Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2015-3612

    A Cross-site Scripting (XSS) vulnerability exists in FortiManager 5.2.1 and earlier and 5.0.10 and earlier via an unspecified parameter in the FortiWeb auto update service page.... Read more

    Affected Products : fortimanager
    • Published: Feb. 04, 2020
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2015-3611

    A Command Injection vulnerability exists in FortiManager 5.2.1 and earlier and FortiManager 5.0.10 and earlier via unspecified vectors, which could let a malicious user run systems commands when executing a report.... Read more

    Affected Products : fortimanager
    • Published: Feb. 04, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-3425

    Cross-site scripting (XSS) vulnerability in Accentis Content Resource Management System before October 2015 patch allows remote attackers to inject arbitrary web script or HTML via the ctl00$cph_content$_uig_formState parameter.... Read more

    • Published: Dec. 09, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-3424

    SQL injection vulnerability in Accentis Content Resource Management System before the October 2015 patch allows remote attackers to execute arbitrary SQL commands via the SIDX parameter.... Read more

    • Published: Dec. 09, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-3423

    Multiple SQL injection vulnerabilities in NetCracker Resource Management System before 8.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) ctrl, (2) h____%2427, (3) h____%2439, (4) param0, (5) param1, (6) param2, (7) param3,... Read more

    Affected Products : resource_management_system
    • Published: Feb. 08, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-3406

    The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsigned portion of a SIGNATURE file to be treated as the signed portion via unspecified vectors.... Read more

    Affected Products : ubuntu_linux module-signature
    • Published: Nov. 29, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-3309

    Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.2 through 1.5.4 allows remote attackers to read arbitrary files with permissions of the user running the service via a .. (dot dot) in the path parameter of HTTP API requests. NOTE:... Read more

    Affected Products : etherpad
    • Published: Feb. 13, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-3298

    Yubico ykneo-openpgp before 1.0.10 has a typo in which an invalid PIN can be used. When first powered up, a signature will be issued even though the PIN has not been validated.... Read more

    Affected Products : ykneo-openpgp
    • Published: Mar. 30, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2015-3207

    In Openshift Origin 3 the cookies being set in console have no 'secure', 'HttpOnly' attributes.... Read more

    Affected Products : origin
    • Published: Jul. 07, 2022
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2015-3173

    custom-content-type-manager Wordpress plugin can be used by an administrator to achieve arbitrary PHP remote code execution.... Read more

    Affected Products : custom_content_type_manager
    • Published: Jul. 06, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2015-3172

    EidoGo is susceptible to Cross-Site Scripting (XSS) attacks via maliciously crafted SGF input.... Read more

    Affected Products : eidogo
    • Published: Jul. 06, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-3167

    contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a br... Read more

    Affected Products : ubuntu_linux debian_linux postgresql
    • Published: Nov. 20, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-3166

    The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other... Read more

    Affected Products : ubuntu_linux debian_linux postgresql
    • Published: Nov. 20, 2019
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2015-3159

    The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) does not properly handle the process environment before invoking abrt-action-install-debuginfo, which allows local users to gain privileges.... Read more

    Affected Products : automatic_bug_reporting_tool
    • Published: Jan. 14, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-3154

    CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the... Read more

    Affected Products : zend_framework
    • Published: Jan. 27, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2015-3151

    Directory traversal vulnerability in abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to read, write to, or change ownership of arbitrary files via unspecified vectors to the (1) NewProblem, (2) GetInfo, (3) SetElement, or (4) DeleteEle... Read more

    Affected Products : automatic_bug_reporting_tool
    • Published: Jan. 14, 2020
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2015-3150

    abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to delete or change the ownership of arbitrary files via the problem directory argument to the (1) ChownProblemDir, (2) DeleteElement, or (3) DeleteProblem method.... Read more

    Affected Products : automatic_bug_reporting_tool
    • Published: Jan. 14, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-3147

    daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/a... Read more

    • Published: Jan. 14, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-3140

    Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies SynaMan before 3.5 Build 1451, Syncrify before 3.7 Build 856, and SynTail before 1.5 Build 567... Read more

    Affected Products : synaman syncrify syntail
    • Published: Nov. 21, 2019
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2015-3006

    On the QFX3500 and QFX3600 platforms, the number of bytes collected from the RANDOM_INTERRUPT entropy source when the device boots up is insufficient, possibly leading to weak or duplicate SSH keys or self-signed SSL/TLS certificates. Entropy increases af... Read more

    Affected Products : junos qfx3500 qfx3600 junos
    • Published: Feb. 28, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 292763 Results