Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    MEDIUM
    CVE-2014-6214

    Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF15 and 8.5.0 before CF05 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.... Read more

    Affected Products : websphere_portal
    • EPSS Score: %0.12
    • Published: Mar. 13, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-6144

    Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager (RQM) 2.x and 3.x before 3.0.1.6 iFix 5, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.... Read more

    Affected Products : rational_quality_manager
    • EPSS Score: %0.17
    • Published: Mar. 13, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-2275

    Cross-site scripting (XSS) vulnerability in WoltLab Community Gallery 2.0 before 2014-12-26 allows remote attackers to inject arbitrary web script or HTML via the parameters[data][7][title] parameter in a saveImageData action to index.php/AJAXProxy.... Read more

    Affected Products : community_gallery
    • EPSS Score: %10.78
    • Published: Mar. 12, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-2237

    Multiple SQL injection vulnerabilities in Betster (aka PHP Betoffice) 1.0.4 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) showprofile.php or (2) categoryedit.php or (3) username parameter in a login to index.php.... Read more

    Affected Products : betster
    • EPSS Score: %0.94
    • Published: Mar. 12, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-2285

    The logrotation script (/etc/cron.daily/upstart) in the Ubuntu Upstart package before 1.13.2-0ubuntu9, as used in Ubuntu Vivid 15.04, allows local users to execute arbitrary commands and gain privileges via a crafted file in /run/user/*/upstart/sessions/.... Read more

    Affected Products : upstart vivid
    • EPSS Score: %0.67
    • Published: Mar. 12, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-2241

    Cross-site scripting (XSS) vulnerability in the contents function in admin/helpers.py in Django before 1.7.6 and 1.8 before 1.8b2 allows remote attackers to inject arbitrary web script or HTML via a model attribute in ModelAdmin.readonly_fields, as demons... Read more

    Affected Products : django
    • EPSS Score: %0.26
    • Published: Mar. 12, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-2208

    The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the object parameter.... Read more

    Affected Products : phpmoadmin
    • EPSS Score: %88.27
    • Published: Mar. 12, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-2151

    The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly exec... Read more

    Affected Products : fedora debian_linux xen
    • EPSS Score: %0.23
    • Published: Mar. 12, 2015
    • Modified: Apr. 12, 2025

  • 4.9

    MEDIUM
    CVE-2015-2150

    Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory o... Read more

    Affected Products : linux_kernel xen ubuntu
    • EPSS Score: %0.11
    • Published: Mar. 12, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-2045

    The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors.... Read more

    Affected Products : fedora debian_linux xen
    • EPSS Score: %0.08
    • Published: Mar. 12, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-2044

    The emulation routines for unspecified X86 devices in Xen 3.2.x through 4.5.x does not properly initialize data, which allow local HVM guest users to obtain sensitive information via vectors involving an unsupported access size.... Read more

    Affected Products : xen
    • EPSS Score: %0.08
    • Published: Mar. 12, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-1066

    Off-by-one error in IOAcceleratorFamily in Apple OS X through 10.10.2 allows attackers to execute arbitrary code in a privileged context via a crafted app.... Read more

    Affected Products : mac_os_x mac_os_x
    • EPSS Score: %1.17
    • Published: Mar. 12, 2015
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2015-1065

    Multiple buffer overflows in iCloud Keychain in Apple iOS before 8.2 and Apple OS X through 10.10.2 allow man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream during keychain recovery.... Read more

    Affected Products : mac_os_x iphone_os
    • EPSS Score: %0.23
    • Published: Mar. 12, 2015
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2015-1064

    Springboard in Apple iOS before 8.2 allows physically proximate attackers to bypass an intended activation requirement and read the home screen by leveraging an application crash during the activation process.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.07
    • Published: Mar. 12, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-1063

    CoreTelephony in Apple iOS before 8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a Class 0 SMS message.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.69
    • Published: Mar. 12, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-1062

    MobileStorageMounter in Apple iOS before 8.2 and Apple TV before 7.1 does not delete invalid disk-image folders, which allows attackers to create folders in arbitrary filesystem locations via a crafted app.... Read more

    Affected Products : iphone_os tvos
    • EPSS Score: %0.34
    • Published: Mar. 12, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-1061

    IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages "type confusion" during serialized-object handling.... Read more

    Affected Products : mac_os_x iphone_os tvos
    • EPSS Score: %5.40
    • Published: Mar. 12, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-0525

    The Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary OS commands via unspecified vectors.... Read more

    Affected Products : secure_remote_services
    • EPSS Score: %1.83
    • Published: Mar. 12, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-0524

    SQL injection vulnerability in the Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.... Read more

    Affected Products : secure_remote_services
    • EPSS Score: %0.43
    • Published: Mar. 12, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-0523

    EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allow remote attackers to cause an Administration Server denial of service via an invalid MIME e-mail message with a multipart/* Content-Type he... Read more

    • EPSS Score: %1.32
    • Published: Mar. 12, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 290940 Results