Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2015-1390

    Aruba AirWave before 8.0.7 allows XSS attacks agsinat an administrator.... Read more

    Affected Products : airwave
    • EPSS Score: %0.77
    • Published: Sep. 05, 2023
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2015-1343

    All versions of unity-scope-gdrive logs search terms to syslog.... Read more

    Affected Products : ubuntu_linux
    • EPSS Score: %0.18
    • Published: Apr. 22, 2019
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2015-1341

    Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function _python_module_path.... Read more

    Affected Products : ubuntu_linux apport
    • EPSS Score: %0.05
    • Published: Apr. 22, 2019
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2015-1340

    LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsafe Chmod() call that races against the stat in the Filepath.Walk() function. A symbolic link created in that window could cause any file on the system to have any mode of the attacker's... Read more

    Affected Products : lxd
    • EPSS Score: %0.32
    • Published: Apr. 22, 2019
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2015-1327

    Content Hub before version 0.0+15.04.20150331-0ubuntu1.0 DBUS API only requires a file path for a content item, it doesn't actually require the confined app have access to the file to create a transfer. This could allow a malicious application using the D... Read more

    Affected Products : ubuntu_linux
    • EPSS Score: %0.19
    • Published: Apr. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2015-1326

    python-dbusmock before version 0.15.1 AddTemplate() D-Bus method call or DBusTestCase.spawn_server_template() method could be tricked into executing malicious code if an attacker supplies a .pyc file.... Read more

    Affected Products : python-dbusmock
    • EPSS Score: %0.11
    • Published: Apr. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-1320

    The SeaMicro provisioning of Ubuntu MAAS logs credentials, including username and password, for the management interface. This issue affects Ubuntu MAAS versions prior to 1.9.2.... Read more

    Affected Products : metal_as_a_service
    • EPSS Score: %0.18
    • Published: Apr. 22, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-1316

    Juju Core's Joyent provider before version 1.25.5 uploads the user's private ssh key.... Read more

    Affected Products : juju
    • EPSS Score: %0.36
    • Published: Apr. 22, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-1313

    JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files that are returned to the web browser after an initial unauth... Read more

    Affected Products : teamcity
    • EPSS Score: %0.00
    • Published: Jun. 29, 2023
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2015-1290

    The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site.... Read more

    Affected Products : leap chrome qt
    • EPSS Score: %1.04
    • Published: Jan. 09, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2015-1208

    Integer underflow in the mov_read_default function in libavformat/mov.c in FFmpeg before 2.4.6 allows remote attackers to obtain sensitive information from heap and/or stack memory via a crafted MP4 file.... Read more

    Affected Products : ffmpeg
    • EPSS Score: %0.33
    • Published: Jan. 09, 2018
    • Modified: Nov. 21, 2024

  • 7.3

    HIGH
    CVE-2015-1014

    A successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in the system directory on servers running Schneider Electric OFS v3.5 with version v7.40 of SCADA Expert Vijeo Citect/CitectSCADA, OFS v3.5 with version v7.3... Read more

    • EPSS Score: %0.06
    • Published: Mar. 25, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-1012

    Wireless keys are stored in plain text on version 5 of the Hospira LifeCare PCA Infusion System. According to Hospira, version 3 of the LifeCare PCA Infusion System is not indicated for wireless use, is not shipped with wireless capabilities, and should n... Read more

    • EPSS Score: %0.14
    • Published: Mar. 25, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2015-1007

    A specially crafted configuration file could be used to cause a stack-based buffer overflow condition in the OPCTest.exe, which may allow remote code execution on Opto 22 PAC Project Professional versions prior to R9.4008, PAC Project Basic versions prior... Read more

    • EPSS Score: %0.54
    • Published: Mar. 25, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-1006

    A vulnerable file in Opto 22 PAC Project Professional versions prior to R9.4006, PAC Project Basic versions prior to R9.4006, PAC Display Basic versions prior to R9.4f, PAC Display Professional versions prior to R9.4f, OptoOPCServer versions prior to R9.4... Read more

    • EPSS Score: %1.26
    • Published: May. 10, 2019
    • Modified: Nov. 21, 2024

  • 8.6

    HIGH
    CVE-2015-1142857

    On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. This includes Linux kernel ixgbe driver before commit f079fa005aae08ee0e1bc32699874ff4f02e11c1, the Linux Kernel i40e/i40evf driver b... Read more

    • EPSS Score: %0.69
    • Published: Jan. 23, 2018
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2015-10132

    A vulnerability classified as problematic was found in Thimo Grauerholz WP-Spreadplugin up to 3.8.6.1 on WordPress. This vulnerability affects unknown code of the file spreadplugin.php. The manipulation of the argument Spreadplugin leads to cross site scr... Read more

    Affected Products :
    • Published: Apr. 21, 2024
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2015-10131

    A vulnerability was found in chrisy TFO Graphviz Plugin up to 1.9 on WordPress and classified as problematic. Affected by this issue is the function admin_page_load/admin_page of the file tfo-graphviz-admin.php. The manipulation leads to cross site script... Read more

    Affected Products :
    • Published: Mar. 31, 2024
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2015-10129

    A vulnerability was found in planet-freo up to 20150116 and classified as problematic. Affected by this issue is some unknown functionality of the file admin/inc/auth.inc.php. The manipulation of the argument auth leads to incorrect comparison. The attack... Read more

    Affected Products : planet-freo
    • EPSS Score: %0.10
    • Published: Feb. 04, 2024
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-10128

    A vulnerability was found in rt-prettyphoto Plugin up to 1.2 on WordPress and classified as problematic. Affected by this issue is the function royal_prettyphoto_plugin_links of the file rt-prettyphoto.php. The manipulation leads to cross site scripting. ... Read more

    Affected Products : royal_prettyphoto
    • EPSS Score: %0.17
    • Published: Jan. 02, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 292495 Results