Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2015-6461

    Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC we... Read more

    • Published: Mar. 21, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-6458

    Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to address the vulnerability.... Read more

    Affected Products : softcms
    • Published: Mar. 21, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-6457

    Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to address the vulnerability.... Read more

    Affected Products : softcms
    • Published: Mar. 21, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2015-6253

    edx-platform before 2015-08-17 allows XSS in the Studio listing of courses.... Read more

    Affected Products : edx-platform
    • Published: Jul. 29, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-6000

    Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.3.0 and earlier allows remote authenticated users to execute arbitrary code by uploadin... Read more

    Affected Products : vtiger_crm
    • Published: Feb. 06, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-5952

    Directory traversal vulnerability in Thomson Reuters for FATCA before 5.2 allows remote attackers to execute arbitrary files via the item parameter.... Read more

    Affected Products : fatca
    • Published: Jan. 15, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2015-5951

    A file upload issue exists in the specid parameter in Thomson Reuters FATCH before 5.2, which allows malicious users to upload arbitrary PHP files to the web root and execute system commands.... Read more

    Affected Products : fatca
    • Published: Jan. 06, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-5745

    Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message.... Read more

    Affected Products : fedora qemu eos
    • Published: Jan. 23, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-5741

    The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields.... Read more

    Affected Products : enterprise_linux go openstack
    • Published: Feb. 08, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-5725

    SQL injection vulnerability in the offset method in the Active Record class in CodeIgniter before 2.2.4 allows remote attackers to execute arbitrary SQL commands via vectors involving the offset variable.... Read more

    Affected Products : codeigniter
    • Published: Feb. 21, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-5694

    Designate does not enforce the DNS protocol limit concerning record set sizes... Read more

    • Published: Nov. 22, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-5686

    Parts of the Puppet Enterprise Console 3.x were found to be susceptible to clickjacking and CSRF (Cross-Site Request Forgery) attacks. This would allow an attacker to redirect user input to an untrusted site or hijack a user session.... Read more

    Affected Products : puppet_enterprise
    • Published: Feb. 27, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-5684

    MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A buffer overflow vulnerability was reported, (fixed and publicly disclosed in 2015) in the Lenovo Service Engine (LSE), affecting various versions of BIOS for Lenovo Note... Read more

    • Published: Mar. 27, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-5674

    The routed daemon in FreeBSD 9.3 before 9.3-RELEASE-p22, 10.2-RC2 before 10.2-RC2-p1, 10.2-RC1 before 10.2-RC1-p2, 10.2 before 10.2-BETA2-p3, and 10.1 before 10.1-RELEASE-p17 allows remote authenticated users to cause a denial of service (assertion failur... Read more

    Affected Products : freebsd
    • Published: Feb. 05, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-5628

    Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earl... Read more

    • Published: Feb. 05, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-5627

    Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earl... Read more

    • Published: Feb. 05, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-5626

    Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earl... Read more

    • Published: Feb. 05, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-5617

    SQL injection vulnerability in pub/m_pending_news/delete_pending_news.jsp in Enorth Webpublisher CMS allows remote attackers to execute arbitrary SQL commands via the cbNewsId parameter.... Read more

    Affected Products : webpublisher_cms
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-5606

    Vordel XML Gateway (acquired by Axway) version 7.2.2 could allow remote attackers to cause a denial of service via a specially crafted request.... Read more

    Affected Products : vordel_xml_gateway
    • Published: Apr. 03, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-5601

    edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files.... Read more

    Affected Products : edx-platform
    • Published: Jul. 29, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 293354 Results