Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2015-0056

    Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1623... Read more

    Affected Products : internet_explorer
    • EPSS Score: %24.07
    • Published: Mar. 11, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-0032

    vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Internet Explorer 8 through 11 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "VBScript Me... Read more

    Affected Products : internet_explorer vbscript
    • EPSS Score: %18.90
    • Published: Mar. 11, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-0005

    The NETLOGON service in Microsoft Windows Server 2003 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2, when a Domain Controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, ... Read more

    • EPSS Score: %1.79
    • Published: Mar. 11, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-1067

    Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafte... Read more

    Affected Products : mac_os_x iphone_os tvos
    • EPSS Score: %4.80
    • Published: Mar. 11, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-2217

    Multiple cross-site scripting (XSS) vulnerabilities in Ultimate PHP Board (aka myUPB) before 2.2.8 allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to search.php or (2) avatar parameter to profile.php.... Read more

    Affected Products : ultimate_php_board
    • EPSS Score: %0.30
    • Published: Mar. 10, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-2184

    ZeusCart 4 allows remote attackers to obtain configuration information via a getphpinfo action to admin/, which calls the phpinfo function.... Read more

    Affected Products : zeuscart
    • EPSS Score: %11.47
    • Published: Mar. 10, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-2183

    Multiple SQL injection vulnerabilities in the administrative backend in ZeusCart 4 allow remote administrators to execute arbitrary SQL commands via the id parameter in a (1) disporders detail or (2) subadminmgt edit action or (3) cid parameter in an edit... Read more

    Affected Products : zeuscart
    • EPSS Score: %3.98
    • Published: Mar. 10, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-0271

    The log-viewing function in the Red Hat redhat-access-plugin before 6.0.3 for OpenStack Dashboard (horizon) allows remote attackers to read arbitrary files via a crafted path.... Read more

    Affected Products : openstack
    • EPSS Score: %0.20
    • Published: Mar. 10, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-0201

    The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors.... Read more

    Affected Products : spring_framework spring_framework
    • EPSS Score: %0.29
    • Published: Mar. 10, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-9566

    Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwinds Orion Platform 2015.1, as used in Network Performance Monitor (NPM) before 11.5, NetFlow Traffic Analyzer (NTA) before 4.1, Network ... Read more

    • EPSS Score: %78.93
    • Published: Mar. 10, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-8112

    389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before 1.3.3.9 stores "unhashed" passwords even when the nsslapd-unhashed-pw-switch option is set to off, which allows remote authenticated users to obtain sensitive information by reading... Read more

    Affected Products : fedora 389_directory_server
    • EPSS Score: %0.27
    • Published: Mar. 10, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-8105

    389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the "cn=changelog" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors.... Read more

    Affected Products : fedora 389_directory_server
    • EPSS Score: %0.44
    • Published: Mar. 10, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-2244

    Multiple cross-site scripting (XSS) vulnerabilities in Webshop hun 1.062S allow remote attackers to inject arbitrary web script or HTML via the (1) param, (2) center, (3) lap, (4) termid, or (5) nyelv_id parameter to index.php.... Read more

    Affected Products : webshop_hun
    • EPSS Score: %0.25
    • Published: Mar. 09, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-2243

    Directory traversal vulnerability in Webshop hun 1.062S allows remote attackers to have unspecified impact via directory traversal sequences in the mappa parameter to index.php.... Read more

    Affected Products : webshop_hun
    • EPSS Score: %0.57
    • Published: Mar. 09, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-2242

    Multiple SQL injection vulnerabilities in Webshop hun 1.062S allow remote attackers to execute arbitrary SQL commands via the (1) termid or (2) nyelv_id parameter to index.php.... Read more

    Affected Products : webshop_hun
    • EPSS Score: %0.33
    • Published: Mar. 09, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-2206

    libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which... Read more

    Affected Products : fedora phpmyadmin
    • EPSS Score: %0.92
    • Published: Mar. 09, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-7898

    The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : windows ole_point_of_sale_driver
    • EPSS Score: %28.81
    • Published: Mar. 09, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-7897

    The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSScanner.ocx for Imaging Barcode scanners, Linear Barcode scanners, Presentation Barcode scanner... Read more

    • EPSS Score: %28.81
    • Published: Mar. 09, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-7895

    The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSCashDrawer.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid PO... Read more

    • EPSS Score: %28.81
    • Published: Mar. 09, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-7894

    The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSPOSPrinter.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid PO... Read more

    • EPSS Score: %30.08
    • Published: Mar. 09, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 290954 Results