Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2015-4666

    Directory traversal vulnerability in opm/read_sessionlog.php in Xceedium Xsuite 2.4.4.5 and earlier allows remote attackers to read arbitrary files via a ....// (quadruple dot double slash) in the logFile parameter.... Read more

    Affected Products : xsuite
    • EPSS Score: %16.39
    • Published: Aug. 13, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4665

    Cross-site scripting (XSS) vulnerability in ajax_cmd.php in Xceedium Xsuite 2.4.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the fileName parameter.... Read more

    Affected Products : xsuite
    • EPSS Score: %3.38
    • Published: Aug. 13, 2015
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2015-3253

    The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object.... Read more

    • EPSS Score: %52.46
    • Published: Aug. 13, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-2321

    Cross-site scripting (XSS) vulnerability in the Job Manager plugin 0.7.22 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the email field.... Read more

    Affected Products : job_manager job_manager
    • EPSS Score: %1.69
    • Published: Aug. 13, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-5718

    Stack-based buffer overflow in the handle_debug_network function in the manager in Websense Content Gateway before 8.0.0 HF02 allows remote administrators to cause a denial of service (crash) via a crafted diagnostic command line request to submit_net_deb... Read more

    Affected Products : content_gateway
    • EPSS Score: %0.74
    • Published: Aug. 12, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-5166

    Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.... Read more

    Affected Products : fedora xen
    • EPSS Score: %0.07
    • Published: Aug. 12, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-5165

    The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.... Read more

    • EPSS Score: %12.37
    • Published: Aug. 12, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-5154

    Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.... Read more

    • EPSS Score: %0.18
    • Published: Aug. 12, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-3908

    Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid ce... Read more

    Affected Products : ansible
    • EPSS Score: %0.08
    • Published: Aug. 12, 2015
    • Modified: Apr. 12, 2025

  • 4.6

    MEDIUM
    CVE-2015-3286

    Buffer overflow in the Solaris kernel extension in OpenAFS before 1.6.13 allows local users to cause a denial of service (panic or deadlock) or possibly have other unspecified impact via a large group list when joining a PAG.... Read more

    Affected Products : openafs
    • EPSS Score: %0.07
    • Published: Aug. 12, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-3285

    The pioctl for the OSD FS command in OpenAFS before 1.6.13 uses the wrong pointer when writing the results of the RPC, which allows local users to cause a denial of service (memory corruption and kernel panic) via a crafted OSD FS command.... Read more

    Affected Products : openafs
    • EPSS Score: %0.08
    • Published: Aug. 12, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-3284

    pioctls in OpenAFS 1.6.x before 1.6.13 allows local users to read kernel memory via crafted commands.... Read more

    Affected Products : openafs
    • EPSS Score: %0.06
    • Published: Aug. 12, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-3283

    OpenAFS before 1.6.13 allows remote attackers to spoof bos commands via unspecified vectors.... Read more

    Affected Products : openafs
    • EPSS Score: %0.77
    • Published: Aug. 12, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-3282

    vos in OpenAFS before 1.6.13, when updating VLDB entries, allows remote attackers to obtain stack data by sniffing the network.... Read more

    Affected Products : openafs
    • EPSS Score: %0.47
    • Published: Aug. 12, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-3213

    The gesture handling code in Clutter before 1.16.2 allows physically proximate attackers to bypass the lock screen via certain (1) mouse or (2) touch gestures.... Read more

    Affected Products : clutter
    • EPSS Score: %0.08
    • Published: Aug. 12, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-3187

    The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has... Read more

    Affected Products : xcode subversion
    • EPSS Score: %0.51
    • Published: Aug. 12, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-3184

    mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name.... Read more

    Affected Products : http_server xcode subversion
    • EPSS Score: %22.43
    • Published: Aug. 12, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-2059

    The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds r... Read more

    Affected Products : fedora opensuse libidn
    • EPSS Score: %0.83
    • Published: Aug. 12, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-2058

    c2s/c2s.c in Jabber Open Source Server 2.3.2 and earlier truncates data without ensuring it remains valid UTF-8, which allows remote authenticated users to read system memory or possibly have other unspecified impact via a crafted JID.... Read more

    Affected Products : jabberd2
    • EPSS Score: %0.48
    • Published: Aug. 12, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-1867

    Pacemaker before 1.1.13 does not properly evaluate added nodes, which allows remote read-only users to gain privileges via an acl command.... Read more

    • EPSS Score: %0.71
    • Published: Aug. 12, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291384 Results