Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2015-1434

    Multiple SQL injection vulnerabilities in my little forum before 2.3.4 allow remote administrators to execute arbitrary SQL commands via the (1) letter parameter in a user action or (2) edit_category parameter to index.php.... Read more

    Affected Products : my_little_forum
    • EPSS Score: %0.44
    • Published: Feb. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.9

    MEDIUM
    CVE-2015-0268

    The vgic_v2_to_sgi function in arch/arm/vgic-v2.c in Xen 4.5.x, when running on ARM hardware with general interrupt controller (GIC) version 2, allows local guest users to cause a denial of service (host crash) by writing an invalid value to the GICD.SGIR... Read more

    Affected Products : xen
    • EPSS Score: %0.05
    • Published: Feb. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-0260

    RhodeCode before 2.2.7 and Kallithea 0.1 allows remote authenticated users to obtain API keys and other sensitive information via the get_repo API method.... Read more

    • EPSS Score: %0.26
    • Published: Feb. 16, 2015
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2014-9375

    Directory traversal vulnerability in the LibraryFileUploadServlet servlet in Lexmark Markvision Enterprise allows remote authenticated users to write to and execute arbitrary files via a .. (dot dot) in a file path in a ZIP archive.... Read more

    Affected Products : markvision_enterprise
    • EPSS Score: %1.99
    • Published: Feb. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-1608

    Topline Opportunity Form (aka XLS Opp form) before 2015-02-15 does not properly restrict access to database-connection strings, which allows attackers to read the cleartext version of sensitive credential and e-mail address information via unspecified vec... Read more

    Affected Products : opportunity_form
    • EPSS Score: %0.40
    • Published: Feb. 16, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-1474

    Multiple integer overflows in the GraphicBuffer::unflatten function in platform/frameworks/native/libs/ui/GraphicBuffer.cpp in Android through 5.0 allow attackers to gain privileges or cause a denial of service (memory corruption) via vectors that trigger... Read more

    Affected Products : android
    • EPSS Score: %10.09
    • Published: Feb. 16, 2015
    • Modified: Apr. 12, 2025

  • 7.1

    HIGH
    CVE-2015-0609

    Race condition in the Common Classification Engine (CCE) in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted netw... Read more

    Affected Products : ios
    • EPSS Score: %0.62
    • Published: Feb. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-6137

    Cross-site scripting (XSS) vulnerability in the Relay Diagnostic page in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : tivoli_endpoint_manager
    • EPSS Score: %1.23
    • Published: Feb. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-6113

    Cross-site scripting (XSS) vulnerability in the Web Reports component in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : tivoli_endpoint_manager
    • EPSS Score: %0.24
    • Published: Feb. 16, 2015
    • Modified: Apr. 12, 2025

  • 6.4

    MEDIUM
    CVE-2014-0227

    java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers... Read more

    Affected Products : tomcat
    • EPSS Score: %86.00
    • Published: Feb. 16, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-1574

    The Google Email application 4.2.2.0200 for Android allows remote attackers to cause a denial of service (persistent application crash) via a "Content-Disposition: ;" header in an e-mail message.... Read more

    Affected Products : email
    • EPSS Score: %1.62
    • Published: Feb. 15, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-7883

    HP Universal CMDB (UCMDB) Probe 9.05, 10.01, and 10.11 enables the HTTP TRACE method, which allows remote attackers to obtain sensitive information by reading the headers of a response.... Read more

    • EPSS Score: %53.16
    • Published: Feb. 15, 2015
    • Modified: Apr. 12, 2025

  • 1.8

    LOW
    CVE-2015-0875

    The Ogaki Kyoritsu Bank Smartphone Passbook application 1.0.0 for Android creates a log file containing input data from the user, which allows attackers to obtain sensitive information by reading a file.... Read more

    • EPSS Score: %0.09
    • Published: Feb. 15, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-0519

    The InputAccel Database (IADB) installation process in EMC Captiva Capture 7.0 before patch 25 and 7.1 before patch 13 places a cleartext InputAccel (IA) SQL password in a DAL log file, which allows local users to obtain sensitive information by reading a... Read more

    Affected Products : captiva_capture
    • EPSS Score: %0.07
    • Published: Feb. 14, 2015
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2015-0518

    The Properties service in the D2FS web-service component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 allows remote authenticated users to obtain superuser privileges via an unspecified method call that modifies gro... Read more

    Affected Products : documentum_d2
    • EPSS Score: %1.16
    • Published: Feb. 14, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-0517

    The D2-API component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 places the MD5 hash of an encryption passphrase in log files, which allows remote authenticated users to obtain sensitive information by reading a fi... Read more

    Affected Products : documentum_d2
    • EPSS Score: %0.22
    • Published: Feb. 14, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-0931

    Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1, when the Saxon XSLT parser is used, allows remote attackers to execute arbitrary code via a crafted XSLT document, related to a "resource injection" issue.... Read more

    Affected Products : ektron_content_management_system
    • EPSS Score: %2.69
    • Published: Feb. 14, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-0923

    The ContentBlockEx method in Workarea/ServerControlWS.asmx in Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an ent... Read more

    Affected Products : ektron_content_management_system
    • EPSS Score: %77.78
    • Published: Feb. 14, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-8911

    Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.0.0 and 2.0.1 before 2.0.1.2 FP002 IF003 and 2.0.3 before 2.0.3.2 FP002 allows remote attackers to inject arbitrary web script or HTML via the Accept-Language HTTP header.... Read more

    Affected Products : content_navigator
    • EPSS Score: %0.24
    • Published: Feb. 14, 2015
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2014-6195

    The (1) Java GUI and (2) Web GUI components in the IBM Tivoli Storage Manager (TSM) Backup-Archive client 5.4 and 5.5 before 5.5.4.4 on AIX, Linux, and Solaris; 5.4.x and 5.5.x on Windows and z/OS; 6.1 before 6.1.5.7 on z/OS; 6.1 and 6.2 before 6.2.5.2 on... Read more

    • EPSS Score: %0.04
    • Published: Feb. 14, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 290981 Results