published: Aug. 26, 2014
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-5263

    vmstate_xhci_event in hw/usb/hcd-xhci.c in QEMU 1.6.0 does not terminate the list with the VMSTATE_END_OF_LIST macro, which allows attackers to cause a denial of service (out-of-bounds access, infinite loop, and memory corruption) and possibly gain privil... Read more

    Affected Products : qemu
    • Published: Aug. 26, 2014
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-5035

    The Netconf (TCP) service in OpenDaylight 1.0 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference in an XML-RPC message, related to an XML External Entity (XXE) issue.... Read more

    Affected Products : opendaylight
    • Published: Aug. 26, 2014
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-3907

    Cross-site request forgery (CSRF) vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.11 for WordPress allows remote attackers to hijack the authentication of arbitrary users.... Read more

    Affected Products : mailpoet_newsletters
    • Published: Aug. 26, 2014
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2014-3524

    Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet.... Read more

    Affected Products : libreoffice openoffice
    • Published: Aug. 26, 2014
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-3061

    Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XS... Read more

    Affected Products : emptoris_spend_analysis
    • Published: Aug. 26, 2014
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2014-3041

    SQL injection vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2 allows remote authenticated users to execute arbitrary SQL comman... Read more

    Affected Products : emptoris_contract_management
    • Published: Aug. 26, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-3035

    Cross-site scripting (XSS) vulnerability in IBM Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.... Read more

    Affected Products : emptoris_spend_analysis
    • Published: Aug. 26, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-3034

    Cross-site scripting (XSS) vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2 allows remote authenticated users to inject arbitrar... Read more

    Affected Products : emptoris_contract_management
    • Published: Aug. 26, 2014
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-2528

    kcleanup.cpp in KDirStat 2.7.3 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a ' (single quote) character in the directory name, a different vulnerability than CVE-2014-2527.... Read more

    Affected Products : opensuse kdirstat
    • Published: Aug. 26, 2014
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-2527

    kcleanup.cpp in KDirStat 2.7.0 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a " (double quote) character in the directory name, a different vulnerability than CVE-2014-2528.... Read more

    Affected Products : opensuse kdirstat
    • Published: Aug. 26, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-0483

    The administrative interface (contrib.admin) in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to... Read more

    Affected Products : opensuse django
    • Published: Aug. 26, 2014
    • Modified: Apr. 12, 2025

  • 6.0

    MEDIUM
    CVE-2014-0482

    The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated us... Read more

    Affected Products : opensuse django
    • Published: Aug. 26, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-0481

    The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is uploade... Read more

    Affected Products : debian_linux opensuse django opensuse
    • Published: Aug. 26, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2014-0480

    The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // (slash slash) in... Read more

    Affected Products : opensuse django
    • Published: Aug. 26, 2014
    • Modified: Apr. 12, 2025

  • 4.9

    MEDIUM
    CVE-2014-4790

    IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 and Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 do not properly... Read more

    • Published: Aug. 26, 2014
    • Modified: Apr. 12, 2025

  • 4.6

    MEDIUM
    CVE-2014-3335

    Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of packets with multicast destination MAC addresses, which allows remote attackers to cause a denial of service (chip and card hangs) via a crafted packet, aka... Read more

    • Published: Aug. 26, 2014
    • Modified: Apr. 12, 2025

  • 6.0

    MEDIUM
    CVE-2014-3040

    Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2; Emptoris Sourcing Portfolio 9.5.x before 9.5... Read more

    • Published: Aug. 26, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-3033

    Cross-site scripting (XSS) vulnerability in IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote authenticated users to inject arbitrary web script or HTML via... Read more

    Affected Products : emptoris_sourcing_portfolio
    • Published: Aug. 26, 2014
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2013-6335

    The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not... Read more

    • Published: Aug. 26, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 294863 Results