Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2015-4179

    Multiple cross-site request forgery (CSRF) vulnerabilities in the Codestyling Localization plugin 1.99.30 and earlier for Wordpress.... Read more

    Affected Products : codestyling_localization
    • EPSS Score: %0.17
    • Published: Feb. 05, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-4117

    Vesta Control Panel before 0.9.8-14 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the backup parameter to list/backup/index.php.... Read more

    Affected Products : control_panel
    • EPSS Score: %7.86
    • Published: Feb. 28, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-4043

    SQL injection vulnerability in ConnX ESP HR Management 4.4.0 allows remote attackers to execute arbitrary SQL commands via the ctl00$cphMainContent$txtUserName parameter to frmLogin.aspx.... Read more

    Affected Products : esp_hr_management
    • EPSS Score: %0.44
    • Published: Jun. 19, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-4042

    Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings.... Read more

    Affected Products : coreutils
    • EPSS Score: %0.39
    • Published: Jan. 24, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2015-4041

    The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-... Read more

    Affected Products : coreutils
    • EPSS Score: %0.07
    • Published: Jan. 24, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2015-4039

    Multiple cross-site scripting (XSS) vulnerabilities in the WP Membership plugin 1.2.3 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via unspecified (1) profile fields or (2) new post content. NOTE: CVE-2015-4038 can... Read more

    Affected Products : wp_membership
    • EPSS Score: %0.30
    • Published: Jan. 06, 2020
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2015-3965

    Hospira Symbiq Infusion System 3.13 and earlier allows remote authenticated users to trigger "unanticipated operations" by leveraging "elevated privileges" for an unspecified call to an incorrectly exposed function.... Read more

    • EPSS Score: %0.44
    • Published: Mar. 23, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-3956

    Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior accept drug libraries, firmware updates, pump commands, and unauthorized configuration changes from... Read more

    • EPSS Score: %0.24
    • Published: Mar. 25, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-3954

    Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior give unauthenticated users root privileges on Port 23/TELNET by default. An unauthorized user could... Read more

    • EPSS Score: %0.54
    • Published: Mar. 25, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-3953

    Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and ... Read more

    • EPSS Score: %0.25
    • Published: Mar. 25, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-3952

    Wireless keys are stored in plain text on Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and ... Read more

    • EPSS Score: %0.12
    • Published: Mar. 25, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-3907

    CodeIgniter Rest Server (aka codeigniter-restserver) 2.7.1 allows XXE attacks.... Read more

    Affected Products : codeigniter-restserver
    • EPSS Score: %0.46
    • Published: Jul. 03, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-3898

    Multiple open redirect vulnerabilities in Bonita BPM Portal before 6.5.3 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the redirectUrl parameter to (1) bonita/login.jsp or (2) bonita/log... Read more

    Affected Products : bonita_bpm_portal
    • EPSS Score: %2.23
    • Published: Feb. 28, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-3888

    Jolla Sailfish OS before 1.1.2.16 allows remote attackers to spoof phone numbers and trigger calls to arbitrary numbers via spaces in a tel: URL.... Read more

    Affected Products : sailfish_os
    • EPSS Score: %0.24
    • Published: Jan. 12, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-3641

    bitcoind and Bitcoin-Qt prior to 0.10.2 allow attackers to cause a denial of service (disabled functionality such as a client application crash) via an "Easy" attack.... Read more

    Affected Products : bitcoin_core
    • EPSS Score: %0.83
    • Published: Mar. 12, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2015-3619

    Cross-site scripting (XSS) vulnerability in assets/js/vm2admin.js in the VirtueMart component before 3.0.8 for Joomla! allows remote attackers to inject arbitrary web script or HTML via vectors involving a "double encode combination of first_name, last_na... Read more

    Affected Products : virtuemart
    • EPSS Score: %0.23
    • Published: Feb. 06, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-3618

    Cross-site scripting (XSS) vulnerability in Nagios Business Process Intelligence (BPI) before 2.3.4 allows remote attackers to inject arbitrary web script or HTML via vectors involving index.php.... Read more

    Affected Products : business_process_intelligence
    • EPSS Score: %2.83
    • Published: Feb. 06, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-3613

    A vulnerability exists in in FortiManager 5.2.1 and earlier and 5.0.10 and earlier in the WebUI FTP backup page... Read more

    Affected Products : fortimanager
    • EPSS Score: %2.28
    • Published: Feb. 04, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2015-3612

    A Cross-site Scripting (XSS) vulnerability exists in FortiManager 5.2.1 and earlier and 5.0.10 and earlier via an unspecified parameter in the FortiWeb auto update service page.... Read more

    Affected Products : fortimanager
    • EPSS Score: %0.28
    • Published: Feb. 04, 2020
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2015-3611

    A Command Injection vulnerability exists in FortiManager 5.2.1 and earlier and FortiManager 5.0.10 and earlier via unspecified vectors, which could let a malicious user run systems commands when executing a report.... Read more

    Affected Products : fortimanager
    • EPSS Score: %6.68
    • Published: Feb. 04, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 292495 Results