Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2015-2053

    The log viewer in McAfee Agent (MA) before 4.8.0 Patch 3 and 5.0.0, when the "Accept connections only from the ePO server" option is disabled, allows remote attackers to conduct clickjacking attacks via a crafted web page, aka an "http-generic-click-jacki... Read more

    Affected Products : mcafee_agent
    • EPSS Score: %0.24
    • Published: Feb. 23, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-2052

    Stack-based buffer overflow in the DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary code via a long string in a GetDeviceSettings action to the HNAP interface.... Read more

    Affected Products : dir-645_firmware dir-645
    • EPSS Score: %11.65
    • Published: Feb. 23, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-2051

    The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface.... Read more

    Affected Products : dir-645_firmware dir-645
    • Actively Exploited
    • EPSS Score: %90.73
    • Published: Feb. 23, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-2050

    D-Link DAP-1320 Rev Ax with firmware before 1.21b05 allows attackers to execute arbitrary commands via unspecified vectors.... Read more

    Affected Products : dap-1320_firmware dap-1320
    • EPSS Score: %1.61
    • Published: Feb. 23, 2015
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2015-2049

    Unrestricted file upload vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension.... Read more

    Affected Products : dcs-931l_firmware dcs-931l
    • EPSS Score: %82.87
    • Published: Feb. 23, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-2048

    Cross-site request forgery (CSRF) vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.... Read more

    Affected Products : dcs-931l_firmware dcs-931l
    • EPSS Score: %0.07
    • Published: Feb. 23, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2015-2047

    The rsaauth extension in TYPO3 4.3.0 through 4.3.14, 4.4.0 through 4.4.15, 4.5.0 through 4.5.39, and 4.6.0 through 4.6.18, when configured for the frontend, allows remote attackers to bypass authentication via a password that is casted to an empty value.... Read more

    Affected Products : debian_linux typo3
    • EPSS Score: %0.77
    • Published: Feb. 23, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-1589

    Directory traversal vulnerability in arCHMage 0.2.4 allows remote attackers to write to arbitrary files via a .. (dot dot) in a CHM file.... Read more

    Affected Products : archmage
    • EPSS Score: %0.46
    • Published: Feb. 23, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-1426

    Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node.... Read more

    Affected Products : facter facter
    • EPSS Score: %0.06
    • Published: Feb. 23, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-1315

    Buffer overflow in the charset_to_intern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string from CP866 to UTF-8.... Read more

    Affected Products : ubuntu_linux unzip
    • EPSS Score: %10.61
    • Published: Feb. 23, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-7922

    The GoogleAuthUtil.getToken method in the Google Play services SDK before 2015 sets parameters in OAuth token requests upon finding a corresponding _opt_ parameter in the Bundle extras argument, which allows attackers to bypass an intended consent dialog ... Read more

    Affected Products : play_services_sdk
    • EPSS Score: %0.10
    • Published: Feb. 23, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2014-6184

    Stack-based buffer overflow in dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4 through 5.4.3.6, 5.5 through 5.5.4.3, 6.1 through 6.1.5.6, 6.2 before 6.2.5.4, and 6.3 before 6.3.2.3 on UNIX, Linux, and OS X allows local users to gain privilege... Read more

    • EPSS Score: %0.04
    • Published: Feb. 22, 2015
    • Modified: Apr. 12, 2025

  • 7.1

    HIGH
    CVE-2015-0631

    Race condition in the SSL implementation on Cisco Intrusion Prevention System (IPS) devices allows remote attackers to cause a denial of service by making many management-interface HTTPS connections during the key-regeneration phase of an upgrade, aka Bug... Read more

    • EPSS Score: %0.44
    • Published: Feb. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-0624

    The web framework in Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), and Web Security Appliance (WSA) devices allows remote attackers to trigger redirects via a crafted HTTP header, aka Bug IDs CSCur44412, CSC... Read more

    • EPSS Score: %0.15
    • Published: Feb. 21, 2015
    • Modified: Apr. 12, 2025

  • 7.1

    HIGH
    CVE-2015-0618

    Cisco IOS XR 5.0.1 and 5.2.1 on Network Convergence System (NCS) 6000 devices and 5.1.3 and 5.1.4 on Carrier Routing System X (CRS-X) devices allows remote attackers to cause a denial of service (line-card reload) via malformed IPv6 packets with extension... Read more

    • EPSS Score: %0.56
    • Published: Feb. 21, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-0331

    Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability... Read more

    • EPSS Score: %9.41
    • Published: Feb. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-2040

    Cross-site scripting (XSS) vulnerability in the Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin 2.8.26 for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit_time parameter in the CF7DBPlugin... Read more

    Affected Products : contact_form_db
    • EPSS Score: %0.17
    • Published: Feb. 20, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-2039

    Multiple cross-site request forgery (CSRF) vulnerabilities in the Acobot Live Chat & Contact Form plugin 2.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings or (2) conduct cr... Read more

    Affected Products : acobot_live_chat_\&_contact_form
    • EPSS Score: %0.10
    • Published: Feb. 20, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-2035

    SQL injection vulnerability in the administrative backend in Piwigo before 2.7.4 allows remote administrators to execute arbitrary SQL commands via the user parameter in the history page to admin.php.... Read more

    Affected Products : piwigo
    • EPSS Score: %0.61
    • Published: Feb. 20, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-2034

    Cross-site scripting (XSS) vulnerability in the administrative backend in Piwigo before 2.7.4 allows remote attackers to inject arbitrary web script or HTML via the page parameter to admin.php.... Read more

    Affected Products : piwigo
    • EPSS Score: %0.62
    • Published: Feb. 20, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 290978 Results