Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2015-6921

    Cross-site scripting (XSS) vulnerability in the Zendesk Feedback Tab module 7.x-1.x before 7.x-1.1 for Drupal allows remote administrators with the "Configure Zendesk Feedback Tab" permission to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : zendesk_feedback_tab
    • EPSS Score: %0.32
    • Published: Sep. 11, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6920

    Cross-site scripting (XSS) vulnerability in js/window.php in the sourceAFRICA plugin 0.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter.... Read more

    Affected Products : sourceafrica
    • EPSS Score: %2.49
    • Published: Sep. 11, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6919

    Cross-site scripting (XSS) vulnerability in the googleSearch (CSE) (com_googlesearch_cse) component 3.0.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the q parameter to index.php.... Read more

    Affected Products : googlesearch
    • EPSS Score: %0.22
    • Published: Sep. 11, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2014-7216

    Multiple stack-based buffer overflows in Yahoo! Messenger 11.5.0.228 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) shortcut or (2) title keys in an emoticons.xml file.... Read more

    Affected Products : messenger
    • EPSS Score: %5.59
    • Published: Sep. 11, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-6915

    SQL injection vulnerability in Montala Limited ResourceSpace 7.3.7009 and earlier allows remote attackers to execute arbitrary SQL commands via the "user" cookie to plugins/feedback/pages/feedback.php.... Read more

    Affected Products : resourcespace
    • EPSS Score: %0.32
    • Published: Sep. 11, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-6914

    Absolute path traversal vulnerability in SiteFactory CMS 5.5.9 allows remote attackers to read arbitrary files via a full pathname in the file parameter to assets/download.aspx.... Read more

    Affected Products : sitefactory_cms
    • EPSS Score: %0.36
    • Published: Sep. 11, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6913

    Cross-site scripting (XSS) vulnerability in the "Create download task via URL" feature in Synology Download Station before 3.5-2967 allows remote attackers to inject arbitrary web script or HTML via the urls parameter in an add_url_task action to dlm/down... Read more

    Affected Products : download_station
    • EPSS Score: %0.30
    • Published: Sep. 11, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-6912

    Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary shell commands via shell metacharacters in the subtitle_codepage parameter to subtitle.cgi.... Read more

    Affected Products : video_station
    • EPSS Score: %29.73
    • Published: Sep. 11, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-6911

    SQL injection vulnerability in Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary SQL commands via the id parameter to watchstatus.cgi.... Read more

    Affected Products : video_station
    • EPSS Score: %1.58
    • Published: Sep. 11, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-6910

    SQL injection vulnerability in Synology Video Station before 1.5-0757 allows remote attackers to execute arbitrary SQL commands via the id parameter to audiotrack.cgi.... Read more

    Affected Products : video_station
    • EPSS Score: %0.63
    • Published: Sep. 11, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6909

    Cross-site scripting (XSS) vulnerability in the "Create download task via file upload" feature in Synology Download Station before 3.5-2962 allows remote attackers to inject arbitrary web script or HTML via the name element in the Info dictionary in a tor... Read more

    Affected Products : download_station
    • EPSS Score: %0.46
    • Published: Sep. 11, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-6908

    The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.... Read more

    Affected Products : mac_os_x openldap
    • EPSS Score: %73.04
    • Published: Sep. 11, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6675

    Siemens RUGGEDCOM ROS 3.8.0 through 4.1.x permanently enables the IP forwarding feature, which allows remote attackers to bypass a VLAN isolation protection mechanism via IP traffic.... Read more

    Affected Products : ruggedcom_rugged_operating_system
    • EPSS Score: %0.14
    • Published: Sep. 11, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6466

    Cross-site scripting (XSS) vulnerability in the Diagnosis Ping feature in the administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote attackers to inject arbitrary web script or HTML via an unspecified fi... Read more

    • EPSS Score: %1.70
    • Published: Sep. 11, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-6465

    The GoAhead web server on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to cause a denial of service (reboot) via a crafted URL.... Read more

    • EPSS Score: %1.82
    • Published: Sep. 11, 2015
    • Modified: Apr. 12, 2025

  • 8.5

    HIGH
    CVE-2015-6464

    The administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to bypass a read-only protection mechanism by using Firefox with a web-developer plugin.... Read more

    • EPSS Score: %0.23
    • Published: Sep. 11, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-5631

    Cross-site request forgery (CSRF) vulnerability in the Remote UI on Canon PIXMA MG7500 printers allows remote attackers to hijack the authentication of administrators.... Read more

    • EPSS Score: %0.13
    • Published: Sep. 11, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-3964

    SMA Solar Sunny WebBox has hardcoded passwords, which makes it easier for remote attackers to obtain access via unspecified vectors.... Read more

    Affected Products : webbox_firmware
    • EPSS Score: %0.91
    • Published: Sep. 11, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-9208

    Multiple stack-based buffer overflows in unspecified DLL files in Advantech WebAccess before 8.0.1 allow remote attackers to execute arbitrary code via unknown vectors.... Read more

    Affected Products : webaccess advantech_webaccess
    • EPSS Score: %19.99
    • Published: Sep. 11, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-6827

    Cross-site request forgery (CSRF) vulnerability in Auto-Exchanger 5.1.0 allows remote attackers to hijack the authentication of users for requests that change a password via a request to signup.php.... Read more

    Affected Products : auto-exchanger
    • EPSS Score: %0.22
    • Published: Sep. 11, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291722 Results