Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.0

    HIGH
    CVE-2015-7698

    icewind1991 SMB before 1.0.3 allows remote authenticated users to execute arbitrary SMB commands via shell metacharacters in the user argument in the (1) listShares function in Server.php or the (2) connect or (3) read function in Share.php.... Read more

    Affected Products : owncloud smb
    • EPSS Score: %0.91
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-7299

    SQL injection vulnerability in Runtime/Runtime/AjaxCall.ashx in K2 blackpearl, smartforms, and K2 for SharePoint 4.6.7 allows remote attackers to execute arbitrary SQL commands via the xml parameter.... Read more

    • EPSS Score: %0.55
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-5954

    The virtual filesystem in ownCloud Server before 6.0.9, 7.0.x before 7.0.7, and 8.0.x before 8.0.5 does not consider that NULL is a valid getPath return value, which allows remote authenticated users to bypass intended access restrictions and gain access ... Read more

    Affected Products : owncloud owncloud_server
    • EPSS Score: %0.14
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2015-4718

    The external SMB storage driver in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 allows remote authenticated users to execute arbitrary SMB commands via a ; (semicolon) character in a file.... Read more

    Affected Products : owncloud owncloud_server
    • EPSS Score: %0.99
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-4717

    The filename sanitization component in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 does not properly handle $_GET parameters cast by PHP to an array, which allows remote attackers to cause a denial of service (infinite loop an... Read more

    Affected Products : owncloud owncloud_server
    • EPSS Score: %0.69
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-4716

    Directory traversal vulnerability in the routing component in ownCloud Server before 7.0.6 and 8.0.x before 8.0.4, when running on Windows, allows remote attackers to reinstall the application or execute arbitrary code via unspecified vectors.... Read more

    Affected Products : owncloud windows owncloud_server
    • EPSS Score: %23.32
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2015-7823

    Open redirect vulnerability in CMSPages/GetDocLink.ashx in Kentico CMS 8.2 through 8.2.41 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the link parameter.... Read more

    Affected Products : kentico kentico_cms
    • EPSS Score: %13.29
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-7822

    Multiple cross-site scripting (XSS) vulnerabilities in Kentico CMS 8.2 allow remote attackers to inject arbitrary web script or HTML via a (1) parameter name to CMSModules/AdminControls/Pages/UIPage.aspx or the (2) CMSBodyClass cookie variable to the defa... Read more

    Affected Products : kentico kentico_cms
    • EPSS Score: %0.32
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-5953

    Cross-site scripting (XSS) vulnerability in the activity application in ownCloud Server before 7.0.5 and 8.0.x before 8.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a " (double quote) character in a filename in a shared... Read more

    Affected Products : owncloud owncloud_server
    • EPSS Score: %0.18
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-7876

    The escapeLike function in sqlsrv/database.inc in the Drupal 7 driver for SQL Server and SQL Azure 7.x-1.x before 7.x-1.4 does not properly escape certain characters, which allows remote attackers to execute arbitrary SQL commands via vectors involving a ... Read more

    • EPSS Score: %0.56
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-7863

    The default configuration of Persistent Accelerite Radia Client Automation (formerly HP Client Automation) 7.9 through 9.1 before 2015-02-19 enables a remote Notify capability without the Extended Notify Security features, which might allow remote attacke... Read more

    Affected Products : radia_client_automation
    • EPSS Score: %0.23
    • Published: Oct. 19, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-7862

    Persistent Accelerite Radia Client Automation (formerly HP Client Automation) 7.9 through 9.1 before 2015-02-19 improperly implements the Role Based Access Control feature, which might allow remote attackers to modify an account's role assignments via uns... Read more

    Affected Products : radia_client_automation
    • EPSS Score: %0.24
    • Published: Oct. 19, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-7861

    Persistent Accelerite Radia Client Automation (formerly HP Client Automation), possibly before 9.1, allows remote attackers to execute arbitrary code by sending unspecified commands in an environment that lacks relationship-based firewalling.... Read more

    Affected Products : radia_client_automation
    • EPSS Score: %9.95
    • Published: Oct. 19, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-7860

    Stack-based buffer overflow in the agent in Persistent Accelerite Radia Client Automation (formerly HP Client Automation), possibly before 9.1, allows remote attackers to execute arbitrary code by sending a large amount of data in an environment that lack... Read more

    Affected Products : radia_client_automation
    • EPSS Score: %15.73
    • Published: Oct. 19, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-7752

    The SSH server in Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D10, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D35, 13.3 before 13.3R6, 14.1 before 14.1R5, 14.1X53... Read more

    Affected Products : junos junos
    • EPSS Score: %0.49
    • Published: Oct. 19, 2015
    • Modified: Apr. 12, 2025

  • 6.9

    MEDIUM
    CVE-2015-7751

    Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R7, 13.2X51 before 13.2X51-D35, 13.3 before 13.3R6, 14.1 before 14.1R5, 14.1X50 before 14.1X50-D10... Read more

    Affected Products : junos junos
    • EPSS Score: %0.04
    • Published: Oct. 19, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-7750

    The L2TP packet processing functionality in Juniper Netscreen and ScreenOS Firewall products with ScreenOS before 6.3.0r13-dnd1, 6.3.0r14 through 6.3.0r18 before 6.3.0r18-dnc1, and 6.3.0r19 allows remote attackers to cause a denial of service via a crafte... Read more

    Affected Products : screenos
    • EPSS Score: %0.46
    • Published: Oct. 19, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-7749

    The PFE daemon in Juniper vSRX virtual firewalls with Junos OS before 15.1X49-D20 allows remote attackers to cause a denial of service via an unspecified connection request to the "host-OS."... Read more

    Affected Products : junos junos
    • EPSS Score: %0.47
    • Published: Oct. 19, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-7748

    Juniper chassis with Trio (Trinity) chipset line cards and Junos OS 13.3 before 13.3R8, 14.1 before 14.1R6, 14.2 before 14.2R5, and 15.1 before 15.1R2 allow remote attackers to cause a denial of service (MPC line card crash) via a crafted uBFD packet.... Read more

    Affected Products : junos junos
    • EPSS Score: %0.52
    • Published: Oct. 19, 2015
    • Modified: Apr. 12, 2025

  • 4.9

    MEDIUM
    CVE-2015-7833

    The usbvision driver in the Linux kernel package 3.10.0-123.20.1.el7 through 3.10.0-229.14.1.el7 in Red Hat Enterprise Linux (RHEL) 7.1 allows physically proximate attackers to cause a denial of service (panic) via a nonzero bInterfaceNumber value in a US... Read more

    • EPSS Score: %0.14
    • Published: Oct. 19, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291728 Results