Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2015-3451

    The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function.... Read more

    • EPSS Score: %3.36
    • Published: May. 12, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-2845

    The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1421902800 allows remote attackers to execute arbitrary commands via the $type portion of the PATH_INFO.... Read more

    Affected Products : goadmin_ce
    • EPSS Score: %87.46
    • Published: May. 12, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-2844

    The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1420434000 allows remote attackers to execute arbitrary commands via the $action portion of the PATH_INFO.... Read more

    Affected Products : goadmin_ce
    • EPSS Score: %39.14
    • Published: May. 12, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-2843

    Multiple SQL injection vulnerabilities in GoAutoDial GoAdmin CE before 3.3-1421902800 allow remote attackers to execute arbitrary SQL commands via the (1) user_name or (2) user_pass parameter in go_login.php or the PATH_INFO to (3) go_login/validate_crede... Read more

    Affected Products : goadmin_ce
    • EPSS Score: %80.05
    • Published: May. 12, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-2842

    Unrestricted file upload vulnerability in go_audiostore.php in the audiostore (Voice Files) upload functionality in GoAutoDial GoAdmin CE 3.x before 3.3-1421902800 allows remote attackers to execute arbitrary code by uploading a file with an executable ex... Read more

    Affected Products : goadmin_ce
    • EPSS Score: %43.86
    • Published: May. 12, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-2829

    Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.5 Build 53.9 through 55.8 and 10.5.e Build 53-9010.e allow remote attackers to cause a denial of service (reboot) via unspecified vectors.... Read more

    • EPSS Score: %1.04
    • Published: May. 12, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-2668

    ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted xz archive file.... Read more

    Affected Products : ubuntu_linux clamav
    • EPSS Score: %1.55
    • Published: May. 12, 2015
    • Modified: Apr. 12, 2025

  • 6.9

    MEDIUM
    CVE-2015-2234

    Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileges by writing to an update file after the signature is v... Read more

    Affected Products : system_update
    • EPSS Score: %0.03
    • Published: May. 12, 2015
    • Modified: Apr. 12, 2025

  • 8.3

    HIGH
    CVE-2015-2233

    Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 does not properly validate CA chains during signature validation, which allows man-in-the-middle attackers to upload and execute arbitrary files via a crafted certificate.... Read more

    Affected Products : system_update
    • EPSS Score: %0.08
    • Published: May. 12, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-2222

    ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted petite packed file.... Read more

    Affected Products : ubuntu_linux clamav
    • EPSS Score: %1.55
    • Published: May. 12, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-2221

    ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file.... Read more

    Affected Products : ubuntu_linux clamav
    • EPSS Score: %1.78
    • Published: May. 12, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-2219

    Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to the System Update service (SUService.exe) through an unspe... Read more

    Affected Products : system_update
    • EPSS Score: %29.58
    • Published: May. 12, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-2170

    The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted file.... Read more

    Affected Products : ubuntu_linux clamav
    • EPSS Score: %1.55
    • Published: May. 12, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-1880

    Cross-site scripting (XSS) vulnerability in the sslvpn login page in Fortinet FortiOS 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : fortios
    • EPSS Score: %59.36
    • Published: May. 12, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-1860

    Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image.... Read more

    Affected Products : fedora qt qt
    • EPSS Score: %5.25
    • Published: May. 12, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-1859

    Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a... Read more

    Affected Products : fedora qt qt
    • EPSS Score: %4.40
    • Published: May. 12, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-1858

    Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP im... Read more

    Affected Products : fedora qt qt
    • EPSS Score: %2.45
    • Published: May. 12, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-9326

    The automatic signature update functionality in the (1) Phone Home feature in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, GTM, and Link Controller 11.5.0 through 11.6.0, ASM 10.0.0 through 11.6.0, and PEM 11.3.0 through 11.6.0 and the (2) Call Home feature i... Read more

    • EPSS Score: %0.22
    • Published: May. 12, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-8619

    Cross-site scripting (XSS) vulnerability in the autolearn configuration page in Fortinet FortiWeb 5.1.2 through 5.3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : fortiweb
    • EPSS Score: %0.26
    • Published: May. 12, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-8618

    Cross-site scripting (XSS) vulnerability in the theme login page in Fortinet FortiADC D models before 4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    • EPSS Score: %0.26
    • Published: May. 12, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 290943 Results