Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2015-5482

    Directory traversal vulnerability in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the tab parameter in the gdbbpress_attachments page to wp-admin... Read more

    Affected Products : gd_bbpress_attachments
    • EPSS Score: %0.65
    • Published: Aug. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-5481

    Cross-site scripting (XSS) vulnerability in forms/panels.php in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab parameter in the gdbbpress_attachments page to wp-admin/e... Read more

    Affected Products : gd_bbpress_attachments
    • EPSS Score: %0.23
    • Published: Aug. 18, 2015
    • Modified: Apr. 12, 2025

  • 6.4

    MEDIUM
    CVE-2015-4670

    Directory traversal vulnerability in the AjaxFileUpload control in DevExpress AJAX Control Toolkit (aka AjaxControlToolkit) before 15.1 allows remote attackers to write to arbitrary files via a .. (dot dot) in the fileId parameter to AjaxFileUploadHandler... Read more

    Affected Products : ajax_control_toolkit
    • EPSS Score: %0.88
    • Published: Aug. 18, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-4426

    SQL injection vulnerability in pimcore before build 3473 allows remote attackers to execute arbitrary SQL commands via the filter parameter to admin/asset/grid-proxy.... Read more

    Affected Products : pimcore
    • EPSS Score: %0.00
    • Published: Aug. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.9

    MEDIUM
    CVE-2015-4425

    Directory traversal vulnerability in pimcore before build 3473 allows remote authenticated users with the "assets" permission to create or write to arbitrary files via a .. (dot dot) in the dir parameter to admin/asset/add-asset-compatibility.... Read more

    Affected Products : pimcore
    • EPSS Score: %0.03
    • Published: Aug. 18, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-6516

    SQL injection vulnerability in cygnux.org sysPass 1.0.9 and earlier allows remote authenticated users to execute arbitrary SQL commands via the search parameter to ajax/ajax_search.php.... Read more

    Affected Products : syspass
    • EPSS Score: %0.79
    • Published: Aug. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6515

    Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.2.x before 6.2.4, 6.1.x before 6.1.8, 6.0.x before 6.0.9, and 5.0.x before 5.0.13 and Splunk Light 6.2.x before 6.2.4 allows remote attackers to inject arbitrary web script or H... Read more

    Affected Products : splunk
    • EPSS Score: %0.26
    • Published: Aug. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6514

    Cross-site scripting (XSS) vulnerability in the Dashboard in Splunk Enterprise 6.2.x before 6.2.4 and Splunk Light 6.2.x before 6.2.4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : splunk
    • EPSS Score: %0.26
    • Published: Aug. 18, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-6513

    Multiple SQL injection vulnerabilities in the J2Store (com_j2store) extension before 3.1.7 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) sortby or (2) manufacturer_ids[] parameter to index.php.... Read more

    Affected Products : j2store
    • EPSS Score: %0.42
    • Published: Aug. 18, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-6512

    SQL injection vulnerability in the get_messages function in server/plugins/chatroom/chatroom.php in FreiChat 9.6 allows remote attackers to execute arbitrary SQL commands via the time parameter to server/freichat.php.... Read more

    Affected Products : freichat
    • EPSS Score: %2.21
    • Published: Aug. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6511

    Cross-site scripting (XSS) vulnerability in pfSense before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the server[] parameter to services_ntpd.php.... Read more

    Affected Products : pfsense pfsense
    • EPSS Score: %0.09
    • Published: Aug. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6510

    Multiple cross-site scripting (XSS) vulnerabilities in pfSense before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) srctrack, (2) use_mfs_tmp_size, or (3) use_mfs_var_size parameter to system_advanced_misc.php; the (4) po... Read more

    Affected Products : pfsense pfsense
    • EPSS Score: %0.09
    • Published: Aug. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6509

    Multiple cross-site scripting (XSS) vulnerabilities in pfSense before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) proxypass parameter to system_advanced_misc.php; (2) adaptiveend, (3) adaptivestart, (4) maximumstates, (... Read more

    Affected Products : pfsense pfsense
    • EPSS Score: %0.09
    • Published: Aug. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6508

    Cross-site scripting (XSS) vulnerability in pfSense before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the descr parameter in a "new" action to system_authservers.php.... Read more

    Affected Products : pfsense pfsense
    • EPSS Score: %1.30
    • Published: Aug. 18, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-5681

    Unrestricted file upload vulnerability in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file i... Read more

    Affected Products : powerplay_gallery powerplay_gallery
    • EPSS Score: %7.80
    • Published: Aug. 18, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-5599

    Multiple SQL injection vulnerabilities in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) albumid or (2) name parameter.... Read more

    Affected Products : powerplay_gallery
    • EPSS Score: %1.59
    • Published: Aug. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-5485

    Cross-site scripting (XSS) vulnerability in the Event Import page (import-eventbrite-events.php) in the Modern Tribe Eventbrite Tickets plugin before 3.10.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "error" param... Read more

    Affected Products : eventbrite_tickets
    • EPSS Score: %0.35
    • Published: Aug. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4029

    Cross-site scripting (XSS) vulnerability in the WebGUI in pfSense before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the zone parameter in a del action to services_captiveportal_zones.php.... Read more

    Affected Products : pfsense pfsense
    • EPSS Score: %1.30
    • Published: Aug. 18, 2015
    • Modified: Apr. 12, 2025

  • 6.0

    MEDIUM
    CVE-2015-6254

    The (1) Service Provider (SP) and (2) Identity Provider (IdP) in PicketLink before 2.7.0 does not ensure that the Destination attribute in a Response element in a SAML assertion matches the location from which the message was received, which allows remote... Read more

    Affected Products : picketlink
    • EPSS Score: %0.70
    • Published: Aug. 17, 2015
    • Modified: Apr. 12, 2025

  • 6.0

    MEDIUM
    CVE-2015-0277

    The Service Provider (SP) in PicketLink before 2.7.0 does not ensure that it is a member of an Audience element when an AudienceRestriction is specified, which allows remote attackers to log in to other users' accounts via a crafted SAML assertion. NOTE:... Read more

    Affected Products : picketlink
    • EPSS Score: %0.64
    • Published: Aug. 17, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291617 Results