Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2015-7386

    Multiple cross-site scripting (XSS) vulnerabilities in includes/metaboxes.php in the Gallery - Photo Albums - Portfolio plugin 1.3.47 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) Media Title or (2) Medi... Read more

    • EPSS Score: %0.12
    • Published: Sep. 28, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-6928

    classes/admin.class.php in CubeCart 5.2.12 through 5.2.16 and 6.x before 6.0.7 does not properly validate that a password reset request was made, which allows remote attackers to change the administrator password via a recovery request with a space charac... Read more

    Affected Products : cubecart
    • EPSS Score: %0.62
    • Published: Sep. 28, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-5082

    Endian Firewall before 3.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) NEW_PASSWORD_1 or (2) NEW_PASSWORD_2 parameter to cgi-bin/chpasswd.cgi.... Read more

    Affected Products : firewall endian_firewall
    • EPSS Score: %86.67
    • Published: Sep. 28, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-7383

    Multiple cross-site scripting (XSS) vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge through 2015-04-28 allow remote attackers to inject arbitrary web script or HTML via the (1) adminUserName, (2) pathToMYSQL, (3) da... Read more

    Affected Products : refbase
    • EPSS Score: %0.50
    • Published: Sep. 28, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-7382

    SQL injection vulnerability in install.php in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to execute arbitrary SQL commands via the defaultCharacterSet parameter, a different issue than CVE-2015-6009.... Read more

    Affected Products : refbase
    • EPSS Score: %1.93
    • Published: Sep. 28, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-7381

    Multiple PHP remote file inclusion vulnerabilities in install.php in Web Reference Database (aka refbase) through 0.9.6 allow remote attackers to execute arbitrary PHP code via the (1) pathToMYSQL or (2) databaseStructureFile parameter, a different issue ... Read more

    Affected Products : refbase
    • EPSS Score: %3.08
    • Published: Sep. 28, 2015
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2015-6463

    CodeWrights HART Comm DTM components, as used with Endress+Hauser FieldCare, allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a longtag XML schema contain... Read more

    Affected Products : hart_comm_dtm hart_comm_dtm
    • EPSS Score: %0.12
    • Published: Sep. 28, 2015
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2015-6307

    Cisco FirePOWER (formerly Sourcefire) 7000 and 8000 devices with software 5.4.0.1 allow remote attackers to cause a denial of service (inspection-engine outage) via crafted packets, aka Bug ID CSCuu10871.... Read more

    Affected Products : firesight_system_software firepower
    • EPSS Score: %0.10
    • Published: Sep. 28, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-6280

    The SSHv2 functionality in Cisco IOS 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.6E before 3.6.3E, 3.7E before 3.7.1E, 3.10S before 3.10.6S, 3.11S before 3.11.4S, 3.12S before 3.12.3S, 3.13S before 3.13.3S, and 3.14S before 3.14.1S does not properly implement... Read more

    Affected Products : ios_xe ios
    • EPSS Score: %1.16
    • Published: Sep. 28, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-6279

    The IPv6 snooping functionality in the first-hop security subsystem in Cisco IOS 12.2, 15.0, 15.1, 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.2SE, 3.3SE, 3.3XO, 3.4SG, 3.5E, and 3.6E before 3.6.3E; 3.7E before 3.7.2E; 3.9S and 3.10S before 3.10.6S; 3.11S bef... Read more

    Affected Products : ios_xe ios
    • EPSS Score: %0.58
    • Published: Sep. 28, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-6278

    The IPv6 snooping functionality in the first-hop security subsystem in Cisco IOS 12.2, 15.0, 15.1, 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.2SE, 3.3SE, 3.3XO, 3.4SG, 3.5E, and 3.6E before 3.6.3E; 3.7E before 3.7.2E; 3.9S and 3.10S before 3.10.6S; 3.11S bef... Read more

    Affected Products : ios_xe ios
    • EPSS Score: %0.58
    • Published: Sep. 28, 2015
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2015-6012

    Multiple open redirect vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge before 2015-01-08 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the referrer parameter.... Read more

    Affected Products : refbase
    • EPSS Score: %0.36
    • Published: Sep. 28, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-6011

    Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge before 2015-01-08 allows remote attackers to conduct XML injection attacks via (1) the id parameter to unapi.php or (2) the stylesheet parameter to sru.php.... Read more

    Affected Products : refbase
    • EPSS Score: %0.36
    • Published: Sep. 28, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6010

    Multiple cross-site scripting (XSS) vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge before 2015-01-08 allow remote attackers to inject arbitrary web script or HTML via the (1) errorNo or (2) errorMsg parameter to er... Read more

    Affected Products : refbase
    • EPSS Score: %0.50
    • Published: Sep. 28, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-6009

    Multiple SQL injection vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 allow remote attackers to execute arbitrary SQL commands via (1) the where parameter to rss.php or (2) the sqlQuery parameter to search.php, a different issue tha... Read more

    Affected Products : refbase
    • EPSS Score: %1.63
    • Published: Sep. 28, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-6008

    install.php in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to execute arbitrary commands via the adminPassword parameter, a different issue than CVE-2015-7381.... Read more

    Affected Products : refbase
    • EPSS Score: %9.01
    • Published: Sep. 28, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-6007

    Cross-site request forgery (CSRF) vulnerability in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to hijack the authentication of arbitrary users.... Read more

    Affected Products : refbase
    • EPSS Score: %0.10
    • Published: Sep. 28, 2015
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2015-3974

    EasyIO EasyIO-30P-SF controllers with firmware before 0.5.21 and 2.x before 2.0.5.21, as used in Accutrol, Bar-Tech Automation, Infocon/EasyIO, Honeywell Automation India, Johnson Controls, SyxthSENSE, Transformative Wave Technologies, Tridium Asia Pacifi... Read more

    • EPSS Score: %0.43
    • Published: Sep. 28, 2015
    • Modified: Apr. 12, 2025

  • 6.9

    MEDIUM
    CVE-2014-9202

    Multiple stack-based buffer overflows in an unspecified DLL file in Advantech WebAccess before 8.0_20150816 allow remote attackers to execute arbitrary code via a crafted file that triggers long string arguments to functions.... Read more

    Affected Products : webaccess advantech_webaccess
    • EPSS Score: %0.27
    • Published: Sep. 28, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6475

    Multiple cross-site scripting (XSS) vulnerabilities in IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : danfoss_tlx_pro\+ servemaster_tlp\+
    • EPSS Score: %0.49
    • Published: Sep. 26, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291728 Results