Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2015-4298

    Cisco Unified Web and E-Mail Interaction Manager 9.0(2) and 11.0(1) improperly performs authorization, which allows remote authenticated users to read or write to stored data via unspecified vectors, aka Bug ID CSCuo89056.... Read more

    • EPSS Score: %0.55
    • Published: Aug. 19, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-1830

    Directory traversal vulnerability in the fileserver upload/download functionality for blob messages in Apache ActiveMQ 5.x before 5.11.2 for Windows allows remote attackers to create JSP files in arbitrary directories via unspecified vectors.... Read more

    Affected Products : activemq windows
    • EPSS Score: %88.00
    • Published: Aug. 19, 2015
    • Modified: Apr. 12, 2025

  • 6.4

    MEDIUM
    CVE-2015-4302

    The web interface in Cisco FireSIGHT Management Center 5.3.1.4 allows remote attackers to delete arbitrary system policies via modified parameters in a POST request, aka Bug ID CSCuu25390.... Read more

    Affected Products : firesight_system_software
    • EPSS Score: %0.70
    • Published: Aug. 19, 2015
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2015-4297

    Open redirect vulnerability in Cisco WebEx Node for Media Convergence Server (MCS) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted HTTP request parameters, aka Bug ID CSCuv32136.... Read more

    Affected Products : webex_node_for_mcs
    • EPSS Score: %0.06
    • Published: Aug. 19, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-2502

    Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," as exploited in the wild in August 2015.... Read more

    • Actively Exploited
    • EPSS Score: %22.56
    • Published: Aug. 19, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-6519

    SQL injection vulnerability in Arab Portal 3 allows remote attackers to execute arbitrary SQL commands via the showemail parameter in a signup action to members.php.... Read more

    Affected Products : arab_portal
    • EPSS Score: %1.98
    • Published: Aug. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6518

    Multiple cross-site scripting (XSS) vulnerabilities in phpLiteAdmin 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, (2) droptable parameter, or (3) table parameter to phpliteadmin.php.... Read more

    Affected Products : phpliteadmin
    • EPSS Score: %1.20
    • Published: Aug. 18, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-6517

    Cross-site request forgery (CSRF) vulnerability in phpLiteAdmin 1.1 allows remote attackers to hijack the authentication of users for requests that drop database tables via the droptable parameter to phpliteadmin.php.... Read more

    Affected Products : phpliteadmin
    • EPSS Score: %0.30
    • Published: Aug. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.9

    MEDIUM
    CVE-2015-5515

    The Views Bulk Operations (VBO) module 6.x-1.x and 7.x-3.x before 7.x-3.3 for Drupal, when the bulk operation for changing Roles is enabled, allows remote authenticated users to edit user accounts and add arbitrary roles to the accounts by leveraging acce... Read more

    Affected Products : views_bulk_operations
    • EPSS Score: %0.56
    • Published: Aug. 18, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2015-5514

    Cross-site scripting (XSS) vulnerability in the Migrate module 7.x-2.x before 7.x-2.8 for Drupal, when the migrate_ui submodule is enabled, allows user-assisted remote attackers to inject arbitrary web script or HTML via a destination field label.... Read more

    Affected Products : migrate
    • EPSS Score: %0.36
    • Published: Aug. 18, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-5513

    Cross-site scripting (XSS) vulnerability in the Shibboleth authentication module 6.x-4.x before 6.x-4.2 and 7.x-4.x before 7.x-4.2 for Drupal allows remote authenticated users with the "Administer blocks" permission to inject arbitrary web script or HTML ... Read more

    • EPSS Score: %0.21
    • Published: Aug. 18, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-5512

    The me aliases module 6.x-2.x before 6.x-2.10 and 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to access Views using the "me" user argument handler by substituting "me" for a user id in a URL.... Read more

    Affected Products : me_aliases
    • EPSS Score: %0.56
    • Published: Aug. 18, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-5511

    The HybridAuth Social Login module 7.x-2.x before 7.x-2.13 for Drupal allows remote attackers to bypass the user registration by administrator only configuration and create an account via a social login.... Read more

    Affected Products : hybridauth_social_login
    • EPSS Score: %0.29
    • Published: Aug. 18, 2015
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2015-5510

    Open redirect vulnerability in the Content Construction Kit (CCK) 6.x-2.x before 6.x-2.10 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the destinations parameter, related to administration pa... Read more

    Affected Products : content_construction_kit
    • EPSS Score: %0.36
    • Published: Aug. 18, 2015
    • Modified: Apr. 12, 2025

  • 6.0

    MEDIUM
    CVE-2015-5509

    The Administration Views module 7.x-1.x before 7.x-1.4 for Drupal, when used with other unspecified modules, does not properly grant access to administration pages, which allows remote administrators to bypass intended restrictions via unspecified vectors... Read more

    Affected Products : administration_views
    • EPSS Score: %0.28
    • Published: Aug. 18, 2015
    • Modified: Apr. 12, 2025

  • 5.1

    MEDIUM
    CVE-2015-5508

    Cross-site request forgery (CSRF) vulnerability in the XC NCIP Provider module in the eXtensible Catalog (XC) Drupal Toolkit allows remote attackers to hijack the authentication of users with the "administer ncip providers" permission for requests that al... Read more

    • EPSS Score: %0.30
    • Published: Aug. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-5507

    Cross-site scripting (XSS) vulnerability in the Inline Entity Form module 7.x-1.x before 7.x-1.6 for Drupal allows remote authenticated users with permission to create or edit fields to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : inline_entity_form
    • EPSS Score: %0.36
    • Published: Aug. 18, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-5506

    The Apache Solr Real-Time module 7.x-1.x before 7.x-1.2 for Drupal does not check the status of an entity when indexing, which allows remote attackers to obtain information about unpublished content via a search.... Read more

    Affected Products : apache_solr_real-time
    • EPSS Score: %0.46
    • Published: Aug. 18, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-5505

    The HTTP Strict Transport Security (HSTS) module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2 for Drupal does not properly implement the "include subdomains" directive, which causes the HSTS policy to not be applied to subdomains and allows man-in-th... Read more

    Affected Products : http_strict_transport_security
    • EPSS Score: %0.56
    • Published: Aug. 18, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-5504

    SQL injection vulnerability in the Novalnet Payment Module Ubercart module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.... Read more

    • EPSS Score: %0.52
    • Published: Aug. 18, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291394 Results