Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2015-2108

    Unspecified vulnerability in Powershell Operations in HP Operations Orchestration 9.x and 10.x allows remote authenticated users to obtain sensitive information via unknown vectors.... Read more

    Affected Products : operations_orchestration
    • EPSS Score: %0.18
    • Published: Mar. 31, 2015
    • Modified: Apr. 12, 2025

  • 6.4

    MEDIUM
    CVE-2015-2106

    Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27, 3 before 1.82, and 4 before 2.10 allows remote attackers to bypass intended access restrictions or cause a denial of service via unknown vectors.... Read more

    • EPSS Score: %0.62
    • Published: Mar. 31, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-0901

    Cross-site scripting (XSS) vulnerability in the duwasai flashy theme 1.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : flashy
    • EPSS Score: %0.44
    • Published: Mar. 31, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-0900

    Cross-site scripting (XSS) vulnerability in schedule.cgi in Nishishi Factory Fumy Teacher's Schedule Board 1.10 through 2.21 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.... Read more

    Affected Products : fumy_teachers_schedule_board
    • EPSS Score: %0.31
    • Published: Mar. 31, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-7876

    Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27 and 4 before 2.03 and iLO Chassis Management (CM) firmware before 1.30 allows remote attackers to gain privileges, execute arbitrary code, or cause a denial of service via ... Read more

    • EPSS Score: %25.21
    • Published: Mar. 31, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-0985

    Cross-site request forgery (CSRF) vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to hijack the authentication of admins for requests that modify the default user's password via a GET request.... Read more

    Affected Products : 442sr_os 442sr
    • EPSS Score: %0.07
    • Published: Mar. 31, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-0984

    Directory traversal vulnerability in the FTP server on Honeywell Excel Web XL1000C50 52 I/O, XL1000C100 104 I/O, XL1000C500 300 I/O, XL1000C1000 600 I/O, XL1000C50U 52 I/O UUKL, XL1000C100U 104 I/O UUKL, XL1000C500U 300 I/O UUKL, and XL1000C1000U 600 I/O ... Read more

    • EPSS Score: %0.77
    • Published: Mar. 31, 2015
    • Modified: Apr. 12, 2025

  • 6.9

    MEDIUM
    CVE-2014-9209

    Untrusted search path vulnerability in the Clean Utility application in Rockwell Automation FactoryTalk Services Platform before 2.71.00 and FactoryTalk View Studio 8.00.00 and earlier allows local users to gain privileges via a Trojan horse DLL in an uns... Read more

    • EPSS Score: %0.01
    • Published: Mar. 31, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-2792

    The WPML plugin before 3.1.9 for WordPress does not properly handle multiple actions in a request, which allows remote attackers to bypass nonce checks and perform arbitrary actions via a request containing an action POST parameter, an action GET paramete... Read more

    Affected Products : wpml
    • EPSS Score: %0.58
    • Published: Mar. 30, 2015
    • Modified: Apr. 12, 2025

  • 6.4

    MEDIUM
    CVE-2015-2791

    The "menu sync" function in the WPML plugin before 3.1.9 for WordPress allows remote attackers to delete arbitrary posts, pages, and menus via a crafted request to sitepress-multilingual-cms/menu/menus-sync.php.... Read more

    Affected Products : wpml
    • EPSS Score: %17.44
    • Published: Mar. 30, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-2790

    Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted (1) Ubyte Size in a DataSubBlock structure or (2) LZWMinimumCodeSize in a GIF image.... Read more

    • EPSS Score: %54.48
    • Published: Mar. 30, 2015
    • Modified: Apr. 12, 2025

  • 4.4

    MEDIUM
    CVE-2015-2789

    Unquoted Windows search path vulnerability in the Foxit Cloud Safe Update Service in the Cloud plugin in Foxit Reader 6.1 through 7.0.6.1126 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder.... Read more

    Affected Products : foxit_reader reader
    • EPSS Score: %0.18
    • Published: Mar. 30, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-2172

    DokuWiki before 2014-05-05d and before 2014-09-29c does not properly check permissions for the ACL plugins, which allows remote authenticated users to gain privileges and add or delete ACL rules via a request to the XMLRPC API.... Read more

    Affected Products : dokuwiki
    • EPSS Score: %1.76
    • Published: Mar. 30, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-2171

    Middleware/SessionCookie.php in Slim before 2.6.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted session data.... Read more

    Affected Products : slim
    • EPSS Score: %0.56
    • Published: Mar. 30, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-1827

    The get_user_grouplist function in the extdom plug-in in FreeIPA before 4.1.4 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service (crash) via a group list request for a user that be... Read more

    Affected Products : fedora freeipa freeipa
    • EPSS Score: %1.18
    • Published: Mar. 30, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-1815

    The get_rpm_nvr_by_file_path_temporary function in util.py in setroubleshoot before 3.2.22 allows remote attackers to execute arbitrary commands via shell metacharacters in a file name.... Read more

    Affected Products : fedora setroubleshoot
    • EPSS Score: %36.47
    • Published: Mar. 30, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-1609

    MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers to cause a denial of service via a crafted UTF-8 string in a BSON request.... Read more

    Affected Products : fedora mongodb
    • EPSS Score: %1.35
    • Published: Mar. 30, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-0283

    The slapi-nis plug-in before 0.54.2 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a request for a (1) group with a large number of memb... Read more

    Affected Products : slapi-nis
    • EPSS Score: %1.80
    • Published: Mar. 30, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-2787

    Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that le... Read more

    • EPSS Score: %23.00
    • Published: Mar. 30, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-2348

    The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to bypass intended extension r... Read more

    • EPSS Score: %4.57
    • Published: Mar. 30, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 290954 Results