Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2015-10009

    A vulnerability was found in nterchange up to 4.1.0. It has been rated as critical. This issue affects the function getContent of the file app/controllers/code_caller_controller.php. The manipulation of the argument q with the input %5C%27%29;phpinfo%28%2... Read more

    Affected Products : nterchange
    • EPSS Score: %0.07
    • Published: Jan. 02, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-10008

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in 82Flex WEIPDCRM. It has been classified as critical. This affects an unknown part. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The identifier of the ... Read more

    Affected Products : weipdcrm
    • EPSS Score: %0.05
    • Published: Jan. 02, 2023
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-10007

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in 82Flex WEIPDCRM and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. The name... Read more

    Affected Products : weipdcrm
    • EPSS Score: %0.07
    • Published: Jan. 02, 2023
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-10006

    A vulnerability, which was classified as problematic, has been found in admont28 Ingnovarq. Affected by this issue is some unknown functionality of the file app/controller/insertarSliderAjax.php. The manipulation of the argument imagetitle leads to cross ... Read more

    Affected Products : ingnovarq
    • EPSS Score: %0.06
    • Published: Jan. 01, 2023
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-10005

    A vulnerability was found in markdown-it up to 2.x. It has been classified as problematic. Affected is an unknown function of the file lib/common/html_re.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 3.0.0 i... Read more

    Affected Products : markdown-it
    • EPSS Score: %0.05
    • Published: Dec. 27, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-10003

    A vulnerability, which was classified as problematic, was found in FileZilla Server up to 0.9.50. This affects an unknown part of the component PORT Handler. The manipulation leads to unintended intermediary. It is possible to initiate the attack remotely... Read more

    Affected Products : filezilla_server
    • EPSS Score: %0.19
    • Published: Jul. 17, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2015-10002

    A vulnerability classified as problematic has been found in Kiddoware Kids Place. This affects the Home Button Protection. A repeated pressing of the button causes a local denial of service. It is recommended to upgrade the affected component.... Read more

    Affected Products : kids_place
    • EPSS Score: %0.05
    • Published: Mar. 28, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-10001

    The WP-Stats WordPress plugin before 2.52 does not have CSRF check when saving its settings, and did not escape some of them when outputting them, allowing attacker to make logged in high privilege users change them and set Cross-Site Scripting payloads... Read more

    Affected Products : wp-stats
    • EPSS Score: %0.10
    • Published: Nov. 01, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2015-0949

    The System Management Mode (SMM) implementation in Dell Latitude E6430 BIOS Revision A09, HP EliteBook 850 G1 BIOS revision L71 Ver. 01.09, and possibly other BIOS implementations does not ensure that function calls operate on SMRAM memory locations, whic... Read more

    • EPSS Score: %0.08
    • Published: Jan. 30, 2020
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2015-0897

    LINE for Android version 5.0.2 and earlier and LINE for iOS version 5.0.0 and earlier are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by ... Read more

    Affected Products : line line
    • EPSS Score: %0.12
    • Published: Oct. 31, 2023
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-0841

    Off-by-one error in the readBuf function in listener.cpp in libcapsinetwork and monopd before 0.9.8, allows remote attackers to cause a denial of service (crash) via a long line.... Read more

    Affected Products : monopd
    • EPSS Score: %1.37
    • Published: Dec. 09, 2019
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2015-0837

    The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Sid... Read more

    Affected Products : debian_linux libgcrypt gnupg
    • EPSS Score: %0.55
    • Published: Nov. 29, 2019
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2015-0796

    In open buildservice 2.6 before 2.6.3, 2.5 before 2.5.7 and 2.4 before 2.4.8 the source service patch application could generate non-standard files like symlinks or device nodes, which could allow buildservice users to break of confinement or cause denial... Read more

    • EPSS Score: %0.16
    • Published: Mar. 02, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-0749

    A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on the affected software. The vulnerabilities is due to improper input validation of certain parameters ... Read more

    Affected Products : unified_communications_manager
    • EPSS Score: %0.21
    • Published: Feb. 19, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2015-0565

    NaCl in 2015 allowed the CLFLUSH instruction, making rowhammer attacks possible.... Read more

    Affected Products : native_client
    • EPSS Score: %27.78
    • Published: Feb. 25, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2015-0558

    The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6, and possibly other routers, uses "1236790" and the MAC address to generate the WPA key.... Read more

    Affected Products : p.dga4001n_firmware p.dga4001n
    • EPSS Score: %0.11
    • Published: Jan. 14, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-0294

    GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate.... Read more

    Affected Products : enterprise_linux debian_linux gnutls
    • EPSS Score: %0.58
    • Published: Jan. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-0270

    Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL injection in PostgreSQL Zend\Db adapter.... Read more

    Affected Products : zend_framework framework
    • EPSS Score: %0.39
    • Published: Oct. 25, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-0258

    Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a (1) .php3, (2) .php4, (3) .php5, or (4) .phtm... Read more

    Affected Products : ubuntu_linux debian_linux collabtive
    • EPSS Score: %11.88
    • Published: Feb. 17, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-0244

    PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted bin... Read more

    Affected Products : debian_linux postgresql
    • EPSS Score: %1.08
    • Published: Jan. 27, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 292508 Results