Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2015-6508

    Cross-site scripting (XSS) vulnerability in pfSense before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the descr parameter in a "new" action to system_authservers.php.... Read more

    Affected Products : pfsense pfsense
    • EPSS Score: %1.30
    • Published: Aug. 18, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-5681

    Unrestricted file upload vulnerability in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file i... Read more

    Affected Products : powerplay_gallery powerplay_gallery
    • EPSS Score: %7.80
    • Published: Aug. 18, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-5599

    Multiple SQL injection vulnerabilities in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) albumid or (2) name parameter.... Read more

    Affected Products : powerplay_gallery
    • EPSS Score: %1.59
    • Published: Aug. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-5485

    Cross-site scripting (XSS) vulnerability in the Event Import page (import-eventbrite-events.php) in the Modern Tribe Eventbrite Tickets plugin before 3.10.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "error" param... Read more

    Affected Products : eventbrite_tickets
    • EPSS Score: %0.35
    • Published: Aug. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4029

    Cross-site scripting (XSS) vulnerability in the WebGUI in pfSense before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the zone parameter in a del action to services_captiveportal_zones.php.... Read more

    Affected Products : pfsense pfsense
    • EPSS Score: %1.30
    • Published: Aug. 18, 2015
    • Modified: Apr. 12, 2025

  • 6.0

    MEDIUM
    CVE-2015-6254

    The (1) Service Provider (SP) and (2) Identity Provider (IdP) in PicketLink before 2.7.0 does not ensure that the Destination attribute in a Response element in a SAML assertion matches the location from which the message was received, which allows remote... Read more

    Affected Products : picketlink
    • EPSS Score: %0.70
    • Published: Aug. 17, 2015
    • Modified: Apr. 12, 2025

  • 6.0

    MEDIUM
    CVE-2015-0277

    The Service Provider (SP) in PicketLink before 2.7.0 does not ensure that it is a member of an Audience element when an AudienceRestriction is specified, which allows remote attackers to log in to other users' accounts via a crafted SAML assertion. NOTE:... Read more

    Affected Products : picketlink
    • EPSS Score: %0.64
    • Published: Aug. 17, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-5531

    Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls.... Read more

    Affected Products : elasticsearch
    • EPSS Score: %84.22
    • Published: Aug. 17, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-9743

    Cross-site scripting (XSS) vulnerability in the httpd_HtmlError function in network/httpd.c in the web interface in VideoLAN VLC Media Player before 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the path info.... Read more

    Affected Products : vlc_media_player
    • EPSS Score: %0.26
    • Published: Aug. 17, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-5784

    runner in Install.framework in the Install Framework Legacy component in Apple OS X before 10.10.5 does not properly drop privileges, which allows attackers to execute arbitrary code in a privileged context via a crafted app.... Read more

    Affected Products : mac_os_x mac_os_x
    • EPSS Score: %28.24
    • Published: Aug. 17, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-5783

    IOGraphics in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-3770.... Read more

    Affected Products : mac_os_x mac_os_x
    • EPSS Score: %0.83
    • Published: Aug. 17, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-5782

    ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.... Read more

    Affected Products : mac_os_x iphone_os
    • EPSS Score: %0.65
    • Published: Aug. 17, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-5781

    ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted PNG image.... Read more

    Affected Products : mac_os_x iphone_os
    • EPSS Score: %0.65
    • Published: Aug. 17, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-5779

    QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-378... Read more

    Affected Products : quicktime mac_os_x
    • EPSS Score: %2.68
    • Published: Aug. 17, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-5778

    CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015... Read more

    Affected Products : mac_os_x iphone_os
    • EPSS Score: %1.87
    • Published: Aug. 17, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-5777

    CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015... Read more

    Affected Products : mac_os_x iphone_os
    • EPSS Score: %1.87
    • Published: Aug. 17, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-5776

    Libinfo in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by leveraging use of an AF_INET6 socket.... Read more

    Affected Products : mac_os_x iphone_os
    • EPSS Score: %3.02
    • Published: Aug. 17, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-5775

    FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and... Read more

    Affected Products : mac_os_x iphone_os
    • EPSS Score: %1.99
    • Published: Aug. 17, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-5774

    Buffer overflow in IOHIDFamily in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges via unspecified vectors.... Read more

    Affected Products : mac_os_x iphone_os
    • EPSS Score: %0.09
    • Published: Aug. 17, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-5773

    QL Office in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted office document.... Read more

    Affected Products : mac_os_x iphone_os
    • EPSS Score: %2.51
    • Published: Aug. 17, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291384 Results