Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2015-4987

    The search and replay servers in IBM Tealeaf Customer Experience 8.0 through 9.0.2 allow remote attackers to bypass authentication via unspecified vectors. IBM X-Force ID: 105896.... Read more

    Affected Products : tealeaf_customer_experience
    • EPSS Score: %0.15
    • Published: Mar. 27, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2015-4954

    IBM BigFix Remote Control before Interim Fix pack 9.1.2-TIV-IBRC912-IF0001 improperly allows self-signed certificates, which might allow remote attackers to conduct spoofing attacks via unspecified vectors. IBM X-Force ID: 105200.... Read more

    Affected Products : bigfix_remote_control
    • EPSS Score: %0.10
    • Published: Mar. 27, 2018
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2015-4953

    IBM BigFix Remote Control before Interim Fix pack 9.1.2-TIV-IBRC912-IF0001 makes it easier for man-in-the-middle attackers to decrypt traffic by leveraging a weakness in its encryption protocol. IBM X-Force ID: 105197.... Read more

    Affected Products : bigfix_remote_control
    • EPSS Score: %0.05
    • Published: Mar. 29, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-4952

    The on-demand plugin in IBM Endpoint Manager for Remote Control 9.0.1 and 9.1.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. IBM X-Force ID: 105196.... Read more

    • EPSS Score: %1.56
    • Published: Mar. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-4719

    The client API authentication mechanism in Pexip Infinity before 10 allows remote attackers to gain privileges via a crafted request.... Read more

    Affected Products : pexip_infinity
    • EPSS Score: %0.85
    • Published: Sep. 24, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-4664

    An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands.... Read more

    Affected Products : privileged_access_manager xsuite
    • EPSS Score: %56.54
    • Published: Jun. 18, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-4633

    Multiple SQL injection vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow (1) remote attackers to execute arbitrary SQL commands via the number parameter to opac-tags_subject.pl in t... Read more

    Affected Products : koha
    • EPSS Score: %4.18
    • Published: Oct. 18, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-4632

    Multiple directory traversal vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the template_path para... Read more

    Affected Products : koha
    • EPSS Score: %78.18
    • Published: Oct. 18, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2015-4631

    Multiple cross-site scripting (XSS) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to inject arbitrary web script or HTML via the (1) tag parameter to opac-searc... Read more

    Affected Products : koha
    • EPSS Score: %0.53
    • Published: Oct. 18, 2018
    • Modified: Nov. 21, 2024

  • 8.0

    HIGH
    CVE-2015-4630

    Multiple cross-site request forgery (CSRF) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to (1) hijack the authentication of administrators for requests that cr... Read more

    Affected Products : koha
    • EPSS Score: %0.67
    • Published: Oct. 18, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-4617

    Vulnerability in Easy2map-photos WordPress Plugin v1.09 MapPinImageUpload.php and MapPinIconSave.php allows path traversal when specifying file names creating files outside of the upload directory.... Read more

    Affected Products : easy2map-photos
    • EPSS Score: %0.36
    • Published: Feb. 15, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-4615

    Vulnerability in Easy2map-photos WordPress Plugin v1.09 allows SQL Injection via unsanitized mapTemplateName, mapName, mapSettingsXML, parentCSSXML, photoCSSXML, mapCSSXML, mapHTML,mapID variables... Read more

    Affected Products : easy2map-photos
    • EPSS Score: %0.76
    • Published: Feb. 15, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-4557

    Cross-site scripting (XSS) vulnerability in the new_Twitter_sign_button function in nextend-Twitter-connect.php in the Nextend Twitter Connect plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirec... Read more

    Affected Products : nextend_twitter_connect
    • EPSS Score: %0.41
    • Published: Apr. 12, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-4553

    A file upload issue exists in DeDeCMS before 5.7-sp1, which allows malicious users getshell.... Read more

    Affected Products : dedecms
    • EPSS Score: %38.52
    • Published: Jan. 06, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-4461

    Absolute path traversal vulnerability in eFront CMS 3.6.15.4 and earlier allows remote Professor users to obtain sensitive information via a full pathname in the other parameter.... Read more

    Affected Products : efront
    • EPSS Score: %0.35
    • Published: Feb. 05, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2015-4457

    Multiple cross-site scripting (XSS) vulnerabilities in the Cloudera Manager UI before 5.4.3 allow remote authenticated users to inject arbitrary web script or HTML using unspecified vectors.... Read more

    Affected Products : cloudera_manager
    • EPSS Score: %0.19
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-4412

    BSON injection vulnerability in the legal? function in BSON (bson-ruby) gem before 3.0.4 for Ruby allows remote attackers to cause a denial of service (resource consumption) or inject arbitrary data via a crafted string.... Read more

    Affected Products : bson
    • EPSS Score: %1.75
    • Published: Feb. 05, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-4411

    The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service (worker resource consumption) via a crafted string. NOTE: This issue is due to an incomplete fix to CVE-... Read more

    Affected Products : fedora bson
    • EPSS Score: %3.08
    • Published: Feb. 20, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-4410

    The Moped::BSON::ObjecId.legal? method in rubygem-moped before commit dd5a7c14b5d2e466f7875d079af71ad19774609b allows remote attackers to cause a denial of service (worker resource consumption) or perform a cross-site scripting (XSS) attack via a crafted ... Read more

    Affected Products : fedora moped
    • EPSS Score: %2.28
    • Published: Feb. 20, 2020
    • Modified: Nov. 21, 2024

  • 4.6

    MEDIUM
    CVE-2015-4400

    Ring (formerly DoorBot) video doorbells allow remote attackers to obtain sensitive information about the wireless network configuration by pressing the set up button and leveraging an API in the GainSpan Wi-Fi module.... Read more

    Affected Products : ring_firmware ring
    • EPSS Score: %0.15
    • Published: Feb. 06, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292495 Results