Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2015-0604

    The web framework on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to upload files to arbitrary locations on a phone's filesystem via crafted HTTP requests, aka Bug ID CSCup90424.... Read more

    • EPSS Score: %0.18
    • Published: Feb. 07, 2015
    • Modified: Apr. 12, 2025

  • 4.6

    MEDIUM
    CVE-2015-0603

    Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier use weak permissions for unspecified files, which allows local users to cause a denial of service (persistent hang or reboot) by writing to a phone's filesystem, aka Bug ID CSCup90474.... Read more

    • EPSS Score: %0.06
    • Published: Feb. 07, 2015
    • Modified: Apr. 12, 2025

  • 4.6

    MEDIUM
    CVE-2015-0601

    Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allow local users to cause a denial of service (device reload) via crafted commands, aka Bug ID CSCup92790.... Read more

    • EPSS Score: %0.26
    • Published: Feb. 07, 2015
    • Modified: Apr. 12, 2025

  • 6.3

    MEDIUM
    CVE-2013-5557

    The Proxy Bypass Content Rewriter feature in the WebVPN subsystem in Cisco Adaptive Security Appliance (ASA) Software 9.1(.2) and earlier allows remote authenticated users to cause a denial of service (device crash or error-recovery event) via an HTTP req... Read more

    • EPSS Score: %0.34
    • Published: Feb. 07, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-1514

    Multiple SQL injection vulnerabilities in FancyFon FAMOC before 3.17.4 allow (1) remote attackers to execute arbitrary SQL commands via the device ID REST parameter (PATH_INFO) to /ajax.php or (2) remote authenticated users to execute arbitrary SQL comman... Read more

    Affected Products : famoc
    • EPSS Score: %0.36
    • Published: Feb. 06, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-1513

    SQL injection vulnerability in SIPhone Enterprise PBX allows remote attackers to execute arbitrary SQL commands via the Username.... Read more

    Affected Products : siphone_enterprise_pbx
    • EPSS Score: %0.31
    • Published: Feb. 06, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-1512

    Multiple cross-site scripting (XSS) vulnerabilities in FancyFon FAMOC before 3.17.4 allow remote attackers to inject arbitrary web script or HTML via the (1) LoginForm[username] to ui/system/login or the (2) order or (3) myorgs to index.php.... Read more

    Affected Products : famoc
    • EPSS Score: %0.25
    • Published: Feb. 06, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-1467

    Multiple SQL injection vulnerabilities in Translations in Fork CMS before 3.8.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) language[] or (2) type[] parameter to private/en/locale/index.... Read more

    Affected Products : fork_cms
    • EPSS Score: %1.34
    • Published: Feb. 06, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-1444

    Multiple cross-site scripting (XSS) vulnerabilities in the web administration frontend in the httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30 allow remote attackers to inject arbitrary web script or HTML via the (1) conntrack.cgi, (2) index... Read more

    Affected Products : fli4l
    • EPSS Score: %0.40
    • Published: Feb. 06, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-1442

    SQL injection vulnerability in views/zero_transact_user.php in the administrative backend in ZeroCMS 1.3.3, 1.3.2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the user_id parameter in a Modify Account action. NOTE:... Read more

    Affected Products : zerocms
    • EPSS Score: %1.00
    • Published: Feb. 06, 2015
    • Modified: Apr. 12, 2025

  • 6.9

    MEDIUM
    CVE-2015-1305

    McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted (1) 0x00224014 or (2) 0x0022c018 IOCTL call.... Read more

    • EPSS Score: %0.57
    • Published: Feb. 06, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2014-9643

    K7Sentry.sys in K7 Computing Ultimate Security, Anti-Virus Plus, and Total Security before 14.2.0.253 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x95002570, 0x95002574, 0x95002580, 0x950025a8... Read more

    • EPSS Score: %0.73
    • Published: Feb. 06, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2014-9642

    bdagent.sys in BullGuard Antivirus, Internet Security, Premium Protection, and Online Backup before 15.0.288 allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted 0x0022405c IOCTL call.... Read more

    • EPSS Score: %1.28
    • Published: Feb. 06, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2014-9641

    The tmeext.sys driver before 2.0.0.1015 in Trend Micro Antivirus Plus, Internet Security, and Maximum Security allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x00222400 IOCTL call.... Read more

    Affected Products : tmeext.sys
    • EPSS Score: %0.48
    • Published: Feb. 06, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-9636

    unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression.... Read more

    Affected Products : ubuntu_linux fedora debian_linux unzip
    • EPSS Score: %66.08
    • Published: Feb. 06, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2014-9632

    The TDI driver (avgtdix.sys) in AVG Internet Security before 2013.3495 Hot Fix 18 and 2015.x before 2015.5315 and Protection before 2015.5315 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x8300... Read more

    Affected Products : internet_security protection
    • EPSS Score: %0.86
    • Published: Feb. 06, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-1212

    Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android allow attackers to cause a denial of service or possibly have other impact via unknown vectors.... Read more

    • EPSS Score: %0.62
    • Published: Feb. 06, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-1211

    The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android does not properly restrict the URI scheme ... Read more

    • EPSS Score: %1.01
    • Published: Feb. 06, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-1210

    The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consid... Read more

    • EPSS Score: %0.70
    • Published: Feb. 06, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-1209

    Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0... Read more

    • EPSS Score: %1.41
    • Published: Feb. 06, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 290990 Results