Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2015-0715

    SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug IDs CSCut33447 and CSCut33608.... Read more

    • EPSS Score: %0.29
    • Published: May. 07, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-0701

    Cisco UCS Central Software before 1.3(1a) allows remote attackers to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCut46961.... Read more

    • EPSS Score: %1.07
    • Published: May. 07, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-0538

    ftagent.exe in EMC AutoStart 5.4.x and 5.5.x before 5.5.0.508 HF4 allows remote attackers to execute arbitrary commands via crafted packets.... Read more

    Affected Products : autostart
    • EPSS Score: %5.86
    • Published: May. 07, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-0531

    EMC SourceOne Email Management before 7.2 does not have a lockout mechanism for invalid login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.... Read more

    Affected Products : sourceone_email_management
    • EPSS Score: %0.26
    • Published: May. 07, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-0714

    Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse Server 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCut53595.... Read more

    Affected Products : finesse
    • EPSS Score: %0.26
    • Published: May. 02, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-3633

    Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via vectors related to digital signatures.... Read more

    • EPSS Score: %0.11
    • Published: May. 01, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-3632

    Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted GIF in a PDF file.... Read more

    • EPSS Score: %6.75
    • Published: May. 01, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-3446

    The Framework Daemon in AlienVault Unified Security Management before 4.15 allows remote attackers to execute arbitrary Python code via a crafted plugin configuration file (.cfg).... Read more

    Affected Products : unified_security_management
    • EPSS Score: %1.47
    • Published: May. 01, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-3435

    Samsung Security Manager (SSM) before 1.31 allows remote attackers to execute arbitrary code by uploading a file with an HTTP (1) PUT or (2) MOVE request.... Read more

    Affected Products : samsung_security_manager
    • EPSS Score: %7.62
    • Published: May. 01, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-3337

    Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors.... Read more

    Affected Products : elasticsearch
    • EPSS Score: %90.73
    • Published: May. 01, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-3153

    The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.... Read more

    • EPSS Score: %4.91
    • Published: May. 01, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-2248

    Cross-site request forgery (CSRF) vulnerability in the user portal in Dell SonicWALL Secure Remote Access (SRA) products with firmware before 7.5.1.0-38sv and 8.x before 8.0.0.1-16sv allows remote attackers to hijack the authentication of users for reques... Read more

    • EPSS Score: %2.68
    • Published: May. 01, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-0257

    Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses weak permissions on the directories shared by the ovirt-engine-dwhd service and a plugin during service startup, which allows local users to obtain sensitive information by reading files i... Read more

    Affected Products : enterprise_virtualization_manager
    • EPSS Score: %0.04
    • Published: May. 01, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-0237

    Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 ignores the permission to deny snapshot creation during live storage migration between domains, which allows remote authenticated users to cause a denial of service (prevent host start) by crea... Read more

    Affected Products : enterprise_virtualization_manager
    • EPSS Score: %0.42
    • Published: May. 01, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-8361

    The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.... Read more

    • Actively Exploited
    • EPSS Score: %94.03
    • Published: May. 01, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-3598

    The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image.... Read more

    Affected Products : opensuse pillow
    • EPSS Score: %0.40
    • Published: May. 01, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-1250

    Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.135 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.... Read more

    • EPSS Score: %1.10
    • Published: May. 01, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-1243

    Use-after-free vulnerability in the MutationObserver::disconnect function in core/dom/MutationObserver.cpp in the DOM implementation in Blink, as used in Google Chrome before 42.0.2311.135, allows remote attackers to cause a denial of service or possibly ... Read more

    • EPSS Score: %1.76
    • Published: May. 01, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-0914

    EasyCTF before 1.4 does not validate the session ID, which allows remote attackers to obtain access via a crafted HTTP request.... Read more

    Affected Products : easyctf
    • EPSS Score: %0.22
    • Published: May. 01, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-0913

    Cross-site scripting (XSS) vulnerability in EasyCTF before 1.4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : easyctf
    • EPSS Score: %0.21
    • Published: May. 01, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 292247 Results