Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    MEDIUM
    CVE-2015-4677

    Cross-site request forgery (CSRF) vulnerability in FiverrScript (aka Fiverr Script) 7.2 allows remote attackers to hijack the authentication of administrators for requests that create a new admin via a request to administrator/admins_create.php.... Read more

    Affected Products : fiverrscript
    • EPSS Score: %0.28
    • Published: Jun. 19, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-4676

    SQL injection vulnerability in ticket.php in TickFa 1.x allows remote authenticated users to execute arbitrary SQL commands via the tid parameter in a read action.... Read more

    Affected Products : tickfa
    • EPSS Score: %0.27
    • Published: Jun. 19, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-4675

    Buffer overflow in the Tiny SRP library (aka TinySRP) allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted size value for the username field.... Read more

    Affected Products : tinysrp
    • EPSS Score: %2.63
    • Published: Jun. 19, 2015
    • Modified: Apr. 12, 2025

  • 6.4

    MEDIUM
    CVE-2015-4641

    Directory traversal vulnerability in the SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices allows remote web servers to write to arbitrary files, and consequently execute arbitrary code in a privileged context,... Read more

    • EPSS Score: %0.90
    • Published: Jun. 19, 2015
    • Modified: Apr. 12, 2025

  • 2.9

    LOW
    CVE-2015-4640

    The SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices relies on an HTTP connection to the skslm.swiftkey.net server, which allows man-in-the-middle attackers to write to language-pack files by modifying an HTTP... Read more

    • EPSS Score: %0.20
    • Published: Jun. 19, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-2797

    Stack-based buffer overflow in AirTies Air 6372, 5760, 5750, 5650TT, 5453, 5444TT, 5443, 5442, 5343, 5342, 5341, and 5021 DSL modems with firmware 1.0.2.0 and earlier allows remote attackers to execute arbitrary code via a long string in the redirect para... Read more

    • EPSS Score: %75.78
    • Published: Jun. 19, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-4195

    Cisco IOS XR 5.1.1.K9SEC allows remote authenticated users to cause a denial of service (vty error, and SSH and TELNET outage) via a crafted disconnect action within an SSH session, aka Bug ID CSCul63127.... Read more

    Affected Products : ios_xr
    • EPSS Score: %0.60
    • Published: Jun. 19, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-4194

    The web-based administrative interface in Cisco WebEx Meeting Center provides different error messages for failed login attempts depending on whether the username exists or corresponds to a privileged account, which allows remote attackers to enumerate ac... Read more

    Affected Products : webex_meeting_center
    • EPSS Score: %0.43
    • Published: Jun. 19, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-4191

    Cisco IOS XR 5.2.1 allows remote attackers to cause a denial of service (ipv6_io service reload) via a malformed IPv6 packet, aka Bug ID CSCuq95565.... Read more

    Affected Products : ios_xr
    • EPSS Score: %0.76
    • Published: Jun. 19, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4661

    Cross-site scripting (XSS) vulnerability in Symphony CMS 2.6.2 allows remote attackers to inject arbitrary web script or HTML via the sort parameter to system/authors.... Read more

    Affected Products : symphony symphony_cms
    • EPSS Score: %0.76
    • Published: Jun. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4660

    Cross-site scripting (XSS) vulnerability in Enhanced SQL Portal 5.0.7961 allows remote attackers to inject arbitrary web script or HTML via the id parameter to iframe.php.... Read more

    Affected Products : enhanced_sql_portal
    • EPSS Score: %0.76
    • Published: Jun. 18, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-4659

    Cross-site request forgery (CSRF) vulnerability in ClickHeat 1.14 and earlier allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a config action to index.php.... Read more

    Affected Products : clickheat
    • EPSS Score: %0.27
    • Published: Jun. 18, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-4658

    Multiple SQL injection vulnerabilities in admin/login.php in Milw0rm Clone Script 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) usr or (2) pwd parameter.... Read more

    Affected Products : milw0rm_clone_script
    • EPSS Score: %1.02
    • Published: Jun. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4657

    Cross-site scripting (XSS) vulnerability in Mailbird 2.0.16.0 and earlier allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with a crafted URL.... Read more

    Affected Products : mailbird
    • EPSS Score: %0.25
    • Published: Jun. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4656

    Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station before 6.3-2945 allow remote attackers to inject arbitrary web script or HTML via the (1) success parameter to login.php or (2) crafted URL parameters to index.php, as demonstra... Read more

    Affected Products : photo_station
    • EPSS Score: %0.28
    • Published: Jun. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4655

    Cross-site scripting (XSS) vulnerability in Synology DiskStation Manager (DSM) before 5.2-5565 Update 1 allows remote attackers to inject arbitrary web script or HTML via the "compound" parameter to entry.cgi.... Read more

    • EPSS Score: %0.34
    • Published: Jun. 18, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-4654

    SQL injection vulnerability in the EQ Event Calendar component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to eqfullevent.... Read more

    Affected Products : joomla\!
    • EPSS Score: %0.03
    • Published: Jun. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4587

    Cross-site scripting (XSS) vulnerability in the Alcatel-Lucent CellPipe 7130 router with firmware 1.0.0.20h.HOL allows remote attackers to inject arbitrary web script or HTML via the "Custom application" field in the "port triggering" menu.... Read more

    • EPSS Score: %0.22
    • Published: Jun. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4420

    Multiple cross-site scripting (XSS) vulnerabilities in Opsview 4.6.2 and earlier allow remote attackers to inject arbitrary web script or HTML via a (1) crafted check plugin, the (2) description in a host profile, or the (3) plugin_args parameter to a Tes... Read more

    Affected Products : opsview
    • EPSS Score: %0.61
    • Published: Jun. 18, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-4140

    Cross-site request forgery (CSRF) vulnerability in the WP Smiley plugin 1.4.1 for WordPress allows remote attackers to hijack the authentication of editors for requests that conduct cross-site scripting (XSS) attacks via the s4w-more parameter to the smil... Read more

    Affected Products : wp_smiley
    • EPSS Score: %0.10
    • Published: Jun. 18, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 290997 Results