Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2016-10117

    Firejail does not restrict access to --tmpfs, which allows local users to gain privileges, as demonstrated by mounting over /etc.... Read more

    Affected Products : firejail
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2015-8864

    Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2016-4068.... Read more

    Affected Products : leap opensuse webmail roundcube_webmail
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2015-8284

    SeaWell Networks Spectrum SDC 02.05.00 allows remote viewer users to perform administrative functions.... Read more

    Affected Products : spectrum_sdc
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 6.8

    MEDIUM
    CVE-2015-8283

    Directory traversal vulnerability in configure_manage.php in SeaWell Networks Spectrum SDC 02.05.00.... Read more

    Affected Products : spectrum_sdc
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2015-8282

    SeaWell Networks Spectrum SDC 02.05.00 has a default password of "admin" for the "admin" account.... Read more

    Affected Products : spectrum_sdc
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2015-8272

    RTMPDump 2.4 allows remote attackers to trigger a denial of service (NULL pointer dereference and process crash).... Read more

    Affected Products : rtmpdump
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2015-8271

    The AMF3CD_AddProp function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to execute arbitrary code.... Read more

    Affected Products : rtmpdump
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2015-8270

    The AMF3ReadString function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to cause a denial of service (invalid pointer dereference and process crash).... Read more

    Affected Products : rtmpdump
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2015-8223

    Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B85, and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) by leveraging camera permissions and via crafted input to the camera driver.... Read more

    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2015-8107

    Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code.... Read more

    Affected Products : a2ps
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2015-7740

    Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B851 and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) via vectors involving an application that passes crafted input to the GPU driver.... Read more

    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2015-7565

    Cross-site scripting (XSS) vulnerability in Ember.js 1.8.x through 1.10.x, 1.11.x before 1.11.4, 1.12.x before 1.12.2, 1.13.x before 1.13.12, 2.0.x before 2.0.3, 2.1.x before 2.1.2, and 2.2.x before 2.2.1 allows remote attackers to inject arbitrary web sc... Read more

    Affected Products : ember.js
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2015-6674

    Buffer underflow vulnerability in the Debian inspircd package before 2.0.5-1+deb7u1 for wheezy and before 2.0.16-1 for jessie and sid. NOTE: This issue exists as an additional issue from an incomplete fix of CVE-2012-1836.... Read more

    Affected Products : debian_linux inspircd
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2015-1839

    modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.... Read more

    Affected Products : fedora salt
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2015-1838

    modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.... Read more

    Affected Products : fedora salt
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2014-2710

    Multiple cross-site scripting (XSS) vulnerabilities in Oliver (formerly Webshare) 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the (1) login page (index.php) or (2) login form (loginform-inc.php).... Read more

    Affected Products : oliver
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2012-6697

    InspIRCd before 2.0.7 allows remote attackers to cause a denial of service (infinite loop).... Read more

    Affected Products : debian_linux inspircd
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-7628

    The "Smart related articles" extension 1.1 for Joomla! has SQL injection in dialog.php (attacker must use search_cats variable in POST method to exploit this vulnerability).... Read more

    Affected Products : smart_related_articles
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-7627

    The "Smart related articles" extension 1.1 for Joomla! does not prevent direct requests to dialog.php (there is a missing _JEXEC check).... Read more

    Affected Products : smart_related_articles
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-7626

    The "Smart related articles" extension 1.1 for Joomla! has XSS in dialog.php (n_art,type in GET Method).... Read more

    Affected Products : smart_related_articles
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293647 Results