Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2015-8565

    Directory traversal vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via unknown vectors.... Read more

    Affected Products : joomla\!
    • EPSS Score: %0.06
    • Published: Dec. 16, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-8564

    Directory traversal vulnerability in Joomla! 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via directory traversal sequences in the XML install file in an extension package archive.... Read more

    Affected Products : joomla\!
    • EPSS Score: %0.06
    • Published: Dec. 16, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-8563

    Cross-site request forgery (CSRF) vulnerability in the com_templates component in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.... Read more

    Affected Products : joomla\!
    • EPSS Score: %0.01
    • Published: Dec. 16, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-8562

    Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.... Read more

    Affected Products : joomla\!
    • EPSS Score: %93.24
    • Published: Dec. 16, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-8476

    Multiple CRLF injection vulnerabilities in PHPMailer before 5.2.14 allow attackers to inject arbitrary SMTP commands via CRLF sequences in an (1) email address to the validateAddress function in class.phpmailer.php or (2) SMTP command to the sendCommand f... Read more

    Affected Products : debian_linux phpmailer
    • EPSS Score: %0.95
    • Published: Dec. 16, 2015
    • Modified: Apr. 12, 2025

  • 7.4

    HIGH
    CVE-2015-8370

    Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get functi... Read more

    Affected Products : fedora grub2
    • EPSS Score: %2.87
    • Published: Dec. 16, 2015
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2015-8358

    Directory traversal vulnerability in the bitrix.mpbuilder module before 1.0.12 for Bitrix allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the element name of the "work" array parameter to admin/bitrix.mpbuil... Read more

    Affected Products : mpbuilder
    • EPSS Score: %13.59
    • Published: Dec. 16, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-8357

    Directory traversal vulnerability in the bitrix.xscan module before 1.0.4 for Bitrix allows remote authenticated users to rename arbitrary files, and consequently obtain sensitive information or cause a denial of service, via a .. (dot dot) in the file pa... Read more

    Affected Products : xscan
    • EPSS Score: %4.83
    • Published: Dec. 16, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-5304

    Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.5 does not properly authorize access to shut down the server, which allows remote authenticated users with the Monitor, Deployer, or Auditor role to cause a denial of service via unspecified v... Read more

    • EPSS Score: %1.29
    • Published: Dec. 16, 2015
    • Modified: Apr. 12, 2025

  • 6.4

    MEDIUM
    CVE-2015-8579

    Kaspersky Total Security 2015 15.0.2.361 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses when protecting user-mode processes, which allows attackers to bypass the DEP and ASLR protection mechanisms via unspecified vec... Read more

    Affected Products : total_security total_security_2015
    • EPSS Score: %0.21
    • Published: Dec. 16, 2015
    • Modified: Apr. 12, 2025

  • 6.4

    MEDIUM
    CVE-2015-8578

    AVG Internet Security 2015 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses when protecting user-mode processes, which allows attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors.... Read more

    Affected Products : internet_security
    • EPSS Score: %0.24
    • Published: Dec. 16, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2015-8577

    The Buffer Overflow Protection (BOP) feature in McAfee VirusScan Enterprise before 8.8 Patch 6 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses on 32-bit platforms when protecting another application, which allows atta... Read more

    Affected Products : virusscan_enterprise
    • EPSS Score: %0.02
    • Published: Dec. 16, 2015
    • Modified: Apr. 12, 2025

  • 7.1

    HIGH
    CVE-2015-8461

    Race condition in resolver.c in named in ISC BIND 9.9.8 before 9.9.8-P2 and 9.10.3 before 9.10.3-P2 allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via unspecified vectors.... Read more

    Affected Products : bind
    • EPSS Score: %9.36
    • Published: Dec. 16, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-8000

    db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute.... Read more

    Affected Products : linux solaris bind vm_server
    • EPSS Score: %54.09
    • Published: Dec. 16, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-6425

    The WebApplications Identity Management subsystem in Cisco Unified Communications Manager 10.5(0.98000.88) allows remote attackers to cause a denial of service (subsystem outage) via invalid session tokens, aka Bug ID CSCul83786.... Read more

    Affected Products : unified_communications_manager
    • EPSS Score: %0.49
    • Published: Dec. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-7223

    The WebExtension APIs in Mozilla Firefox before 43.0 allow remote attackers to gain privileges, and possibly obtain sensitive information or conduct cross-site scripting (XSS) attacks, via a crafted web site.... Read more

    Affected Products : firefox fedora leap opensuse
    • EPSS Score: %0.74
    • Published: Dec. 16, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-7222

    Integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect memory allocati... Read more

    Affected Products : firefox firefox_esr fedora leap opensuse
    • EPSS Score: %3.35
    • Published: Dec. 16, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-7221

    Buffer overflow in the nsDeque::GrowCapacity function in xpcom/glue/nsDeque.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a deque size change.... Read more

    Affected Products : firefox fedora leap opensuse
    • EPSS Score: %1.70
    • Published: Dec. 16, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-7220

    Buffer overflow in the XDRBuffer::grow function in js/src/vm/Xdr.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code.... Read more

    Affected Products : firefox fedora leap opensuse
    • EPSS Score: %1.70
    • Published: Dec. 16, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-7219

    The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a malformed PushPromise frame that triggers decompressed-buffer length miscalcul... Read more

    Affected Products : firefox fedora leap opensuse
    • EPSS Score: %1.26
    • Published: Dec. 16, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291562 Results