Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 4.3

    MEDIUM
    CVE-2015-2850

    Cross-site scripting (XSS) vulnerability in index-login.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices allows remote attackers to inject arbitrary web script or HTML via the msg para... Read more

    • EPSS Score: %0.50
    • Published: Jul. 07, 2015
    • Modified: Apr. 12, 2025
  • 7.5

    HIGH
    CVE-2015-2849

    SQL injection vulnerability in main.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices, when https is used, allows remote attackers to execute arbitrary SQL commands via the ppli paramet... Read more

    • EPSS Score: %0.31
    • Published: Jul. 07, 2015
    • Modified: Apr. 12, 2025
  • 4.3

    MEDIUM
    CVE-2015-3216

    Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote attackers to cause a den... Read more

    Affected Products : enterprise_linux openssl
    • EPSS Score: %1.17
    • Published: Jul. 07, 2015
    • Modified: Apr. 12, 2025
  • 7.8

    HIGH
    CVE-2015-3958

    Hospira LifeCare PCA Infusion System 5.0 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (forced manual reboot) via a flood of TCP packets.... Read more

    • EPSS Score: %3.14
    • Published: Jul. 06, 2015
    • Modified: Apr. 12, 2025
  • 4.6

    MEDIUM
    CVE-2015-3957

    Hospira LifeCare PCA Infusion System before 7.0 stores private keys and certificates, which has unspecified impact and attack vectors.... Read more

    • EPSS Score: %0.06
    • Published: Jul. 06, 2015
    • Modified: Apr. 12, 2025
  • 10.0

    HIGH
    CVE-2015-3955

    Stack-based buffer overflow in Hospira LifeCare PCA Infusion System 5.0 and earlier, and possibly other versions, allows remote attackers to execute arbitrary code via unspecified vectors.... Read more

    • EPSS Score: %16.51
    • Published: Jul. 06, 2015
    • Modified: Apr. 12, 2025
  • 5.0

    MEDIUM
    CVE-2015-1011

    Hospira LifeCare PCA Infusion System before 7.0 has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.... Read more

    • EPSS Score: %1.18
    • Published: Jul. 06, 2015
    • Modified: Apr. 12, 2025
  • 9.3

    HIGH
    CVE-2014-5406

    The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending a (1) drug library, (2) software update, or (3) configuration change, which allows remote attackers to modify settings or medication data via pac... Read more

    • EPSS Score: %0.61
    • Published: Jul. 06, 2015
    • Modified: Apr. 12, 2025
  • 5.0

    MEDIUM
    CVE-2015-3281

    The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous... Read more

    • EPSS Score: %0.09
    • Published: Jul. 06, 2015
    • Modified: Apr. 12, 2025
  • 2.1

    LOW
    CVE-2014-9740

    Cross-site scripting (XSS) vulnerability in the Rules Link module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer rules links" permission to inject arbitrary web script or HTML via unspecified vectors, which are no... Read more

    Affected Products : rules_link
    • EPSS Score: %0.21
    • Published: Jul. 06, 2015
    • Modified: Apr. 12, 2025
  • 3.5

    LOW
    CVE-2014-9739

    Cross-site scripting (XSS) vulnerability in the Node Field module 7.x-2.x before 7.x-2.45 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors involving internal fields.... Read more

    Affected Products : node_field
    • EPSS Score: %0.16
    • Published: Jul. 06, 2015
    • Modified: Apr. 12, 2025
  • 4.3

    MEDIUM
    CVE-2014-9738

    Multiple cross-site scripting (XSS) vulnerabilities in the Tournament module 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via an (1) account username, a (2) node title, ... Read more

    Affected Products : tournament
    • EPSS Score: %0.22
    • Published: Jul. 06, 2015
    • Modified: Apr. 12, 2025
  • 5.8

    MEDIUM
    CVE-2014-9737

    Open redirect vulnerability in the Language Switcher Dropdown module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a block.... Read more

    Affected Products : language_switcher_dropdown
    • EPSS Score: %0.25
    • Published: Jul. 06, 2015
    • Modified: Apr. 12, 2025
  • 4.3

    MEDIUM
    CVE-2014-3653

    Cross-site scripting (XSS) vulnerability in the template preview function in Foreman before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted provisioning template.... Read more

    Affected Products : foreman
    • EPSS Score: %0.28
    • Published: Jul. 06, 2015
    • Modified: Apr. 12, 2025
  • 10.0

    HIGH
    CVE-2015-5371

    The AuthenticationFilter class in SolarWinds Storage Manager allows remote attackers to upload and execute arbitrary scripts via unspecified vectors.... Read more

    Affected Products : storage_manager
    • EPSS Score: %83.03
    • Published: Jul. 06, 2015
    • Modified: Apr. 12, 2025
  • 7.5

    HIGH
    CVE-2015-4648

    Stack-based buffer overflow in the Ipropsapi.ipropsapiCtrl.1 ActiveX control in ipropsapivideo in Panasonic Security API (PS-API) ActiveX SDK before 8.10.18 allows remote attackers to execute arbitrary code via a long string to the MulticastAddr method.... Read more

    Affected Products : security_api_activex_sdk
    • EPSS Score: %2.70
    • Published: Jul. 06, 2015
    • Modified: Apr. 12, 2025
  • 6.8

    MEDIUM
    CVE-2015-4647

    Multiple stack-based buffer overflows in Ipropsapi in Panasonic Security API (PS-API) ActiveX SDK before 8.10.18 allow remote attackers to execute arbitrary code via a long string in the (1) FilePassword property or to the (2) GetStringInfo method.... Read more

    Affected Products : security_api_activex_sdk
    • EPSS Score: %3.18
    • Published: Jul. 06, 2015
    • Modified: Apr. 12, 2025
  • 7.8

    HIGH
    CVE-2015-4230

    Memory leak in Cisco Headend System Release allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, aka Bug ID CSCus91854.... Read more

    Affected Products : headend_system_release
    • EPSS Score: %0.85
    • Published: Jul. 06, 2015
    • Modified: Apr. 12, 2025
  • 7.9

    HIGH
    CVE-2015-4034

    The createFromParcel method in the com.absolute.android.persistence.MethodSpec class in Samsung Galaxy S5s allows remote attackers to execute arbitrary files via a crafted Parcelable object in a serialized MethodSpec object.... Read more

    Affected Products : galaxy_s5
    • EPSS Score: %0.25
    • Published: Jul. 06, 2015
    • Modified: Apr. 12, 2025
  • 3.3

    LOW
    CVE-2015-4033

    Samsung SBeam allows remote attackers to read arbitrary images by leveraging an NFC connection to access the HTTP server on port 15000.... Read more

    Affected Products : s-beam
    • EPSS Score: %0.43
    • Published: Jul. 06, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291024 Results