Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2015-9303

    The simple-share-buttons-adder plugin before 6.0.0 for WordPress has XSS.... Read more

    Affected Products : simple_share_buttons_adder
    • Published: Aug. 12, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9302

    The simple-fields plugin before 1.4.11 for WordPress has XSS.... Read more

    Affected Products : simple_fields
    • Published: Aug. 13, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9301

    The liveforms plugin before 3.2.0 for WordPress has SQL injection.... Read more

    Affected Products : live_forms
    • Published: Aug. 13, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9300

    The events-manager plugin before 5.5.7 for WordPress has multiple XSS issues.... Read more

    Affected Products : events_manager events_manager
    • Published: Aug. 13, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9299

    The events-manager plugin before 5.5.7.1 for WordPress has DOM XSS.... Read more

    Affected Products : events_manager events_manager
    • Published: Aug. 13, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9298

    The events-manager plugin before 5.6 for WordPress has code injection.... Read more

    Affected Products : events_manager events_manager
    • Published: Aug. 13, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9297

    The events-manager plugin before 5.6 for WordPress has XSS.... Read more

    Affected Products : events_manager events_manager
    • Published: Aug. 13, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9296

    The download-monitor plugin before 1.7.1 for WordPress has XSS related to add_query_arg.... Read more

    Affected Products : download_monitor
    • Published: Aug. 13, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9295

    The contact-form-plugin plugin before 3.96 for WordPress has XSS.... Read more

    Affected Products : contact_form
    • Published: Aug. 13, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9294

    The all-in-one-wp-security-and-firewall plugin before 3.9.5 for WordPress has XSS in add_query_arg and remove_query_arg function instances.... Read more

    • Published: Aug. 13, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9293

    The all-in-one-wp-security-and-firewall plugin before 3.9.8 for WordPress has XSS in the unlock request feature.... Read more

    • Published: Aug. 13, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-9292

    6kbbs 7.1 and 8.0 allows CSRF via portalchannel_ajax.php (id or code parameter) or admin.php (fileids parameter).... Read more

    Affected Products : 6kbbs
    • Published: Aug. 08, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-9291

    cPanel before 11.52.0.13 does not prevent arbitrary file-read operations via get_information_for_applications (CPANEL-1221).... Read more

    Affected Products : cpanel
    • Published: Aug. 01, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9290

    In FreeType before 2.6.1, a buffer over-read occurs in type1/t1parse.c on function T1_Get_Private_Dict where there is no check that the new values of cur and limit are sensible before going to Again.... Read more

    Affected Products : freetype
    • Published: Jul. 30, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2015-9289

    In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the userspace API. However, the code allows larger values such as ... Read more

    Affected Products : linux_kernel
    • Published: Jul. 27, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-9288

    The Unity Web Player plugin before 4.6.6f2 and 5.x before 5.0.3f2 allows attackers to read messages or access online services via a victim's credentials... Read more

    Affected Products : web_player
    • Published: Jul. 29, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9287

    Directory Traversal was discovered in University of Cambridge mod_ucam_webauth before 2.0.2. The key identification field ("kid") of the IdP's HTTP response message ("WLS-Response") can be manipulated by an attacker. The "kid" field is not signed like the... Read more

    • Published: May. 13, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9286

    Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.... Read more

    Affected Products : nodebb
    • Published: Apr. 30, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9285

    esoTalk 1.0.0g4 has XSS via the PATH_INFO to the conversations/ URI.... Read more

    Affected Products : esotalk
    • Published: Apr. 29, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-9284

    The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. ... Read more

    Affected Products : omniauth
    • Published: Apr. 26, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292818 Results