Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2015-4194

    The web-based administrative interface in Cisco WebEx Meeting Center provides different error messages for failed login attempts depending on whether the username exists or corresponds to a privileged account, which allows remote attackers to enumerate ac... Read more

    Affected Products : webex_meeting_center
    • EPSS Score: %0.43
    • Published: Jun. 19, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-4191

    Cisco IOS XR 5.2.1 allows remote attackers to cause a denial of service (ipv6_io service reload) via a malformed IPv6 packet, aka Bug ID CSCuq95565.... Read more

    Affected Products : ios_xr
    • EPSS Score: %0.76
    • Published: Jun. 19, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4661

    Cross-site scripting (XSS) vulnerability in Symphony CMS 2.6.2 allows remote attackers to inject arbitrary web script or HTML via the sort parameter to system/authors.... Read more

    Affected Products : symphony symphony_cms
    • EPSS Score: %0.76
    • Published: Jun. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4660

    Cross-site scripting (XSS) vulnerability in Enhanced SQL Portal 5.0.7961 allows remote attackers to inject arbitrary web script or HTML via the id parameter to iframe.php.... Read more

    Affected Products : enhanced_sql_portal
    • EPSS Score: %0.76
    • Published: Jun. 18, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-4659

    Cross-site request forgery (CSRF) vulnerability in ClickHeat 1.14 and earlier allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a config action to index.php.... Read more

    Affected Products : clickheat
    • EPSS Score: %0.27
    • Published: Jun. 18, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-4658

    Multiple SQL injection vulnerabilities in admin/login.php in Milw0rm Clone Script 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) usr or (2) pwd parameter.... Read more

    Affected Products : milw0rm_clone_script
    • EPSS Score: %1.02
    • Published: Jun. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4657

    Cross-site scripting (XSS) vulnerability in Mailbird 2.0.16.0 and earlier allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with a crafted URL.... Read more

    Affected Products : mailbird
    • EPSS Score: %0.25
    • Published: Jun. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4656

    Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station before 6.3-2945 allow remote attackers to inject arbitrary web script or HTML via the (1) success parameter to login.php or (2) crafted URL parameters to index.php, as demonstra... Read more

    Affected Products : photo_station
    • EPSS Score: %0.28
    • Published: Jun. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4655

    Cross-site scripting (XSS) vulnerability in Synology DiskStation Manager (DSM) before 5.2-5565 Update 1 allows remote attackers to inject arbitrary web script or HTML via the "compound" parameter to entry.cgi.... Read more

    • EPSS Score: %0.34
    • Published: Jun. 18, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-4654

    SQL injection vulnerability in the EQ Event Calendar component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to eqfullevent.... Read more

    Affected Products : joomla\!
    • EPSS Score: %0.03
    • Published: Jun. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4587

    Cross-site scripting (XSS) vulnerability in the Alcatel-Lucent CellPipe 7130 router with firmware 1.0.0.20h.HOL allows remote attackers to inject arbitrary web script or HTML via the "Custom application" field in the "port triggering" menu.... Read more

    • EPSS Score: %0.22
    • Published: Jun. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4420

    Multiple cross-site scripting (XSS) vulnerabilities in Opsview 4.6.2 and earlier allow remote attackers to inject arbitrary web script or HTML via a (1) crafted check plugin, the (2) description in a host profile, or the (3) plugin_args parameter to a Tes... Read more

    Affected Products : opsview
    • EPSS Score: %0.61
    • Published: Jun. 18, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-4140

    Cross-site request forgery (CSRF) vulnerability in the WP Smiley plugin 1.4.1 for WordPress allows remote attackers to hijack the authentication of editors for requests that conduct cross-site scripting (XSS) attacks via the s4w-more parameter to the smil... Read more

    Affected Products : wp_smiley
    • EPSS Score: %0.10
    • Published: Jun. 18, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-4139

    Cross-site scripting (XSS) vulnerability in smilies4wp.php in the WP Smiley plugin 1.4.1 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the s4w-more parameter to wp-admin/options-general.php.... Read more

    Affected Products : wp_smiley
    • EPSS Score: %0.18
    • Published: Jun. 18, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-3897

    Directory traversal vulnerability in Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the theme parameter and a file path in the location parameter to bonita/portal/themeResource.... Read more

    Affected Products : bonita_bpm_portal
    • EPSS Score: %60.34
    • Published: Jun. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-3422

    Cross-site scripting (XSS) vulnerability in SearchBlox before 8.2.1 allows remote attackers to inject arbitrary web script or HTML via the menu2 parameter to admin/main.jsp.... Read more

    Affected Products : searchblox
    • EPSS Score: %0.26
    • Published: Jun. 18, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-4628

    SQL injection vulnerability in application/controllers/admin/questiongroups.php in LimeSurvey before 2.06+ Build 150618 allows remote authenticated administrators to execute arbitrary SQL commands via the sid parameter.... Read more

    Affected Products : limesurvey
    • EPSS Score: %0.35
    • Published: Jun. 18, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-2861

    Cross-site request forgery (CSRF) vulnerability in Vesta Control Panel before 0.9.8-14 allows remote attackers to hijack the authentication of arbitrary users.... Read more

    Affected Products : vesta_control_panel
    • EPSS Score: %0.29
    • Published: Jun. 18, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-4454

    SQL injection vulnerability in the get_hash_graph_template function in lib/functions.php in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via the graph_template_id parameter to graph_templates.php.... Read more

    Affected Products : fedora cacti
    • EPSS Score: %0.64
    • Published: Jun. 17, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-4414

    Directory traversal vulnerability in download_audio.php in the SE HTML5 Album Audio Player (se-html5-album-audio-player) plugin 1.1.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.... Read more

    Affected Products : se_html5_album_audio_player
    • EPSS Score: %9.05
    • Published: Jun. 17, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 290990 Results