Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2015-4158

    SAP ABAP & Java Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2121661.... Read more

    • EPSS Score: %0.48
    • Published: Jun. 02, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-4157

    SAP Content Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2127995.... Read more

    Affected Products : content_server
    • EPSS Score: %0.48
    • Published: Jun. 02, 2015
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2015-4156

    GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) --fifo with --sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file.... Read more

    Affected Products : opensuse parallel
    • EPSS Score: %0.05
    • Published: Jun. 02, 2015
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2015-4155

    GNU Parallel before 20150422, when using (1) --pipe, (2) --tmux, (3) --cat, (4) --fifo, or (5) --compress, allows local users to write to arbitrary files via a symlink attack on a temporary file.... Read more

    Affected Products : parallel
    • EPSS Score: %0.13
    • Published: Jun. 02, 2015
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2015-4094

    The Thycotic Password Manager Secret Server application through 2.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : secret_server
    • EPSS Score: %0.10
    • Published: Jun. 02, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4050

    FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the _controller attribute is set, which allows remote at... Read more

    Affected Products : symfony
    • EPSS Score: %76.19
    • Published: Jun. 02, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-3982

    The session.flush function in the cached_db backend in Django 1.8.x before 1.8.2 does not properly flush the session, which allows remote attackers to hijack user sessions via an empty string in the session key.... Read more

    Affected Products : django
    • EPSS Score: %0.32
    • Published: Jun. 02, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-2944

    Multiple cross-site scripting (XSS) vulnerabilities in Apache Sling API before 2.2.2 and Apache Sling Servlets Post before 2.1.2 allow remote attackers to inject arbitrary web script or HTML via the URI, related to (1) org/apache/sling/api/servlets/HtmlRe... Read more

    • EPSS Score: %2.87
    • Published: Jun. 02, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-2282

    Stack-based buffer overflow in the LZC decompression implementation (CsObjectInt::CsDecomprLZC function in vpa106cslzc.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SA... Read more

    • EPSS Score: %0.92
    • Published: Jun. 02, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-2278

    The LZH decompression implementation (CsObjectInt::BuildHufTree function in vpa108csulzh.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other p... Read more

    • EPSS Score: %0.72
    • Published: Jun. 02, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-1945

    Unspecified vulnerability in the Reference Data Management component in IBM InfoSphere Master Data Management 10.1, 11.0, 11.3 before FP3, and 11.4 allows remote authenticated users to gain privileges via unknown vectors.... Read more

    • EPSS Score: %0.35
    • Published: Jun. 02, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-0850

    The Git plugin for FusionForge before 6.0rc4 allows remote attackers to execute arbitrary code via an unspecified parameter when creating a secondary Git repository.... Read more

    Affected Products : fusionforge
    • EPSS Score: %3.77
    • Published: Jun. 02, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-0759

    Cross-site request forgery (CSRF) vulnerability in Cisco Headend Digital Broadband Delivery System allows remote attackers to hijack the authentication of arbitrary users.... Read more

    • EPSS Score: %0.11
    • Published: Jun. 02, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-8391

    The Web interface in Sendio before 7.2.4 does not properly handle sessions, which allows remote authenticated users to obtain sensitive information from other users' sessions via a large number of requests.... Read more

    Affected Products : sendio
    • EPSS Score: %9.74
    • Published: Jun. 02, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-0999

    Sendio before 7.2.4 includes the session identifier in URLs in emails, which allows remote attackers to obtain sensitive information and hijack sessions by reading the jsessionid parameter in the Referrer HTTP header.... Read more

    Affected Products : sendio
    • EPSS Score: %14.48
    • Published: Jun. 02, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-3181

    files/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not consider the moodle/user:manageownfiles capability before approving a private-file upload, which allows remote authenticated users to b... Read more

    Affected Products : moodle
    • EPSS Score: %0.33
    • Published: Jun. 01, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-3180

    lib/navigationlib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to obtain sensitive course-structure information by leveraging access to a student account with a suspended en... Read more

    Affected Products : moodle
    • EPSS Score: %0.31
    • Published: Jun. 01, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-3179

    login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to bypass intended login restrictions by leveraging access to an unconfirmed suspended account.... Read more

    Affected Products : moodle
    • EPSS Score: %0.33
    • Published: Jun. 01, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-3178

    Cross-site scripting (XSS) vulnerability in the external_format_text function in lib/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to inject arbitrary web script ... Read more

    Affected Products : moodle
    • EPSS Score: %0.21
    • Published: Jun. 01, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-3177

    Moodle 2.8.x before 2.8.6 does not consider the tool/monitor:subscribe capability before entering subscriptions to site-wide event-monitor rules, which allows remote authenticated users to obtain sensitive information via a subscription request.... Read more

    Affected Products : moodle
    • EPSS Score: %0.31
    • Published: Jun. 01, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 290974 Results