Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2015-2207

    Multiple cross-site scripting (XSS) vulnerabilities in NetCracker Resource Management System before 8.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) ctrl, (2) t90001_0_theform_selection, (3) _scroll, (4) tableName, (... Read more

    Affected Products : resource_management_system
    • EPSS Score: %0.15
    • Published: Feb. 08, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-2204

    Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to bypass an intended access restriction and obtain sensitive information about org unit settings by leveraging failure of open-ils.actor.ou_setting.ancestor_defaul... Read more

    Affected Products : evergreen
    • EPSS Score: %0.58
    • Published: Feb. 01, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-2203

    Evergreen 2.5.9, 2.6.7, and 2.7.4 allows remote authenticated users with STAFF_LOGIN permission to obtain sensitive settings history information by leveraging listing of open-ils.pcrud as a controller in the IDL.... Read more

    Affected Products : evergreen
    • EPSS Score: %0.44
    • Published: Feb. 01, 2018
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2015-2202

    Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrative users to escalate privileges to root on the underlying OS.... Read more

    Affected Products : airwave airwave
    • EPSS Score: %0.42
    • Published: Sep. 05, 2023
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2015-2201

    Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows VisualRF remote OS command execution and file disclosure by administrative users.... Read more

    Affected Products : airwave airwave
    • EPSS Score: %0.45
    • Published: Sep. 05, 2023
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-2186

    The Ansible edxapp role in the Configuration Repo in edX allows remote websites to spoof edX accounts by leveraging use of the string literal "False" instead of a boolean False for the CORS_ORIGIN_ALLOW_ALL setting. Note: this vulnerability was fixed on 2... Read more

    Affected Products : edx-platform configuration
    • EPSS Score: %0.24
    • Published: Feb. 03, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2015-2179

    The xaviershay-dm-rails gem 0.10.3.8 for Ruby allows local users to discover MySQL credentials by listing a process and its arguments.... Read more

    Affected Products : xaviershay-dm-rails
    • EPSS Score: %0.05
    • Published: Dec. 12, 2023
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-2100

    Multiple stack-based buffer overflows in WebGate eDVR Manager and Control Center allow remote attackers to execute arbitrary code via unspecified vectors to the (1) TCPDiscover or (2) TCPDiscover2 function in the WESPDiscovery.WESPDiscoveryCtrl.1 control.... Read more

    Affected Products : control_center edvr_manager
    • EPSS Score: %2.66
    • Published: Jul. 22, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-2099

    Multiple buffer overflows in WebGate Control Center allow remote attackers to execute arbitrary code via unspecified vectors to the (1) GetRecFileInfo function in the FileConverter.FileConverterCtrl.1 control, (2) Login function in the LoginContoller.Logi... Read more

    Affected Products : control_center
    • EPSS Score: %20.07
    • Published: Jul. 22, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-2098

    Multiple stack-based buffer overflows in WebGate eDVR Manager allow remote attackers to execute arbitrary code via unspecified vectors to the (1) Connect, (2) ConnectEx, or (3) ConnectEx2 function in the WESPEvent.WESPEventCtrl.1 control; (4) AudioOnlySit... Read more

    Affected Products : edvr_manager
    • EPSS Score: %41.51
    • Published: Jul. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-2081

    Datto ALTO and SIRIS devices allow Remote Code Execution via unauthenticated requests to PHP scripts.... Read more

    • EPSS Score: %2.00
    • Published: Feb. 20, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-2074

    The File Repository Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to write to arbitrary files via a full pathname, aka SAP Note 2018681.... Read more

    Affected Products : businessobjects_edge
    • EPSS Score: %2.14
    • Published: Aug. 09, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-2073

    The File RepositoRy Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to read arbitrary files via a full pathname, aka SAP Note 2018682.... Read more

    Affected Products : businessobjects_edge
    • EPSS Score: %2.34
    • Published: Aug. 09, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2015-2062

    Multiple SQL injection vulnerabilities in the Huge-IT Slider (slider-image) plugin before 2.7.0 for WordPress allow remote administrators to execute arbitrary SQL commands via the removeslide parameter in a popup_posts or edit_cat action in the sliders_hu... Read more

    Affected Products : windows huge-it_slider
    • EPSS Score: %3.17
    • Published: Feb. 08, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2015-2060

    cabextract before 1.6 does not properly check for leading slashes when extracting files, which allows remote attackers to conduct absolute directory traversal attacks via a malformed UTF-8 character that is changed to a UTF-8 encoded slash.... Read more

    Affected Products : linux_kernel cabextract
    • EPSS Score: %9.24
    • Published: Nov. 29, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-2020

    The MyScript SDK before 1.3 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function.... Read more

    Affected Products : myscript
    • EPSS Score: %1.28
    • Published: Mar. 29, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-2009

    Cross-site request forgery (CSRF) vulnerability in the xmlrpc.cgi service in IBM QRadar SIEM 7.1 before MR2 Patch 11 Interim Fix 02 and 7.2.x before 7.2.5 Patch 4 allows remote attackers to hijack the authentication of arbitrary users for requests that in... Read more

    • EPSS Score: %0.16
    • Published: Mar. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-2004

    The GraceNote GNSDK SDK before SVN Changeset 1.1.7 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function.... Read more

    Affected Products : gnsdk
    • EPSS Score: %1.15
    • Published: Mar. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-2003

    The PJSIP PJSUA2 SDK before SVN Changeset 51322 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function.... Read more

    Affected Products : pjsua2_sdk
    • EPSS Score: %1.15
    • Published: Mar. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-2002

    The ESRI ArcGis Runtime SDK before 10.2.6-2 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function.... Read more

    Affected Products : arcgisruntime_sdk
    • EPSS Score: %1.15
    • Published: Mar. 29, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292719 Results