Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2015-4139

    Cross-site scripting (XSS) vulnerability in smilies4wp.php in the WP Smiley plugin 1.4.1 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the s4w-more parameter to wp-admin/options-general.php.... Read more

    Affected Products : wp_smiley
    • EPSS Score: %0.18
    • Published: Jun. 18, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-3897

    Directory traversal vulnerability in Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the theme parameter and a file path in the location parameter to bonita/portal/themeResource.... Read more

    Affected Products : bonita_bpm_portal
    • EPSS Score: %60.34
    • Published: Jun. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-3422

    Cross-site scripting (XSS) vulnerability in SearchBlox before 8.2.1 allows remote attackers to inject arbitrary web script or HTML via the menu2 parameter to admin/main.jsp.... Read more

    Affected Products : searchblox
    • EPSS Score: %0.26
    • Published: Jun. 18, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-4628

    SQL injection vulnerability in application/controllers/admin/questiongroups.php in LimeSurvey before 2.06+ Build 150618 allows remote authenticated administrators to execute arbitrary SQL commands via the sid parameter.... Read more

    Affected Products : limesurvey
    • EPSS Score: %0.35
    • Published: Jun. 18, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-2861

    Cross-site request forgery (CSRF) vulnerability in Vesta Control Panel before 0.9.8-14 allows remote attackers to hijack the authentication of arbitrary users.... Read more

    Affected Products : vesta_control_panel
    • EPSS Score: %0.29
    • Published: Jun. 18, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-4454

    SQL injection vulnerability in the get_hash_graph_template function in lib/functions.php in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via the graph_template_id parameter to graph_templates.php.... Read more

    Affected Products : fedora cacti
    • EPSS Score: %0.64
    • Published: Jun. 17, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-4414

    Directory traversal vulnerability in download_audio.php in the SE HTML5 Album Audio Player (se-html5-album-audio-player) plugin 1.1.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.... Read more

    Affected Products : se_html5_album_audio_player
    • EPSS Score: %9.05
    • Published: Jun. 17, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-4342

    SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving a cdef id.... Read more

    Affected Products : fedora cacti
    • EPSS Score: %3.76
    • Published: Jun. 17, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-4338

    Static code injection vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary PHP code into the language files via a Translation LM_FRONT_* field for a language, as demonstrated by language/italian.php... Read more

    Affected Products : xcloner
    • EPSS Score: %0.52
    • Published: Jun. 17, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-4337

    Cross-site scripting (XSS) vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the excl_manual parameter in the xcloner_show page to wpadmin/plugins.php.... Read more

    Affected Products : xcloner
    • EPSS Score: %0.18
    • Published: Jun. 17, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-4336

    cloner.functions.php in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to execute arbitrary commands via a file containing filenames with shell metacharacters, as demonstrated by using the backup comments feature to create the fi... Read more

    Affected Products : xcloner
    • EPSS Score: %1.46
    • Published: Jun. 17, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-3429

    Cross-site scripting (XSS) vulnerability in example.html in Genericons before 3.3.1, as used in WordPress before 4.2.2, allows remote attackers to inject arbitrary web script or HTML via a fragment identifier.... Read more

    Affected Products : debian_linux wordpress genericons
    • EPSS Score: %0.92
    • Published: Jun. 17, 2015
    • Modified: Apr. 12, 2025

  • 6.0

    MEDIUM
    CVE-2015-2803

    SQL injection vulnerability in mod1/index.php in the Akronymmanager (sb_akronymmanager) extension before 7.0.0 for TYPO3 allows remote authenticated users with permission to maintain acronyms to execute arbitrary SQL commands via the id parameter.... Read more

    Affected Products : akronymmanager
    • EPSS Score: %3.87
    • Published: Jun. 17, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-2665

    Cross-site scripting (XSS) vulnerability in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : fedora cacti
    • EPSS Score: %0.43
    • Published: Jun. 17, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-6692

    Cross-site scripting (XSS) vulnerability in js/wp-seo-metabox.js in the WordPress SEO by Yoast plugin before 2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the post_title parameter to wp-admin/post-new.php, which is n... Read more

    Affected Products : wordpress_seo yoast_seo
    • EPSS Score: %0.62
    • Published: Jun. 17, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4550

    The Cavium cryptographic-module firmware on Cisco Adaptive Security Appliance (ASA) devices with software 9.3(3) and 9.4(1.1) does not verify the AES-GCM Integrity Check Value (ICV) octets, which makes it easier for man-in-the-middle attackers to spoof IP... Read more

    • EPSS Score: %0.50
    • Published: Jun. 17, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4190

    Cisco Cloud Portal in Cisco Prime Service Catalog 9.4.1_vortex on Cloud Portal appliances allows man-in-the-middle attackers to modify data via unspecified vectors, aka Bug ID CSCuh19683.... Read more

    Affected Products : prime_service_catalog
    • EPSS Score: %0.29
    • Published: Jun. 17, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-4188

    SQL injection vulnerability in the Manager interface in Cisco Prime Collaboration 10.5(1) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug IDs CSCuu29910, CSCuu29928, and CSCuu59104.... Read more

    Affected Products : prime_collaboration
    • EPSS Score: %0.28
    • Published: Jun. 17, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-4186

    The diagnostics subsystem in the administrative web interface on Cisco Virtualization Experience (aka VXC) Client 6215 devices with firmware 11.2(27.4) allows local users to gain privileges for OS command execution via a crafted option value, aka Bug ID C... Read more

    • EPSS Score: %0.14
    • Published: Jun. 17, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-4183

    Cisco UCS Central Software 1.2(1a) allows local users to gain privileges for OS command execution via a crafted CLI parameter, aka Bug ID CSCut32795.... Read more

    • EPSS Score: %0.14
    • Published: Jun. 17, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 290997 Results