Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    MEDIUM
    CVE-2015-2293

    Multiple cross-site request forgery (CSRF) vulnerabilities in admin/class-bulk-editor-list-table.php in the WordPress SEO by Yoast plugin before 1.5.7, 1.6.x before 1.6.4, and 1.7.x before 1.7.4 for WordPress allow remote attackers to hijack the authentic... Read more

    Affected Products : wordpress_seo yoast_seo
    • EPSS Score: %1.26
    • Published: Mar. 17, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-2292

    Multiple SQL injection vulnerabilities in admin/class-bulk-editor-list-table.php in the WordPress SEO by Yoast plugin before 1.5.7, 1.6.x before 1.6.4, and 1.7.x before 1.7.4 for WordPress allow remote authenticated users to execute arbitrary SQL commands... Read more

    Affected Products : wordpress_seo yoast_seo
    • EPSS Score: %6.96
    • Published: Mar. 17, 2015
    • Modified: Apr. 12, 2025

  • 6.6

    MEDIUM
    CVE-2015-0665

    The Hostscan module in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary files via crafted IPC messages, aka Bug ID CSCus79173.... Read more

    Affected Products : anyconnect_secure_mobility_client
    • EPSS Score: %0.08
    • Published: Mar. 17, 2015
    • Modified: Apr. 12, 2025

  • 6.6

    MEDIUM
    CVE-2015-0663

    Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier does not properly implement access control for IPC messages, which allows local users to write to arbitrary files via crafted messages, aka Bug ID CSCus79392.... Read more

    Affected Products : anyconnect_secure_mobility_client
    • EPSS Score: %0.08
    • Published: Mar. 17, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-0662

    Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to gain privileges via crafted IPC messages that trigger use of root privileges for a software-package installation, aka Bug ID CSCus79385.... Read more

    Affected Products : anyconnect_secure_mobility_client
    • EPSS Score: %0.08
    • Published: Mar. 17, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-0778

    osc before 0.151.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a _service file.... Read more

    Affected Products : fedora opensuse opensuse_osc
    • EPSS Score: %0.90
    • Published: Mar. 16, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-9687

    eCryptfs 104 and earlier uses a default salt to encrypt the mount passphrase, which makes it easier for attackers to obtain user passwords via a brute force attack.... Read more

    Affected Products : ecryptfs-utils
    • EPSS Score: %0.52
    • Published: Mar. 16, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-1593

    The stack randomization feature in the Linux kernel before 3.19.1 on 64-bit platforms uses incorrect data types for the results of bitwise left-shift operations, which makes it easier for attackers to bypass the ASLR protection mechanism by predicting the... Read more

    Affected Products : linux_kernel
    • EPSS Score: %1.16
    • Published: Mar. 16, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-1421

    Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggeri... Read more

    Affected Products : linux_kernel ubuntu_linux debian_linux
    • EPSS Score: %25.94
    • Published: Mar. 16, 2015
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2015-1420

    Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a fil... Read more

    Affected Products : linux_kernel debian_linux
    • EPSS Score: %0.04
    • Published: Mar. 16, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-0274

    The XFS implementation in the Linux kernel before 3.15 improperly uses an old size value during remote attribute replacement, which allows local users to cause a denial of service (transaction overrun and data corruption) or possibly gain privileges by le... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.05
    • Published: Mar. 16, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2014-8173

    The pmd_none_or_trans_huge_or_clear_bad function in include/asm-generic/pgtable.h in the Linux kernel before 3.13 on NUMA systems does not properly determine whether a Page Middle Directory (PMD) entry is a transparent huge-table entry, which allows local... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.04
    • Published: Mar. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.9

    MEDIUM
    CVE-2014-8172

    The filesystem implementation in the Linux kernel before 3.13 performs certain operations on lists of files with an inappropriate locking approach, which allows local users to cause a denial of service (soft lockup or system crash) via unspecified use of ... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.10
    • Published: Mar. 16, 2015
    • Modified: Apr. 12, 2025

  • 6.9

    MEDIUM
    CVE-2014-8159

    The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physic... Read more

    Affected Products : linux_kernel ubuntu_linux debian_linux
    • EPSS Score: %0.08
    • Published: Mar. 16, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2014-7822

    The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service (system crash) or possibly have unspecifi... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.68
    • Published: Mar. 16, 2015
    • Modified: Apr. 12, 2025

  • 6.4

    MEDIUM
    CVE-2015-2304

    Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive.... Read more

    Affected Products : ubuntu_linux opensuse libarchive
    • EPSS Score: %2.98
    • Published: Mar. 15, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-2107

    HP Operations Manager i Management Pack 1.x before 1.01 for SAP allows local users to execute OS commands by leveraging SAP administrative privileges.... Read more

    • EPSS Score: %0.03
    • Published: Mar. 14, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-0982

    Buffer overflow in an unspecified DLL in Schneider Electric Pelco DS-NVs before 7.8.90 allows remote attackers to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : pelco_ds-nv
    • EPSS Score: %2.56
    • Published: Mar. 14, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-0981

    The SOAP web interface in SCADA Engine BACnet OPC Server before 2.1.371.24 allows remote attackers to bypass authentication and read or write to arbitrary database fields via unspecified vectors.... Read more

    Affected Products : bacnet_opc_server
    • EPSS Score: %0.47
    • Published: Mar. 14, 2015
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2015-0980

    Format string vulnerability in BACnOPCServer.exe in the SOAP web interface in SCADA Engine BACnet OPC Server before 2.1.371.24 allows remote attackers to execute arbitrary code via format string specifiers in a request.... Read more

    Affected Products : bacnet_opc_server
    • EPSS Score: %1.56
    • Published: Mar. 14, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291551 Results