Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2015-4203

    Race condition in Cisco IOS 12.2SCH in the Performance Routing Engine (PRE) module on uBR10000 devices, when NetFlow and an MPLS IPv6 VPN are configured, allows remote attackers to cause a denial of service (PXF process crash) by sending malformed MPLS 6V... Read more

    • EPSS Score: %0.66
    • Published: Jun. 23, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-4189

    Cross-site request forgery (CSRF) vulnerability in Cisco Data Center Analytics Framework (DCAF) 1.4 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun26807.... Read more

    Affected Products : data_center_analytics_framework
    • EPSS Score: %0.12
    • Published: Jun. 23, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-4204

    Memory leak in Cisco IOS 12.2 in the Performance Routing Engine (PRE) module on uBR10000 devices allows remote authenticated users to cause a denial of service (memory consumption or PXF process crash) by sending docsIfMCmtsMib SNMP requests quickly, aka ... Read more

    • EPSS Score: %0.67
    • Published: Jun. 23, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-4200

    Memory leak in the IPv6-to-IPv4 functionality in Cisco IOS 15.3S in the Performance Routing Engine (PRE) module on UBR devices allows remote attackers to cause a denial of service (memory consumption) by triggering an error during CPE negotiation, aka Bug... Read more

    Affected Products : ios
    • EPSS Score: %0.85
    • Published: Jun. 23, 2015
    • Modified: Apr. 12, 2025

  • 6.4

    MEDIUM
    CVE-2015-3237

    The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values.... Read more

    • EPSS Score: %2.53
    • Published: Jun. 22, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-3236

    cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authentication credentials for a previous connection when reusing a reset (curl_easy_reset) connection handle to send a request to the same host name, which allows remote attackers to obtain sensi... Read more

    Affected Products : curl libcurl
    • EPSS Score: %4.50
    • Published: Jun. 22, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-3234

    The OpenID module in Drupal 6.x before 6.36 and 7.x before 7.38 allows remote attackers to log into other users' accounts by leveraging an OpenID identity from certain providers, as demonstrated by the Verisign, LiveJournal, and StackExchange providers.... Read more

    Affected Products : debian_linux drupal
    • EPSS Score: %0.44
    • Published: Jun. 22, 2015
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2015-3233

    Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.38 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.... Read more

    Affected Products : drupal
    • EPSS Score: %3.73
    • Published: Jun. 22, 2015
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2015-3232

    Open redirect vulnerability in the Field UI module in Drupal 7.x before 7.38 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destinations parameter.... Read more

    Affected Products : debian_linux drupal
    • EPSS Score: %0.39
    • Published: Jun. 22, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-3231

    The Render cache system in Drupal 7.x before 7.38, when used to cache content by user role, allows remote authenticated users to obtain private content viewed by user 1 by reading the cache.... Read more

    Affected Products : debian_linux drupal
    • EPSS Score: %0.30
    • Published: Jun. 22, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4714

    Cross-site scripting (XSS) vulnerability in the DreamBox DM500-S allows remote attackers to inject arbitrary web script or HTML via the mode parameter to /body.... Read more

    • EPSS Score: %0.22
    • Published: Jun. 22, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-4713

    SQL injection vulnerability in ApPHP Hotel Site 3.x.x allows remote editors to execute arbitrary SQL commands via the pid parameter to index.php.... Read more

    Affected Products : hotel_site
    • EPSS Score: %0.18
    • Published: Jun. 22, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-4590

    The extractFrom function in Internals/QuotedString.cpp in Arduino JSON before 4.5 allows remote attackers to cause a denial of service (crash) via a JSON string with a \ (backslash) followed by a terminator, as demonstrated by "\\\0", which triggers a buf... Read more

    Affected Products : arduino_json
    • EPSS Score: %1.02
    • Published: Jun. 22, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-0526

    Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Validation Manager (RVM) 3.2 before build 201 allow remote attackers to inject arbitrary web script or HTML via the (1) displayMode or (2) wrapPreDisplayMode parameter.... Read more

    Affected Products : rsa_validation_manager
    • EPSS Score: %0.22
    • Published: Jun. 22, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-4202

    Cisco IOS 12.2SCH on uBR10000 router Cable Modem Termination Systems (CMTS) does not properly restrict access to the IP Detail Record (IPDR) service, which allows remote attackers to obtain potentially sensitive MAC address and network-utilization informa... Read more

    • EPSS Score: %0.45
    • Published: Jun. 20, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4198

    Cross-site scripting (XSS) vulnerability in the web framework on Cisco Web Security Appliance (WSA) devices with software 8.5.0-497 allows remote attackers to inject arbitrary web script or HTML via an unspecified HTTP header, aka Bug ID CSCuu24409.... Read more

    • EPSS Score: %0.42
    • Published: Jun. 20, 2015
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2015-4197

    Cisco NX-OS 5.2(5) on Nexus 7000 devices allows remote attackers to cause a denial of service (device crash) by sending a malformed LLDP packet on the local network, aka Bug ID CSCud89415.... Read more

    Affected Products : nx-os nexus_7000 nexus_7700
    • EPSS Score: %0.63
    • Published: Jun. 20, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-4201

    The Gateway General Packet Radio Service Support Node (GGSN) component on Cisco ASR 5000 devices with software 17.2.0.59184 and 18.0.L0.59219 allows remote attackers to cause a denial of service (Session Manager restart) via an invalid TCP/IP header, aka ... Read more

    Affected Products : asr_5000_series_software
    • EPSS Score: %0.76
    • Published: Jun. 20, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4679

    Multiple cross-site scripting (XSS) vulnerabilities in the web interface in Airties RT-210 allow remote attackers to inject arbitrary web script or HTML via the (1) ddns_domainame or (2) ddns_account parameter to ddns.stm.... Read more

    Affected Products : rt-210_firmware rt-210
    • EPSS Score: %0.22
    • Published: Jun. 19, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-4678

    SQL injection vulnerability in Persian Car CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to the default URI.... Read more

    Affected Products : persian_car_cms
    • EPSS Score: %0.32
    • Published: Jun. 19, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 290997 Results