Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2015-5764

    The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5765 and CVE-2015-5767.... Read more

    Affected Products : iphone_os safari
    • EPSS Score: %0.85
    • Published: Sep. 18, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-3801

    The document.cookie API implementation in the CFNetwork Cookies subsystem in WebKit in Apple iOS before 9 allows remote attackers to bypass an intended single-cookie restriction via unspecified vectors.... Read more

    Affected Products : iphone_os safari
    • EPSS Score: %0.98
    • Published: Sep. 18, 2015
    • Modified: Apr. 12, 2025

  • 6.9

    MEDIUM
    CVE-2014-8611

    The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and the kernel in Apple iOS before 9 mishandles failures of the write system call, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-bas... Read more

    Affected Products : freebsd mac_os_x iphone_os
    • EPSS Score: %0.11
    • Published: Sep. 18, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-7235

    Multiple SQL injection vulnerabilities in dex_reservations.php in the CP Reservation Calendar plugin before 1.1.7 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a dex_reservations_calendar_load2 action o... Read more

    Affected Products : cp_reservation_calender
    • EPSS Score: %2.60
    • Published: Sep. 17, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-7234

    The OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Ontology and OSF Import modules are enabled, allows user-assisted remote attackers to delete arbitrary files via unspecified vectors.... Read more

    Affected Products : open_semantic_framework
    • EPSS Score: %0.70
    • Published: Sep. 17, 2015
    • Modified: Apr. 12, 2025

  • 5.1

    MEDIUM
    CVE-2015-7233

    Cross-site request forgery (CSRF) vulnerability in the OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Import module is enabled, allows remote attackers to hijack the authentication of administrators for requests that create new OSF datasets vi... Read more

    Affected Products : open_semantic_framework
    • EPSS Score: %0.12
    • Published: Sep. 17, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2015-7232

    Cross-site scripting (XSS) vulnerability in unspecified administration pages in the OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Ontology module is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vecto... Read more

    Affected Products : open_semantic_framework
    • EPSS Score: %0.26
    • Published: Sep. 17, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-7231

    The Commerce Commonwealth (CBA) module 7.x-1.x before 7.x-1.5 for Drupal does not properly validate payments, which allows remote attackers to make a failed payment appear valid via a crafted URL, related to a "response from commweb."... Read more

    Affected Products : commerce_commonwealth
    • EPSS Score: %0.22
    • Published: Sep. 17, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-7230

    The Workbench Email module 7.x-3.x before 7.x-3.4 for Drupal allows remote authenticated users with certain permissions to bypass node and field validation by saving a node.... Read more

    Affected Products : workbench_email
    • EPSS Score: %0.14
    • Published: Sep. 17, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-7229

    The Twitter module 6.x-5.x before 6.x-5.2, 7.x-5.x before 7.x-5.9, and 7.x-6.x before 7.x-6.0 for Drupal does not properly check access permissions, which allows remote authenticated users to post tweets to arbitrary accounts by leveraging the (1) "post t... Read more

    Affected Products : twitter
    • EPSS Score: %0.16
    • Published: Sep. 17, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-7228

    The RESTful module 7.x-1.x before 7.x-1.3 for Drupal does not properly cache pages of authenticated users when using non-cookie authentication providers, which allows remote attackers to obtain sensitive information via unspecified vectors.... Read more

    Affected Products : restful
    • EPSS Score: %0.27
    • Published: Sep. 17, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-7227

    The Fieldable Panels Panes module 7.x-1.x before 7.x-1.7 for Drupal does not properly check permissions to edit Fieldable Panels Panes entities, which allows remote authenticated users to edit panes by leveraging permissions to edit panels.... Read more

    Affected Products : fieldable_panels_panes
    • EPSS Score: %0.13
    • Published: Sep. 17, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-7226

    The Administration Views module 7.x-1.x before 7.x-1.5 for Drupal checks access permissions based on the router path from the view instead of the display property, which allows remote attackers to obtain sensitive information via vectors related to the ac... Read more

    Affected Products : administration_views
    • EPSS Score: %0.29
    • Published: Sep. 17, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6672

    Cross-site scripting (XSS) vulnerability in the Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 132.8, 10.5 before Build 57.7, and 10.5e before Build 56.1505.e allows remote at... Read more

    • EPSS Score: %0.29
    • Published: Sep. 17, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-5538

    Multiple unspecified vulnerabilities in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 132.8, 10.5 before Build 57.7, and 10.5e before Build 56.1505.e allow remote attackers to gain privileges via unknown ve... Read more

    • EPSS Score: %1.96
    • Published: Sep. 17, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-4040

    Directory traversal vulnerability in the configuration utility in F5 BIG-IP before 12.0.0 and Enterprise Manager 3.0.0 through 3.1.1 allows remote authenticated users to access arbitrary files in the web root via unspecified vectors.... Read more

    • EPSS Score: %6.77
    • Published: Sep. 17, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-1319

    The Unity Settings Daemon before 14.04.0+14.04.20150825-0ubuntu2 and 15.04.x before 15.04.1+15.04.20150408-0ubuntu1.2 does not properly detect if the screen is locked, which allows physically proximate attackers to mount removable media while the screen i... Read more

    Affected Products : ubuntu_linux
    • EPSS Score: %0.06
    • Published: Sep. 17, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-6962

    SQL injection vulnerability in the web application in Farol allows remote attackers to execute arbitrary SQL commands via the email parameter to tkmonitor/estrutura/login/Login.actions.php.... Read more

    Affected Products : farol
    • EPSS Score: %0.83
    • Published: Sep. 17, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-6973

    Multiple cross-site request forgery (CSRF) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password via a crafted request to user-password.jsp, (2) add... Read more

    Affected Products : openfire
    • EPSS Score: %14.21
    • Published: Sep. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6972

    Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to inject arbitrary web script or HTML via the (1) groupchatName parameter to plugins/clientcontrol/create-bookmark.jsp; the (2) urlName paramete... Read more

    Affected Products : openfire
    • EPSS Score: %5.18
    • Published: Sep. 16, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291741 Results