Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2015-0941

    The Inetc plugin for Nullsoft Scriptable Install System (NSIS), as used in CERT/CC Failure Observation Engine (FOE) and other products, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and poss... Read more

    Affected Products : inetc
    • EPSS Score: %0.48
    • Published: Mar. 22, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-0898

    futomi CGI Cafe MP Form Mail CGI eCommerce before 2.0.12 on Windows allows remote attackers to execute arbitrary Perl code via unspecified vectors.... Read more

    Affected Products : mp_form_mail_cgi
    • EPSS Score: %0.70
    • Published: Mar. 21, 2015
    • Modified: Apr. 12, 2025

  • 6.4

    MEDIUM
    CVE-2015-0670

    The default configuration of Cisco Small Business IP phones SPA 300 7.5.5 and SPA 500 7.5.5 does not properly support authentication, which allows remote attackers to read audio-stream data or originate telephone calls via a crafted XML request, aka Bug I... Read more

    • EPSS Score: %0.53
    • Published: Mar. 21, 2015
    • Modified: Apr. 12, 2025

  • 6.4

    MEDIUM
    CVE-2015-0669

    The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 15.4S and 15.4(3)S allows remote attackers to modify configuration settings or cause a denial of service (partial service outage) by sending crafted Autonomic Networking (AN) messag... Read more

    Affected Products : ios
    • EPSS Score: %0.79
    • Published: Mar. 21, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-2564

    SQL injection vulnerability in client-edit.php in ProjectSend (formerly cFTP) r561 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to users-edit.php.... Read more

    Affected Products : projectsend
    • EPSS Score: %2.99
    • Published: Mar. 20, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-2563

    SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 0.9.9 and 1.2.3 allows remote attackers to execute arbitrary SQL commands via the order_by parameter. NOTE: The cat parameter vector is already covered by CVE-2008-4157.... Read more

    Affected Products : phpvid
    • EPSS Score: %0.52
    • Published: Mar. 20, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-2562

    Multiple SQL injection vulnerabilities in the Web-Dorado ECommerce WD (com_ecommercewd) component 1.2.5 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) search_category_id, (2) sort_order, or (3) filter_manufacturer_ids in ... Read more

    Affected Products : ecommerce_wd
    • EPSS Score: %41.48
    • Published: Mar. 20, 2015
    • Modified: Apr. 12, 2025

  • 8.5

    HIGH
    CVE-2015-1804

    The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memo... Read more

    Affected Products : ubuntu_linux debian_linux libxfont
    • EPSS Score: %3.25
    • Published: Mar. 20, 2015
    • Modified: Apr. 12, 2025

  • 8.5

    HIGH
    CVE-2015-1803

    The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service (NULL pointer derefere... Read more

    Affected Products : ubuntu_linux debian_linux libxfont
    • EPSS Score: %2.29
    • Published: Mar. 20, 2015
    • Modified: Apr. 12, 2025

  • 8.5

    HIGH
    CVE-2015-1802

    The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a (1) negative o... Read more

    Affected Products : ubuntu_linux debian_linux libxfont
    • EPSS Score: %2.29
    • Published: Mar. 20, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-0671

    The DNS implementation in Cisco Videoscape Distribution Suite for Internet Streaming (VDS-IS) 3.2(1) allows remote attackers to cause a denial of service (CPU consumption and network-resource consumption) via crafted packets, aka Bug ID CSCun15911.... Read more

    • EPSS Score: %0.44
    • Published: Mar. 20, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-0668

    Cross-site scripting (XSS) vulnerability in the administration portal in Cisco WebEx Meetings Server 2.5 and 2.5.99.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuq66737.... Read more

    Affected Products : webex_meetings_server
    • EPSS Score: %0.26
    • Published: Mar. 20, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2015-1787

    The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL 1.0.2 before 1.0.2a, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allows remote attackers to cause a denial of service (daemon crash) via a ClientKeyE... Read more

    Affected Products : openssl
    • EPSS Score: %10.31
    • Published: Mar. 19, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-0293

    The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message... Read more

    Affected Products : openssl
    • EPSS Score: %7.48
    • Published: Mar. 19, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-0292

    Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (memory corruption... Read more

    Affected Products : openssl
    • EPSS Score: %6.38
    • Published: Mar. 19, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-0291

    The sigalgs implementation in t1_lib.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by using an invalid signature_algorithms extension in the ClientHello message during a r... Read more

    Affected Products : openssl
    • EPSS Score: %12.04
    • Published: Mar. 19, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-0290

    The multi-block feature in the ssl3_write_bytes function in s3_pkt.c in OpenSSL 1.0.2 before 1.0.2a on 64-bit x86 platforms with AES NI support does not properly handle certain non-blocking I/O cases, which allows remote attackers to cause a denial of ser... Read more

    Affected Products : openssl
    • EPSS Score: %12.30
    • Published: Mar. 19, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-0289

    The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and ... Read more

    Affected Products : openssl
    • EPSS Score: %5.76
    • Published: Mar. 19, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-0288

    The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an... Read more

    Affected Products : openssl
    • EPSS Score: %5.45
    • Published: Mar. 19, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-0287

    The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of ser... Read more

    Affected Products : openssl
    • EPSS Score: %5.06
    • Published: Mar. 19, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 290940 Results