Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2015-1431

    Cross-site scripting (XSS) vulnerability in includes/startup.php in phpBB before 3.0.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to "Relative Path Overwrite."... Read more

    Affected Products : phpbb
    • Published: Feb. 10, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4220

    Cross-site scripting (XSS) vulnerability in Cisco Unified Presence Server 9.1(1) allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCuq03773.... Read more

    Affected Products : unified_presence_server
    • Published: Jun. 25, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-3786

    The Bluetooth subsystem in Apple OS X before 10.10.5 does not properly restrict Notification Center Service access, which allows attackers to read Notification Center notifications of certain paired devices via a crafted app.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Aug. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-1852

    The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allo... Read more

    • Published: Apr. 17, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-2028

    CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.... Read more

    Affected Products : websphere_extreme_scale
    • Published: Oct. 04, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-2623

    Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2, and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, 12.1.2.0, and 12.1.3.0, allows remote attackers to aff... Read more

    Affected Products : fusion_middleware
    • Published: Jul. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-9032

    Cross-site scripting (XSS) vulnerability in the media-playlists feature in WordPress before 3.9.x before 3.9.3 and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : wordpress
    • Published: Nov. 25, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2010-3284

    Unspecified vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to obtain sensitive information via unknown vectors.... Read more

    Affected Products : system_management_homepage
    • Published: Sep. 24, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-4075

    Cross-site scripting (XSS) vulnerability in System.Web.Mvc.dll in Microsoft ASP.NET Model View Controller (MVC) 2.0 through 5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted web page, aka "MVC XSS Vulnerability."... Read more

    Affected Products : asp.net_model_view_controller
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-9059

    lib/setup.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide charset information in HTTP headers, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 charact... Read more

    Affected Products : moodle
    • Published: Nov. 24, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4142

    Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which trigg... Read more

    • Published: Jun. 15, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-2043

    Multiple cross-site scripting (XSS) vulnerabilities in Visualware MyConnection Server 8.2b allow remote attackers to inject arbitrary web script or HTML via the (1) bt, (2) variable, or (3) et parameter to myspeed/db/historyitem.... Read more

    Affected Products : myconnection_server
    • Published: Feb. 25, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-1437

    Multiple cross-site scripting (XSS) vulnerabilities in Asus RT-N10+ D1 router with firmware 2.1.1.1.70 allow remote attackers to inject arbitrary web script or HTML via the flag parameter to (1) result_of_get_changed_status.asp or (2) error_page.htm.... Read more

    Affected Products : rt-n10\+d1_firmware rt-n10\+d1
    • Published: Feb. 04, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4198

    Cross-site scripting (XSS) vulnerability in the web framework on Cisco Web Security Appliance (WSA) devices with software 8.5.0-497 allows remote attackers to inject arbitrary web script or HTML via an unspecified HTTP header, aka Bug ID CSCuu24409.... Read more

    • Published: Jun. 20, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-3004

    J-Web in Juniper Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D35, 12.1X46 before 12.1X46-D25, 12.1X47 before 12.1X47-D10, 12.3X48 before 12.3X48-D10, 12.2 before 12.2R9, 12.3 before 12.3R7, 13.2 before 13.2R6, 13.2X51 before 13.2X51-D20, 13.3 before... Read more

    Affected Products : junos junos
    • Published: Apr. 10, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-3824

    Cross-site scripting (XSS) vulnerability in the web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r6, 7.4 before 7.4r13, and 7.1 before 7.1r20 allows remote attackers to inject arbitrary web script or ... Read more

    Affected Products : junos_pulse_secure_access_service
    • Published: Sep. 29, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4174

    Cross-site scripting (XSS) vulnerability in the integrated web server on the Siemens Climatix BACnet/IP communication module with firmware before 10.34 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.... Read more

    Affected Products : climatix_bacnet\/ip
    • Published: Jun. 28, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-1275

    Cross-site scripting (XSS) vulnerability in org/chromium/chrome/browser/UrlUtilities.java in Google Chrome before 44.0.2403.89 on Android allows remote attackers to inject arbitrary web script or HTML via a crafted intent: URL, as demonstrated by a traili... Read more

    Affected Products : android chrome opensuse
    • Published: Jul. 23, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-2029

    Session fixation vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote attackers to hijack web sessions via a session identifier.... Read more

    Affected Products : websphere_extreme_scale
    • Published: Oct. 04, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-2064

    Multiple cross-site scripting (XSS) vulnerabilities in DLGuard 5, 4.6, and 4.5 allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) c, or (3) redirect parameter to index.php or (4) search field (searchTerm parameter) in the ... Read more

    Affected Products : dlguard
    • Published: Feb. 24, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 294326 Results