Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2015-6589

    Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.0.0.0 before 7.0.0.33, 8..0.0.0 before 8.0.0.23, 9.0.0.0 before 9.0.0.19, and 9.1.0.0 before 9.1.0.9 allows remote authenticated users to write to and execute arbitrary files... Read more

    Affected Products : virtual_system_administrator
    • EPSS Score: %15.62
    • Published: Feb. 13, 2020
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2015-6569

    Race condition in the LoadBalancer module in the Atlassian Floodlight Controller before 1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and thread crash) via a state manipulation attack.... Read more

    Affected Products : floodlight
    • EPSS Score: %0.51
    • Published: Feb. 21, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-6544

    Cross-site scripting (XSS) vulnerability in application/dashboard.class.inc.php in Combodo iTop before 2.2.0-2459 allows remote attackers to inject arbitrary web script or HTML via a dashboard title.... Read more

    Affected Products : itop
    • EPSS Score: %51.08
    • Published: Feb. 20, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-6497

    The create function in app/code/core/Mage/Catalog/Model/Product/Api/V2.php in Magento Community Edition (CE) before 1.9.2.1 and Enterprise Edition (EE) before 1.14.2.1, when used with PHP before 5.4.24 or 5.5.8, allows remote authenticated users to execut... Read more

    Affected Products : php magento
    • EPSS Score: %2.92
    • Published: Jan. 15, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-6495

    There is Sensitive Information in Cloudera Manager before 5.4.6 Diagnostic Support Bundles.... Read more

    Affected Products : cloudera_manager
    • EPSS Score: %0.40
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2015-6462

    Reflected Cross-Site Scripting (nonpersistent) allows an attacker to craft a specific URL, which contains Java script that will be executed on the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342... Read more

    • EPSS Score: %0.58
    • Published: Mar. 21, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2015-6461

    Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC we... Read more

    • EPSS Score: %0.31
    • Published: Mar. 21, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-6458

    Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to address the vulnerability.... Read more

    Affected Products : softcms
    • EPSS Score: %1.21
    • Published: Mar. 21, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-6457

    Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to address the vulnerability.... Read more

    Affected Products : softcms
    • EPSS Score: %1.21
    • Published: Mar. 21, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2015-6253

    edx-platform before 2015-08-17 allows XSS in the Studio listing of courses.... Read more

    Affected Products : edx-platform
    • EPSS Score: %0.21
    • Published: Jul. 29, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-6000

    Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.3.0 and earlier allows remote authenticated users to execute arbitrary code by uploadin... Read more

    Affected Products : vtiger_crm
    • EPSS Score: %77.42
    • Published: Feb. 06, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-5952

    Directory traversal vulnerability in Thomson Reuters for FATCA before 5.2 allows remote attackers to execute arbitrary files via the item parameter.... Read more

    Affected Products : fatca
    • EPSS Score: %2.15
    • Published: Jan. 15, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2015-5951

    A file upload issue exists in the specid parameter in Thomson Reuters FATCH before 5.2, which allows malicious users to upload arbitrary PHP files to the web root and execute system commands.... Read more

    Affected Products : fatca
    • EPSS Score: %3.07
    • Published: Jan. 06, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-5745

    Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message.... Read more

    Affected Products : fedora qemu eos
    • EPSS Score: %1.92
    • Published: Jan. 23, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-5741

    The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields.... Read more

    Affected Products : enterprise_linux go openstack
    • EPSS Score: %1.75
    • Published: Feb. 08, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-5725

    SQL injection vulnerability in the offset method in the Active Record class in CodeIgniter before 2.2.4 allows remote attackers to execute arbitrary SQL commands via vectors involving the offset variable.... Read more

    Affected Products : codeigniter
    • EPSS Score: %0.70
    • Published: Feb. 21, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-5694

    Designate does not enforce the DNS protocol limit concerning record set sizes... Read more

    • EPSS Score: %0.94
    • Published: Nov. 22, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-5686

    Parts of the Puppet Enterprise Console 3.x were found to be susceptible to clickjacking and CSRF (Cross-Site Request Forgery) attacks. This would allow an attacker to redirect user input to an untrusted site or hijack a user session.... Read more

    Affected Products : puppet_enterprise
    • EPSS Score: %0.14
    • Published: Feb. 27, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-5684

    MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A buffer overflow vulnerability was reported, (fixed and publicly disclosed in 2015) in the Lenovo Service Engine (LSE), affecting various versions of BIOS for Lenovo Note... Read more

    • EPSS Score: %4.06
    • Published: Mar. 27, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-5674

    The routed daemon in FreeBSD 9.3 before 9.3-RELEASE-p22, 10.2-RC2 before 10.2-RC2-p1, 10.2-RC1 before 10.2-RC1-p2, 10.2 before 10.2-BETA2-p3, and 10.1 before 10.1-RELEASE-p17 allows remote authenticated users to cause a denial of service (assertion failur... Read more

    Affected Products : freebsd
    • EPSS Score: %1.02
    • Published: Feb. 05, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292425 Results