Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2015-1157

    CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot and messaging disruption) via crafted Unicode text that is not properly handled during display truncation in the Notifications feature, as demonstrated by A... Read more

    Affected Products : itunes mac_os_x iphone_os
    • EPSS Score: %3.10
    • Published: May. 28, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-4066

    Multiple SQL injection vulnerabilities in admin/handlers.php in the GigPress plugin before 2.3.9 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) show_artist_id or (2) show_venue_id parameter in an add action in... Read more

    Affected Products : gigpress
    • EPSS Score: %2.67
    • Published: May. 27, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-4065

    Cross-site scripting (XSS) vulnerability in shared/shortcodes/inbound-shortcodes.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the post parameter to wp-admin/post-ne... Read more

    Affected Products : landing_pages_plugin landing_pages
    • EPSS Score: %0.76
    • Published: May. 27, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-4064

    SQL injection vulnerability in modules/module.ab-testing.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the post parameter in an edit delete-variation action to wp-admin/p... Read more

    Affected Products : landing_pages_plugin landing_pages
    • EPSS Score: %3.37
    • Published: May. 27, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-4063

    Cross-site scripting (XSS) vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nsp_search page to wp-admin/... Read more

    Affected Products : newstatpress
    • EPSS Score: %3.08
    • Published: May. 27, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-4062

    SQL injection vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the where1 parameter in the nsp_search page to wp-admin/admin.php.... Read more

    Affected Products : newstatpress
    • EPSS Score: %25.16
    • Published: May. 27, 2015
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2015-3922

    Open redirect vulnerability in mode.php in Coppermine Photo Gallery before 1.5.36 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter.... Read more

    Affected Products : coppermine_photo_gallery
    • EPSS Score: %0.35
    • Published: May. 27, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-3921

    Cross-site scripting (XSS) vulnerability in contact.php in Coppermine Photo Gallery before 1.5.36 allows remote authenticated users to inject arbitrary web script or HTML via the referer parameter.... Read more

    Affected Products : coppermine_photo_gallery
    • EPSS Score: %0.18
    • Published: May. 27, 2015
    • Modified: Apr. 12, 2025

  • 6.2

    MEDIUM
    CVE-2015-3339

    Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the se... Read more

    Affected Products : linux_kernel debian_linux
    • EPSS Score: %0.03
    • Published: May. 27, 2015
    • Modified: Apr. 12, 2025

  • 4.9

    MEDIUM
    CVE-2015-3332

    A certain backport in the TCP Fast Open implementation for the Linux kernel before 3.18 does not properly maintain a count value, which allow local users to cause a denial of service (system crash) via the Fast Open feature, as demonstrated by visiting th... Read more

    Affected Products : linux_kernel debian_linux
    • EPSS Score: %0.13
    • Published: May. 27, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-3331

    The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service (... Read more

    Affected Products : linux_kernel ubuntu_linux debian_linux
    • EPSS Score: %3.56
    • Published: May. 27, 2015
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2015-2922

    The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a ... Read more

    • EPSS Score: %1.72
    • Published: May. 27, 2015
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2015-2830

    arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) ... Read more

    Affected Products : linux_kernel ubuntu_linux debian_linux
    • EPSS Score: %0.03
    • Published: May. 27, 2015
    • Modified: Apr. 12, 2025

  • 6.9

    MEDIUM
    CVE-2015-2666

    Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header and lev... Read more

    Affected Products : linux_kernel fedora
    • EPSS Score: %0.10
    • Published: May. 27, 2015
    • Modified: Apr. 12, 2025

  • 4.9

    MEDIUM
    CVE-2014-9715

    include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension data, which allows local users to cause a denial of service (NULL pointer dereference and... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.04
    • Published: May. 27, 2015
    • Modified: Apr. 12, 2025

  • 6.9

    MEDIUM
    CVE-2014-9710

    The Btrfs implementation in the Linux kernel before 3.19 does not ensure that the visible xattr state is consistent with a requested replacement, which allows local users to bypass intended ACL settings and gain privileges via standard filesystem operatio... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.05
    • Published: May. 27, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-3906

    The logcat_dump_text function in wiretap/logcat.c in the Android Logcat file parser in Wireshark 1.12.x before 1.12.5 does not properly handle a lack of \0 termination, which allows remote attackers to cause a denial of service (out-of-bounds read and app... Read more

    Affected Products : wireshark
    • EPSS Score: %0.53
    • Published: May. 26, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-3903

    libraries/Config.class.php in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 disables X.509 certificate verification for GitHub API calls over SSL, which allows man-in-the-middle attackers to spoo... Read more

    Affected Products : phpmyadmin
    • EPSS Score: %1.17
    • Published: May. 26, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-3902

    Multiple cross-site request forgery (CSRF) vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 allow remote attackers to hijack the authentication of administrat... Read more

    Affected Products : phpmyadmin
    • EPSS Score: %0.22
    • Published: May. 26, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-3815

    The detect_version function in wiretap/logcat.c in the Android Logcat file parser in Wireshark 1.12.x before 1.12.5 does not check the length of the payload, which allows remote attackers to cause a denial of service (out-of-bounds read and application cr... Read more

    Affected Products : wireshark
    • EPSS Score: %0.55
    • Published: May. 26, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 290958 Results