Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2015-5617

    SQL injection vulnerability in pub/m_pending_news/delete_pending_news.jsp in Enorth Webpublisher CMS allows remote attackers to execute arbitrary SQL commands via the cbNewsId parameter.... Read more

    Affected Products : webpublisher_cms
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-5606

    Vordel XML Gateway (acquired by Axway) version 7.2.2 could allow remote attackers to cause a denial of service via a specially crafted request.... Read more

    Affected Products : vordel_xml_gateway
    • Published: Apr. 03, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-5601

    edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files.... Read more

    Affected Products : edx-platform
    • Published: Jul. 29, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-5595

    Cross-site request forgery (CSRF) vulnerability in admin.php in Zenphoto before 1.4.9 allows remote attackers to hijack the authentication of admin users for requests that may cause a denial of service (resource consumption).... Read more

    Affected Products : zenphoto
    • Published: Dec. 31, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-5593

    The sanitize_string function in Zenphoto before 1.4.9 does not properly sanitize HTML tags, which allows remote attackers to perform a cross-site scripting (XSS) attack by wrapping a payload in "<<script></script>script>payload<script></script></script>",... Read more

    Affected Products : zenphoto
    • Published: Dec. 31, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-5592

    Incomplete blacklist in sanitize_string in Zenphoto before 1.4.9 allows remote attackers to conduct cross-site scripting (XSS) attacks.... Read more

    Affected Products : zenphoto
    • Published: Dec. 31, 2019
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2015-5591

    SQL injection vulnerability in Zenphoto before 1.4.9 allow remote administrators to execute arbitrary SQL commands.... Read more

    Affected Products : zenphoto
    • Published: Dec. 31, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-5524

    An issue was discovered on Samsung mobile devices with KK(4.4) and later software through 2015-05-13. There is a buffer overflow in datablock_write because the amount of received data is not validated. The Samsung ID is SVE-2015-4018 (December 2015).... Read more

    Affected Products : android
    • Published: Apr. 10, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2015-5484

    Cross-site scripting (XSS) vulnerability in the Plotly plugin before 1.0.3 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via a post.... Read more

    Affected Products : plotly
    • Published: Jan. 15, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-5483

    Multiple cross-site request forgery (CSRF) vulnerabilities in the Private Only plugin 3.5.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add users, (2) delete posts, or (3) modify PHP files via ... Read more

    Affected Products : private_only
    • Published: Jan. 28, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-5467

    web\ViewAction in Yii (aka Yii2) 2.x before 2.0.5 allows attackers to execute any local .php file via a relative path in the view parameeter.... Read more

    Affected Products : yii
    • Published: Sep. 21, 2023
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2015-5466

    Silicon Integrated Systems XGI WindowsXP Display Manager (aka XGI VGA Driver Manager and VGA Display Manager) 6.14.10.1090 allows local users to gain privileges via a crafted 0x96002404 IOCTL call.... Read more

    Affected Products : xgi_vga_display_manager
    • Published: Jan. 15, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-5463

    AxiomSL's Axiom java applet module (used for editing uploaded Excel files and associated Java RMI services) 9.5.3 and earlier allows remote attackers to (1) access data of other basic users through arbitrary SQL commands, (2) perform a horizontal and vert... Read more

    Affected Products : axiom
    • Published: Apr. 03, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-5462

    AxiomSL's Axiom Google Web Toolkit module 9.5.3 and earlier allows remote attackers to inject HTML into the scoping dashboard features.... Read more

    Affected Products : axiom
    • Published: Apr. 03, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-5384

    AxiomSL's Axiom Google Web Toolkit module 9.5.3 and earlier is vulnerable to a Session Fixation attack.... Read more

    Affected Products : axiom
    • Published: Apr. 03, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-5377

    Elasticsearch before 1.6.1 allows remote attackers to execute arbitrary code via unspecified vectors involving the transport protocol. NOTE: ZDI appears to claim that CVE-2015-3253 and CVE-2015-5377 are the same vulnerability... Read more

    Affected Products : elasticsearch
    • Published: Mar. 06, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-5361

    Background For regular, unencrypted FTP traffic, the FTP ALG can inspect the unencrypted control channel and open related sessions for the FTP data channel. These related sessions (gates) are specific to source and destination IPs and ports of client and ... Read more

    Affected Products : junos srx100 srx110 srx210 srx220 srx240 srx550 srx650 srx1400 srx3400 +18 more products
    • Published: Feb. 28, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-5350

    In Garden versions 0.22.0-0.329.0, a vulnerability has been discovered in the garden-linux nstar executable that allows access to files on the host system. By staging an application on Cloud Foundry using Diego and Garden installations with a malicious cu... Read more

    Affected Products : garden
    • Published: Mar. 19, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-5334

    Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (program crash) or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. No... Read more

    Affected Products : opensuse libressl
    • Published: Jan. 23, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-5333

    Memory leak in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (memory consumption) via a large number of ASN.1 object identifiers in X.509 certificates.... Read more

    Affected Products : opensuse libressl
    • Published: Jan. 23, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 292803 Results