Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.7

    MEDIUM
    CVE-2015-8339

    The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly hand back pages to a domain, which might allow guest OS administrators to cause a denial of service (host crash) via unspecified vectors related to domain teardow... Read more

    Affected Products : xen
    • EPSS Score: %0.10
    • Published: Dec. 17, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-8338

    Xen 4.6.x and earlier does not properly enforce limits on page order inputs for the (1) XENMEM_increase_reservation, (2) XENMEM_populate_physmap, (3) XENMEM_exchange, and possibly other HYPERVISOR_memory_op suboperations, which allows ARM guest OS adminis... Read more

    Affected Products : xen
    • EPSS Score: %0.20
    • Published: Dec. 17, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-8327

    Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job.... Read more

    • EPSS Score: %16.92
    • Published: Dec. 17, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-7527

    lib/core.php in the Cool Video Gallery plugin 1.9 for WordPress allows remote attackers to execute arbitrary code via shell metacharacters in the "Width of preview image" and possibly other input fields in the "Video Gallery Settings" page.... Read more

    Affected Products : cool_video_gallery
    • EPSS Score: %5.38
    • Published: Dec. 17, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-7518

    Multiple cross-site scripting (XSS) vulnerabilities in information popups in Foreman before 1.10.0 allow remote attackers to inject arbitrary web script or HTML via (1) global parameters, (2) smart class parameters, or (3) smart variables in the (a) host ... Read more

    Affected Products : foreman
    • EPSS Score: %0.26
    • Published: Dec. 17, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-5277

    The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS file... Read more

    • EPSS Score: %0.09
    • Published: Dec. 17, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-5204

    CRLF injection vulnerability in the Apache Cordova File Transfer Plugin (cordova-plugin-file-transfer) for Android before 1.3.0 allows remote attackers to inject arbitrary headers via CRLF sequences in the filename of an uploaded file.... Read more

    Affected Products : cordova_file_transfer
    • EPSS Score: %1.41
    • Published: Dec. 17, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-4027

    The AcuWVSSchedulerv10 service in Acunetix Web Vulnerability Scanner (WVS) before 10 build 20151125 allows local users to gain privileges via a command parameter in the reporttemplate property in a params JSON object to api/addScan.... Read more

    Affected Products : web_vulnerability_scanner
    • EPSS Score: %1.00
    • Published: Dec. 17, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-8580

    Multiple use-after-free vulnerabilities in the (1) Print method and (2) App object handling in Foxit Reader before 7.2.2 and Foxit PhantomPDF before 7.2.2 allow remote attackers to execute arbitrary code via a crafted PDF document.... Read more

    Affected Products : foxit_reader phantompdf
    • EPSS Score: %0.52
    • Published: Dec. 16, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-8566

    The Session package 1.x before 1.3.1 for Joomla! Framework allows remote attackers to execute arbitrary code via unspecified session values.... Read more

    Affected Products : session
    • EPSS Score: %1.87
    • Published: Dec. 16, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-8565

    Directory traversal vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via unknown vectors.... Read more

    Affected Products : joomla\!
    • EPSS Score: %0.06
    • Published: Dec. 16, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-8564

    Directory traversal vulnerability in Joomla! 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via directory traversal sequences in the XML install file in an extension package archive.... Read more

    Affected Products : joomla\!
    • EPSS Score: %0.06
    • Published: Dec. 16, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-8563

    Cross-site request forgery (CSRF) vulnerability in the com_templates component in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.... Read more

    Affected Products : joomla\!
    • EPSS Score: %0.01
    • Published: Dec. 16, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-8562

    Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.... Read more

    Affected Products : joomla\!
    • EPSS Score: %93.24
    • Published: Dec. 16, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-8476

    Multiple CRLF injection vulnerabilities in PHPMailer before 5.2.14 allow attackers to inject arbitrary SMTP commands via CRLF sequences in an (1) email address to the validateAddress function in class.phpmailer.php or (2) SMTP command to the sendCommand f... Read more

    Affected Products : debian_linux phpmailer
    • EPSS Score: %0.95
    • Published: Dec. 16, 2015
    • Modified: Apr. 12, 2025

  • 7.4

    HIGH
    CVE-2015-8370

    Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get functi... Read more

    Affected Products : fedora grub2
    • EPSS Score: %2.87
    • Published: Dec. 16, 2015
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2015-8358

    Directory traversal vulnerability in the bitrix.mpbuilder module before 1.0.12 for Bitrix allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the element name of the "work" array parameter to admin/bitrix.mpbuil... Read more

    Affected Products : mpbuilder
    • EPSS Score: %13.59
    • Published: Dec. 16, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-8357

    Directory traversal vulnerability in the bitrix.xscan module before 1.0.4 for Bitrix allows remote authenticated users to rename arbitrary files, and consequently obtain sensitive information or cause a denial of service, via a .. (dot dot) in the file pa... Read more

    Affected Products : xscan
    • EPSS Score: %4.83
    • Published: Dec. 16, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-5304

    Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.5 does not properly authorize access to shut down the server, which allows remote authenticated users with the Monitor, Deployer, or Auditor role to cause a denial of service via unspecified v... Read more

    • EPSS Score: %1.29
    • Published: Dec. 16, 2015
    • Modified: Apr. 12, 2025

  • 6.4

    MEDIUM
    CVE-2015-8579

    Kaspersky Total Security 2015 15.0.2.361 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses when protecting user-mode processes, which allows attackers to bypass the DEP and ASLR protection mechanisms via unspecified vec... Read more

    Affected Products : total_security total_security_2015
    • EPSS Score: %0.21
    • Published: Dec. 16, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291712 Results