Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2015-9288

    The Unity Web Player plugin before 4.6.6f2 and 5.x before 5.0.3f2 allows attackers to read messages or access online services via a victim's credentials... Read more

    Affected Products : web_player
    • Published: Jul. 29, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9287

    Directory Traversal was discovered in University of Cambridge mod_ucam_webauth before 2.0.2. The key identification field ("kid") of the IdP's HTTP response message ("WLS-Response") can be manipulated by an attacker. The "kid" field is not signed like the... Read more

    • Published: May. 13, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9286

    Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.... Read more

    Affected Products : nodebb
    • Published: Apr. 30, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9285

    esoTalk 1.0.0g4 has XSS via the PATH_INFO to the conversations/ URI.... Read more

    Affected Products : esotalk
    • Published: Apr. 29, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-9284

    The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. ... Read more

    Affected Products : omniauth
    • Published: Apr. 26, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9282

    The Pie Chart Panel plugin through 2019-01-02 for Grafana is vulnerable to XSS via legend data or tooltip data. When a chart is included in a Grafana dashboard, this vulnerability could allow an attacker to gain remote unauthenticated access to the dashbo... Read more

    Affected Products : piechart-panel
    • Published: Feb. 06, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9281

    Logon Manager in SAS Web Infrastructure Platform before 9.4M3 allows reflected XSS on the Timeout page.... Read more

    • Published: Jan. 17, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2015-9280

    MailEnable before 8.60 allows XXE via an XML document in the request.aspx Options parameter.... Read more

    Affected Products : mailenable
    • Published: Jan. 16, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9279

    MailEnable before 8.60 allows Stored XSS via malformed use of "<img/src" with no ">" character in the body of an e-mail message.... Read more

    Affected Products : mailenable
    • Published: Jan. 16, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9278

    MailEnable before 8.60 allows Privilege Escalation because admin accounts could be created as a consequence of %0A mishandling in AUTH.TAB after a password-change request.... Read more

    Affected Products : mailenable
    • Published: Jan. 16, 2019
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2015-9277

    MailEnable before 8.60 allows Directory Traversal for reading the messages of other users, uploading files, and deleting files because "/../" and "/.. /" are mishandled.... Read more

    Affected Products : mailenable
    • Published: Jan. 16, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9276

    SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS by bypassing the anti-XSS mechanisms. It was possible to run JavaScript code when a victim user opens or replies to the attacker's email, which contained a malicious payload. Therefore... Read more

    Affected Products : smartermail
    • Published: Jan. 16, 2019
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2015-9275

    ARC 5.21q allows directory traversal via a full pathname in an archive file.... Read more

    Affected Products : arc
    • Published: Jan. 07, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-9274

    HarfBuzz before 1.0.4 allows remote attackers to cause a denial of service (invalid read of two bytes and application crash) because of GPOS and GSUB table mishandling, related to hb-ot-layout-gpos-table.hh, hb-ot-layout-gsub-table.hh, and hb-ot-layout-gs... Read more

    Affected Products : harfbuzz
    • Published: Nov. 15, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9273

    The wp-slimstat (aka Slimstat Analytics) plugin before 4.1.6.1 for WordPress has XSS via an HTTP Referer header, or via a field associated with JavaScript-based Referer tracking.... Read more

    Affected Products : slimstat_analytics
    • Published: Oct. 07, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9272

    The videowhisper-video-presentation plugin 3.31.17 for WordPress allows remote attackers to execute arbitrary code because vp/vw_upload.php considers a file safe when "html" are the last four characters, as demonstrated by a .phtml file containing PHP cod... Read more

    Affected Products : video_presentation
    • Published: Oct. 05, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9271

    The VideoWhisper videowhisper-video-conference-integration plugin 4.91.8 for WordPress allows remote attackers to execute arbitrary code because vc/vw_upload.php considers a file safe when "html" are the last four characters, as demonstrated by a .phtml f... Read more

    Affected Products : video_conference
    • Published: Oct. 04, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9270

    XSS exists in the the-holiday-calendar plugin before 1.11.3 for WordPress via the thc-month parameter.... Read more

    Affected Products : holiday_calendar
    • Published: Oct. 01, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-9269

    The export/content.php exportarticle feature in the wordpress-mobile-pack plugin before 2.1.3 2015-06-03 for WordPress allows remote attackers to obtain sensitive information because the content of a privately published post is sent in JSON format.... Read more

    Affected Products : wordpress_mobile_pack
    • Published: Oct. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2015-9268

    Nullsoft Scriptable Install System (NSIS) before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime.... Read more

    • Published: Oct. 01, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292803 Results