Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2015-6962

    SQL injection vulnerability in the web application in Farol allows remote attackers to execute arbitrary SQL commands via the email parameter to tkmonitor/estrutura/login/Login.actions.php.... Read more

    Affected Products : farol
    • EPSS Score: %0.83
    • Published: Sep. 17, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-6973

    Multiple cross-site request forgery (CSRF) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password via a crafted request to user-password.jsp, (2) add... Read more

    Affected Products : openfire
    • EPSS Score: %14.21
    • Published: Sep. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6972

    Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to inject arbitrary web script or HTML via the (1) groupchatName parameter to plugins/clientcontrol/create-bookmark.jsp; the (2) urlName paramete... Read more

    Affected Products : openfire
    • EPSS Score: %5.18
    • Published: Sep. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6929

    Multiple cross-site scripting (XSS) vulnerabilities in Nokia Networks (formerly Nokia Solutions and Networks and Nokia Siemens Networks) @vantage Commander allow remote attackers to inject arbitrary web script or HTML via the (1) idFilter or (2) nameFilte... Read more

    Affected Products : \@vantage_commander
    • EPSS Score: %0.18
    • Published: Sep. 16, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-5465

    Silicon Integrated Systems WindowsXP Display Manager (aka VGA Driver Manager and VGA Display Manager) 6.14.10.3930 allows local users to gain privileges via a crafted (1) 0x96002400 or (2) 0x96002404 IOCTL call.... Read more

    Affected Products : windows_vga_display_manager
    • EPSS Score: %0.61
    • Published: Sep. 16, 2015
    • Modified: Apr. 12, 2025

  • 6.4

    MEDIUM
    CVE-2015-3623

    XML external entity (XXE) vulnerability in QlikTech Qlikview before 11.20 SR12 allows remote attackers to conduct server-side request forgery (SSRF) attacks and read arbitrary files via crafted XML data in a request to AccessPoint.aspx.... Read more

    Affected Products : qlikview
    • EPSS Score: %4.66
    • Published: Sep. 16, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-1173

    Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 does not properly restrict access to the (1) Design Mode and (2) Debug Logger mode modules, which allows remote attackers to gain privileges via crafted "received parameters."... Read more

    Affected Products : teta_web
    • EPSS Score: %0.39
    • Published: Sep. 16, 2015
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2014-8778

    Checkmarx CxSAST (formerly CxSuite) before 7.1.8 allows remote authenticated users to bypass the CxQL sandbox protection mechanism and execute arbitrary C# code by asserting the (1) System.Security.Permissions.PermissionState.Unrestricted or (2) System.Se... Read more

    Affected Products : cxsast
    • EPSS Score: %0.57
    • Published: Sep. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6969

    Cross-site scripting (XSS) vulnerability in js/2k11.min.js in the 2k11 theme in Serendipity before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via a user name in a comment, which is not properly handled in a Reply link.... Read more

    Affected Products : serendipity
    • EPSS Score: %0.34
    • Published: Sep. 16, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-6968

    Multiple incomplete blacklist vulnerabilities in the serendipity_isActiveFile function in include/functions_images.inc.php in Serendipity before 2.0.2 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .pht or (2... Read more

    Affected Products : serendipity
    • EPSS Score: %0.81
    • Published: Sep. 16, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-6967

    Unrestricted file upload vulnerability in the My Image plugin in Nibbleblog before 4.0.5 allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in content... Read more

    Affected Products : nibbleblog
    • EPSS Score: %86.92
    • Published: Sep. 16, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-6966

    Multiple cross-site request forgery (CSRF) vulnerabilities in Nibbleblog before 4.0.5 allow remote attackers to hijack the authentication of administrators for requests that (1) create a post via a new_simple action to admin.php or (2) conduct cross-site ... Read more

    Affected Products : nibbleblog
    • EPSS Score: %0.13
    • Published: Sep. 16, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-6965

    Multiple cross-site request forgery (CSRF) vulnerabilities in the Contact Form Generator plugin 2.0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) create a field, (2) update a field,... Read more

    Affected Products : contact_form_generator
    • EPSS Score: %0.46
    • Published: Sep. 16, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-6829

    Multiple SQL injection vulnerabilities in the getip function in wp-limit-login-attempts.php in the WP Limit Login Attempts plugin before 2.0.1 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) X-Forwarded-For or (2) Client... Read more

    Affected Products : wp_limit_login_attempts
    • EPSS Score: %0.50
    • Published: Sep. 16, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-6828

    The tweet_info function in class/__functions.php in the SecureMoz Security Audit plugin 1.0.5 and earlier for WordPress does not use an HTTPS session for downloading serialized data, which allows man-in-the-middle attackers to conduct PHP object injection... Read more

    Affected Products : security_audit
    • EPSS Score: %0.44
    • Published: Sep. 16, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-5956

    The sanitizeLocalUrl function in TYPO3 6.x before 6.2.15, 7.x before 7.4.0, 4.5.40, and earlier allows remote authenticated users to bypass the XSS filter and conduct cross-site scripting (XSS) attacks via a base64 encoded data URI, as demonstrated by the... Read more

    Affected Products : typo3
    • EPSS Score: %0.14
    • Published: Sep. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.9

    MEDIUM
    CVE-2015-5440

    HP UCMDB 10.00 and 10.01 before 10.01CUP12, 10.10 and 10.11 before 10.11CUP6, and 10.2x before 10.21 allows local users to obtain sensitive information via unspecified vectors.... Read more

    • EPSS Score: %0.77
    • Published: Sep. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-2136

    HP ArcSight Logger before 6.0 P2 allows remote authenticated users to bypass the intended authorization policy via unspecified vectors.... Read more

    Affected Products : arcsight_logger
    • EPSS Score: %0.14
    • Published: Sep. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.6

    MEDIUM
    CVE-2015-5426

    Unspecified vulnerability in HP LoadRunner Controller before 12.50 allows local users to gain privileges via unknown vectors, aka ZDI-CAN-2756.... Read more

    Affected Products : loadrunner
    • EPSS Score: %0.10
    • Published: Sep. 16, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-6949

    Stack-based buffer overflow in the ASUS TM-AC1900 router allows remote attackers to execute arbitrary code via crafted HTTP header values.... Read more

    Affected Products : tm-1900
    • EPSS Score: %6.02
    • Published: Sep. 15, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291564 Results