Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 5.0

    MEDIUM
    CVE-2015-4616

    Directory traversal vulnerability in includes/MapPinImageSave.php in the Easy2Map plugin before 1.2.5 for WordPress allows remote attackers to create arbitrary files via a .. (dot dot) in the map_id parameter.... Read more

    Affected Products : easy2map
    • EPSS Score: %11.83
    • Published: Jul. 08, 2015
    • Modified: Apr. 12, 2025
  • 7.5

    HIGH
    CVE-2015-4614

    Multiple SQL injection vulnerabilities in includes/Function.php in the Easy2Map plugin before 1.2.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the mapName parameter in an e2m_img_save_map_name action to wp-admin/admin-ajax.... Read more

    Affected Products : easy2map
    • EPSS Score: %5.56
    • Published: Jul. 08, 2015
    • Modified: Apr. 12, 2025
  • 6.5

    MEDIUM
    CVE-2015-5459

    SQL injection vulnerability in the AdvanceSearch.class in AdventNetPassTrix.jar in ManageEngine Password Manager Pro (PMP) before 8.1 Build 8101 allows remote authenticated users to execute arbitrary SQL commands via the ANDOR parameter, as demonstrated b... Read more

    Affected Products : manageengine_password_manager_pro
    • EPSS Score: %0.84
    • Published: Jul. 08, 2015
    • Modified: Apr. 12, 2025
  • 6.8

    MEDIUM
    CVE-2015-5458

    Session fixation vulnerability in fileupload.php in PivotX before 2.3.11 allows remote attackers to hijack web sessions via the sess parameter.... Read more

    Affected Products : pivotx
    • EPSS Score: %1.08
    • Published: Jul. 08, 2015
    • Modified: Apr. 12, 2025
  • 7.5

    HIGH
    CVE-2015-5457

    PivotX before 2.3.11 does not validate the new file extension when renaming a file with multiple extensions, which allows remote attackers to execute arbitrary code by uploading a crafted file, as demonstrated by a file named foo.php.php.... Read more

    Affected Products : pivotx
    • EPSS Score: %2.51
    • Published: Jul. 08, 2015
    • Modified: Apr. 12, 2025
  • 4.3

    MEDIUM
    CVE-2015-5456

    Cross-site scripting (XSS) vulnerability in the form method in modules/formclass.php in PivotX before 2.3.11 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, related to the "PHP_SELF" variable and form actions.... Read more

    Affected Products : pivotx
    • EPSS Score: %0.42
    • Published: Jul. 08, 2015
    • Modified: Apr. 12, 2025
  • 4.3

    MEDIUM
    CVE-2015-5455

    Cross-site scripting (XSS) vulnerability in X-Cart 4.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to install/.... Read more

    Affected Products : x-cart
    • EPSS Score: %0.22
    • Published: Jul. 08, 2015
    • Modified: Apr. 12, 2025
  • 4.3

    MEDIUM
    CVE-2015-5454

    Cross-site scripting (XSS) vulnerability in Nucleus CMS allows remote attackers to inject arbitrary web script or HTML via the title parameter when adding a new item.... Read more

    Affected Products : nucleus_cms
    • EPSS Score: %0.51
    • Published: Jul. 08, 2015
    • Modified: Apr. 12, 2025
  • 6.5

    MEDIUM
    CVE-2015-5453

    Watchguard XCS 9.2 and 10.0 before build 150522 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the id parameter to ADMIN/mailqueue.spl.... Read more

    Affected Products : xcs
    • EPSS Score: %72.45
    • Published: Jul. 08, 2015
    • Modified: Apr. 12, 2025
  • 7.5

    HIGH
    CVE-2015-5452

    SQL injection vulnerability in Watchguard XCS 9.2 and 10.0 before build 150522 allows remote attackers to execute arbitrary SQL commands via the sid cookie, as demonstrated by a request to borderpost/imp/compose.php3.... Read more

    Affected Products : xcs
    • EPSS Score: %17.26
    • Published: Jul. 08, 2015
    • Modified: Apr. 12, 2025
  • 4.3

    MEDIUM
    CVE-2015-1796

    The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java (OpenSAML-J) before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID, which allows remote attackers to impersonate an entity ... Read more

    Affected Products : identity_provider opensaml_java
    • EPSS Score: %0.17
    • Published: Jul. 08, 2015
    • Modified: Apr. 12, 2025
  • 4.3

    MEDIUM
    CVE-2014-9741

    Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Desktop, ArcGIS for Engine, and ArcGIS for Server 10.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    • EPSS Score: %0.34
    • Published: Jul. 08, 2015
    • Modified: Apr. 12, 2025
  • 6.0

    MEDIUM
    CVE-2014-8175

    Red Hat JBoss Fuse before 6.2.0 allows remote authenticated users to bypass intended restrictions and access the HawtIO console by leveraging an account defined in the users.properties file.... Read more

    Affected Products : jboss_fuse
    • EPSS Score: %0.19
    • Published: Jul. 08, 2015
    • Modified: Apr. 12, 2025
  • 10.0

    HIGH
    CVE-2015-5119

    Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to ... Read more

    • Actively Exploited
    • EPSS Score: %93.23
    • Published: Jul. 08, 2015
    • Modified: Apr. 21, 2025
  • 7.8

    HIGH
    CVE-2015-4620

    name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) b... Read more

    Affected Products : bind
    • EPSS Score: %13.88
    • Published: Jul. 08, 2015
    • Modified: Apr. 12, 2025
  • 6.1

    MEDIUM
    CVE-2015-4243

    The PPPoE establishment implementation in Cisco IOS XE 3.5.0S on ASR 1000 devices allows remote attackers to cause a denial of service (device reload) by sending malformed PPPoE Active Discovery Request (PADR) packets on the local network, aka Bug ID CSCt... Read more

    • EPSS Score: %0.26
    • Published: Jul. 08, 2015
    • Modified: Apr. 12, 2025
  • 6.8

    MEDIUM
    CVE-2015-4242

    Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 5.4.1.2 and 6.0.0 in FireSIGHT Management Center allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu94721.... Read more

    Affected Products : firesight_system_software
    • EPSS Score: %0.11
    • Published: Jul. 08, 2015
    • Modified: Apr. 12, 2025
  • 6.1

    MEDIUM
    CVE-2015-4241

    Cisco Adaptive Security Appliance (ASA) Software 9.3(2) allows remote attackers to cause a denial of service (system reload) by sending crafted OSPFv2 packets on the local network, aka Bug ID CSCut52679.... Read more

    • EPSS Score: %0.34
    • Published: Jul. 08, 2015
    • Modified: Apr. 12, 2025
  • 5.0

    MEDIUM
    CVE-2015-4240

    Cisco IP Communicator 8.6(4) allows remote attackers to cause a denial of service (service outage) via an unspecified URL in a GET request, aka Bug ID CSCuu37656.... Read more

    Affected Products : ip_communicator
    • EPSS Score: %0.46
    • Published: Jul. 08, 2015
    • Modified: Apr. 12, 2025
  • 7.5

    HIGH
    CVE-2015-2866

    SQL injection vulnerability on the Grandstream GXV3611_HD camera with firmware before 1.0.3.9 beta allows remote attackers to execute arbitrary SQL commands by attempting to establish a TELNET session with a crafted username.... Read more

    Affected Products : gxv3611_hd_firmware gxv3611_hd
    • EPSS Score: %1.63
    • Published: Jul. 08, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291024 Results