Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2015-9549

    A reflected Cross-site Scripting (XSS) vulnerability exists in OcPortal 9.0.20 via the OCF_EMOTICON_CELL.tpl FIELD_NAME field to data/emoticons.php.... Read more

    Affected Products : ocportal
    • Published: Aug. 03, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-9548

    An issue was discovered in Mattermost Server before 1.2.0. It allows attackers to cause a denial of service (memory consumption) via a small compressed file that has a large size when uncompressed.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2015-9547

    An issue was discovered on Samsung mobile devices with JBP(4.3) and KK(4.4.2) software. Because the READ_LOGS permission is mishandled, sensitive information is disclosed in a world-readable copy of the log file if the error message is "Unhandled exceptio... Read more

    Affected Products : android
    • Published: Apr. 10, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2015-9546

    An issue was discovered on Samsung mobile devices with KK(4.4) and later software through 2015-06-16. In some cases, HTTP is used for an Inputmethod, rather than HTTPS. A man-in-the-middle attacker can modify the client-server data stream to insert direct... Read more

    Affected Products : android
    • Published: Apr. 10, 2020
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2015-9545

    An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage() function in xdLocalStorage.js does not implement any validation of the origin of web messages. Remote attackers who can entice a user to load a malicious site can exploit this i... Read more

    Affected Products : cross_domain_local_storage
    • Published: Apr. 07, 2020
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2015-9544

    An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage() function in xdLocalStoragePostMessageApi.js does not implement any validation of the origin of web messages. Remote attackers who can entice a user to load a malicious site can ... Read more

    Affected Products : cross_domain_local_storage
    • Published: Apr. 07, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2015-9543

    An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. An attacker with read access to the service's logs may obtain tokens used for console access. All Nova setu... Read more

    Affected Products : nova
    • Published: Feb. 19, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-9542

    add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could send a crafted password to an application (loading the p... Read more

    Affected Products : ubuntu_linux debian_linux pam_radius
    • Published: Feb. 24, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-9541

    Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564.... Read more

    Affected Products : fedora qt
    • Published: Jan. 24, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9540

    Chamilo LMS through 1.9.10.2 allows a link_goto.php?link_url= open redirect, a related issue to CVE-2015-5503.... Read more

    Affected Products : chamilo_lms
    • Published: Jan. 04, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9539

    The Fast Secure Contact Form plugin before 4.0.38 for WordPress allows fs_contact_form1[welcome] XSS.... Read more

    Affected Products : fast_secure_contact_form
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-9538

    The NextGEN Gallery plugin before 2.1.15 for WordPress allows ../ Directory Traversal in path selection.... Read more

    Affected Products : nextgen_gallery
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2015-9537

    The NextGEN Gallery plugin before 2.1.10 for WordPress has multiple XSS issues involving thumbnail_width, thumbnail_height, thumbwidth, thumbheight, wmXpos, and wmYpos, and template.... Read more

    Affected Products : nextgen_gallery
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9504

    The weeklynews theme before 2.2.9 for WordPress has XSS via the s parameter.... Read more

    Affected Products : weeklynews_theme
    • Published: Oct. 23, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9503

    The Modern theme before 1.4.2 for WordPress has XSS via the genericons/example.html anchor identifier.... Read more

    Affected Products : modern_theme
    • Published: Oct. 23, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9502

    The Auberge theme before 1.4.5 for WordPress has XSS via the genericons/example.html anchor identifier.... Read more

    Affected Products : auberge_theme
    • Published: Oct. 23, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9501

    The Artificial Intelligence theme before 1.2.4 for WordPress has XSS because Genericons HTML files are unnecessarily placed under the web root.... Read more

    Affected Products : artificial_intelligence
    • Published: Oct. 22, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9500

    The Exquisite Ultimate Newspaper theme 1.3.3 for WordPress has XSS via the anchor identifier to assets/js/jquery.foundation.plugins.js.... Read more

    Affected Products : exquisite_ultimate_newspaper
    • Published: Oct. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9499

    The Showbiz Pro plugin through 1.7.1 for WordPress has PHP code execution by uploading a .php file within a ZIP archive.... Read more

    Affected Products : showbiz_pro
    • Published: Oct. 22, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-9498

    The wps-hide-login plugin before 1.1 for WordPress has CSRF that affects saving an option value.... Read more

    Affected Products : wps_hide_login
    • Published: Oct. 22, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292823 Results