Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2015-2689

    Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle pending-connection resolve states during periods of high DNS load, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets.... Read more

    Affected Products : tor
    • EPSS Score: %0.65
    • Published: Jan. 24, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-2688

    buf_pullup in Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle unexpected arrival times of buffers with invalid layouts, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted pac... Read more

    Affected Products : tor
    • EPSS Score: %0.57
    • Published: Jan. 24, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-2329

    Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted order.... Read more

    Affected Products : woocommerce
    • EPSS Score: %0.26
    • Published: Feb. 08, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2015-2326

    The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a ... Read more

    Affected Products : mariadb php opensuse pcre
    • EPSS Score: %0.26
    • Published: Jan. 14, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2015-2325

    The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group co... Read more

    Affected Products : mariadb php opensuse pcre
    • EPSS Score: %0.66
    • Published: Jan. 14, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2015-2324

    Cross-site scripting (XSS) vulnerability in the filemanager in the Photo Gallery plugin before 1.2.13 for WordPress allows remote authenticated users with edit permission to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : photo_gallery
    • EPSS Score: %0.12
    • Published: Feb. 19, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-2320

    The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback.... Read more

    Affected Products : debian_linux mono
    • EPSS Score: %4.83
    • Published: Jan. 08, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-2319

    The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204.... Read more

    Affected Products : mono
    • EPSS Score: %0.87
    • Published: Jan. 08, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2015-2318

    The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue.... Read more

    Affected Products : debian_linux mono
    • EPSS Score: %1.29
    • Published: Jan. 08, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-2298

    node/utils/ExportEtherpad.js in Etherpad 1.5.x before 1.5.2 might allow remote attackers to obtain sensitive information by leveraging an improper substring check when exporting a padID.... Read more

    Affected Products : etherpad
    • EPSS Score: %0.32
    • Published: Jan. 12, 2018
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2015-2254

    Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to capture and change patch loading information resulting in the deletion of directory files and compromise of system functions when loading a patch.... Read more

    • EPSS Score: %0.28
    • Published: Mar. 13, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2015-2249

    Zimbra Collaboration before 8.6.0 patch5 has XSS.... Read more

    Affected Products : zimbra_collaboration_server
    • EPSS Score: %0.70
    • Published: Jan. 27, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-2230

    Synacor Zimbra Collaboration Server 8.x before 8.7.0 has Reflected XSS in admin console.... Read more

    Affected Products : zimbra_collaboration_server
    • EPSS Score: %0.86
    • Published: May. 30, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2015-2207

    Multiple cross-site scripting (XSS) vulnerabilities in NetCracker Resource Management System before 8.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) ctrl, (2) t90001_0_theform_selection, (3) _scroll, (4) tableName, (... Read more

    Affected Products : resource_management_system
    • EPSS Score: %0.15
    • Published: Feb. 08, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-2204

    Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to bypass an intended access restriction and obtain sensitive information about org unit settings by leveraging failure of open-ils.actor.ou_setting.ancestor_defaul... Read more

    Affected Products : evergreen
    • EPSS Score: %0.58
    • Published: Feb. 01, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-2203

    Evergreen 2.5.9, 2.6.7, and 2.7.4 allows remote authenticated users with STAFF_LOGIN permission to obtain sensitive settings history information by leveraging listing of open-ils.pcrud as a controller in the IDL.... Read more

    Affected Products : evergreen
    • EPSS Score: %0.44
    • Published: Feb. 01, 2018
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2015-2202

    Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrative users to escalate privileges to root on the underlying OS.... Read more

    Affected Products : airwave airwave
    • EPSS Score: %0.42
    • Published: Sep. 05, 2023
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2015-2201

    Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows VisualRF remote OS command execution and file disclosure by administrative users.... Read more

    Affected Products : airwave airwave
    • EPSS Score: %0.45
    • Published: Sep. 05, 2023
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-2186

    The Ansible edxapp role in the Configuration Repo in edX allows remote websites to spoof edX accounts by leveraging use of the string literal "False" instead of a boolean False for the CORS_ORIGIN_ALLOW_ALL setting. Note: this vulnerability was fixed on 2... Read more

    Affected Products : edx-platform configuration
    • EPSS Score: %0.24
    • Published: Feb. 03, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2015-2179

    The xaviershay-dm-rails gem 0.10.3.8 for Ruby allows local users to discover MySQL credentials by listing a process and its arguments.... Read more

    Affected Products : xaviershay-dm-rails
    • EPSS Score: %0.05
    • Published: Dec. 12, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 292732 Results