Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2014-7916

    Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15342751.... Read more

    Affected Products : android
    • EPSS Score: %0.22
    • Published: Oct. 01, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-7915

    Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15328708.... Read more

    Affected Products : android
    • EPSS Score: %0.22
    • Published: Oct. 01, 2015
    • Modified: Apr. 12, 2025

  • 6.9

    MEDIUM
    CVE-2015-5950

    The NVIDIA display driver R352 before 353.82 and R340 before 341.81 on Windows; R304 before 304.128, R340 before 340.93, and R352 before 352.41 on Linux; and R352 before 352.46 on GRID vGPU and vSGA allows local users to write to an arbitrary kernel memor... Read more

    Affected Products : windows gpu_driver display_driver
    • EPSS Score: %0.05
    • Published: Sep. 30, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-5435

    Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 3 before 1.85 and 4 before 2.22 allows remote authenticated users to cause a denial of service via unknown vectors.... Read more

    • EPSS Score: %0.26
    • Published: Sep. 30, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-7604

    Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.2.x before 6.2.6 and Splunk Light 6.2.x before 6.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : splunk
    • EPSS Score: %0.26
    • Published: Sep. 29, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-7603

    Directory traversal vulnerability in Konica Minolta FTP Utility 1.0 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in a RETR command.... Read more

    Affected Products : ftp_utility
    • EPSS Score: %68.14
    • Published: Sep. 29, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-7602

    Directory traversal vulnerability in BisonWare BisonFTP 3.5 allows remote attackers to read arbitrary files via a ../ (dot dot slash) in a RETR command.... Read more

    Affected Products : bisonftp
    • EPSS Score: %52.58
    • Published: Sep. 29, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-7601

    Directory traversal vulnerability in PCMan's FTP Server 2.0.7 allows remote attackers to read arbitrary files via a ..// (dot dot double slash) in a RETR command.... Read more

    Affected Products : pcman\'s_ftp_server
    • EPSS Score: %52.58
    • Published: Sep. 29, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-7337

    The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to execute arbitrary JavaScript code via a crafted file, which triggers a redirect to files/, related to MIME types.... Read more

    Affected Products : notebook ipython notebook
    • EPSS Score: %0.78
    • Published: Sep. 29, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-7320

    Multiple cross-site scripting (XSS) vulnerabilities in cpabc_appointments_admin_int_bookings_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified v... Read more

    Affected Products : appointment_booking_calendar
    • EPSS Score: %0.22
    • Published: Sep. 29, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-7319

    SQL injection vulnerability in cpabc_appointments_admin_int_calendar_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to updating t... Read more

    Affected Products : appointment_booking_calendar
    • EPSS Score: %0.42
    • Published: Sep. 29, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-5076

    Multiple cross-site scripting (XSS) vulnerabilities in X2Engine X2CRM before 5.0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) version parameter in protected/views/admin/formEditor.php; the (2) importId parameter in protected... Read more

    Affected Products : x2crm
    • EPSS Score: %0.30
    • Published: Sep. 29, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-5075

    Cross-site request forgery (CSRF) vulnerability in X2Engine X2CRM before 5.2 allows remote attackers to hijack the authentication of administrators for requests that create an administrative account via a crafted request to index.php/users/create.... Read more

    Affected Products : x2crm
    • EPSS Score: %0.97
    • Published: Sep. 29, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-5074

    Incomplete blacklist vulnerability in the FileUploadsFilter class in protected/components/filters/FileUploadsFilter.php in X2Engine X2CRM before 5.0.9 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a .pht extensio... Read more

    Affected Products : x2crm
    • EPSS Score: %12.90
    • Published: Sep. 29, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-0299

    Multiple cross-site scripting (XSS) vulnerabilities in Open Source Point of Sale 2.3.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : open_source_point_of_sale
    • EPSS Score: %0.16
    • Published: Sep. 29, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-5711

    TIBCO Managed File Transfer Internet Server before 7.2.5, Managed File Transfer Command Center before 7.2.5, Slingshot before 1.9.4, and Vault before 2.0.1 allow remote authenticated users to obtain sensitive information via a crafted HTTP request.... Read more

    • EPSS Score: %0.07
    • Published: Sep. 29, 2015
    • Modified: Apr. 12, 2025

  • 4.6

    MEDIUM
    CVE-2015-5442

    Unspecified vulnerability in HP Software Update before 5.005.002.002 allows local users to gain privileges via unknown vectors.... Read more

    Affected Products : software_update
    • EPSS Score: %0.09
    • Published: Sep. 29, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-0852

    Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window.... Read more

    Affected Products : freeimage
    • EPSS Score: %2.31
    • Published: Sep. 29, 2015
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2015-6927

    vzctl before 4.9.4 determines the virtual environment (VE) layout based on the presence of root.hdd/DiskDescriptor.xml in the VE private directory, which allows local simfs container (CT) root users to change the root password for arbitrary ploop containe... Read more

    Affected Products : vzctl
    • EPSS Score: %0.08
    • Published: Sep. 28, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-6806

    The MScrollV function in ansi.c in GNU screen 4.3.1 and earlier does not properly limit recursion, which allows remote attackers to cause a denial of service (stack consumption) via an escape sequence with a large repeat count value.... Read more

    Affected Products : screen gnu_screen
    • EPSS Score: %0.64
    • Published: Sep. 28, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291638 Results