Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2015-6733

    GeSHi, as used in the SyntaxHighlight_GeSHi extension and MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2, allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors.... Read more

    Affected Products : mediawiki
    • EPSS Score: %1.61
    • Published: Sep. 01, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6732

    Multiple cross-site scripting (XSS) vulnerabilities in the SemanticForms extension for MediaWiki allow remote attackers to inject arbitrary web script or HTML via the (1) wpSummary parameter to Special:FormEdit, the (2) "Template label (optional)" field i... Read more

    Affected Products : semanticforms
    • EPSS Score: %0.65
    • Published: Sep. 01, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6731

    Multiple cross-site scripting (XSS) vulnerabilities in the SemanticForms extension for MediaWiki allow remote attackers to inject arbitrary web script or HTML via a (1) section_*, (2) template_*, (3) label_*, or (4) new_template parameter to Special:Creat... Read more

    Affected Products : semanticforms
    • EPSS Score: %0.48
    • Published: Sep. 01, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6730

    Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter, which is not properly handled in an error... Read more

    Affected Products : mediawiki
    • EPSS Score: %0.41
    • Published: Sep. 01, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6729

    Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the rel404 parameter, which is not properly handled in an ... Read more

    Affected Products : mediawiki
    • EPSS Score: %0.41
    • Published: Sep. 01, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-6728

    The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection vi... Read more

    Affected Products : mediawiki
    • EPSS Score: %0.20
    • Published: Sep. 01, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-6727

    The Special:DeletedContributions page in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to determine if an IP is autoblocked via the "Change block" text.... Read more

    Affected Products : ubuntu_linux mediawiki
    • EPSS Score: %0.60
    • Published: Sep. 01, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-6520

    IPPUSBXD before 1.22 listens on all interfaces, which allows remote attackers to obtain access to USB connected printers via a direct request.... Read more

    Affected Products : ippusbxd
    • EPSS Score: %0.82
    • Published: Sep. 01, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-2807

    Cross-site scripting (XSS) vulnerability in js/window.php in the Navis DocumentCloud plugin before 0.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter.... Read more

    Affected Products : navis_documentcloud
    • EPSS Score: %6.89
    • Published: Sep. 01, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2013-7444

    The Special:Contributions page in MediaWiki before 1.22.0 allows remote attackers to determine if an IP is autoblocked via the "Change block" text.... Read more

    Affected Products : mediawiki
    • EPSS Score: %0.60
    • Published: Sep. 01, 2015
    • Modified: Apr. 12, 2025

  • 4.9

    MEDIUM
    CVE-2015-6526

    The perf_callchain_user_64 function in arch/powerpc/perf/callchain.c in the Linux kernel before 4.0.2 on ppc64 platforms allows local users to cause a denial of service (infinite loop) via a deep 64-bit userspace backtrace.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.04
    • Published: Aug. 31, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-6272

    Cisco IOS XE 2.1.0 through 2.2.3 and 2.3.0 on ASR 1000 devices, when NAT Application Layer Gateway is used, allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted H.323 packet, aka Bug ID CSCsx35393, CSCsx07... Read more

    • EPSS Score: %0.43
    • Published: Aug. 31, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-6271

    Cisco IOS XE 2.1.0 through 2.4.3 and 2.5.0 on ASR 1000 devices, when NAT Application Layer Gateway is used, allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted SIP packet, aka Bug IDs CSCta74749 and CSCta... Read more

    • EPSS Score: %0.43
    • Published: Aug. 31, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-6270

    Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted IPv6 packet, aka Bug ID CSCsv98555.... Read more

    • EPSS Score: %0.43
    • Published: Aug. 31, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-6269

    Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted (1) IPv4 or (2) IPv6 packet, aka Bug ID CSCsw69990.... Read more

    • EPSS Score: %0.43
    • Published: Aug. 31, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-4036

    Array index error in the tcm_vhost_make_tpg function in drivers/vhost/scsi.c in the Linux kernel before 4.0 might allow guest OS users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted VHOST_SCSI_SET_... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.10
    • Published: Aug. 31, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-2135

    Unspecified vulnerability in HP Intelligent Provisioning 1.00 through 1.62(a), 2.00, and 2.10 allows remote attackers to execute arbitrary code via unknown vectors.... Read more

    Affected Products : intelligent_provisioning
    • EPSS Score: %25.87
    • Published: Aug. 31, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-6754

    Cross-site scripting (XSS) vulnerability in the administration interface in the Path Breadcrumbs module 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "Administer Path Breadcrumbs" permission to inject arbitrary web script or... Read more

    Affected Products : path_breadcrumbs
    • EPSS Score: %0.18
    • Published: Aug. 31, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-6753

    Multiple cross-site scripting (XSS) vulnerabilities in the Quick Edit module 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via an (1) entity title, related to in-place ed... Read more

    Affected Products : quick_edit
    • EPSS Score: %0.14
    • Published: Aug. 31, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-6655

    Cross-site request forgery (CSRF) vulnerability in Pligg CMS 2.0.2 allows remote attackers to hijack the authentication of administrators for requests that add an administrator via a request to admin/admin_users.php.... Read more

    Affected Products : pligg_cms
    • EPSS Score: %0.22
    • Published: Aug. 31, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291513 Results